Policy based routing on Cat6513-SUP720b

Unanswered Question
Jul 18th, 2008

Hello All,

I have a question about policy based routing on Cat6500. I want to

split HTTP traffic and route it through proxy and route rest of the

traffic straight to the internet. The only thing that worries me is

will 6500 with sup720 be powerful enough to route 1-10Gbps of traffic

with PBR. I know that sup720 does PBR in hardware (PFC) but I want to

mach with acl on destination port so it will be L4 decision and I'm

not sure will it forward in hardware or will fallback to process

switching. My configuration would look like this:

Access-list 123 permit tcp any any eq 80

Access-list 123 permit tcp any any eq 443

Access-list 123 permit tcp any any eq ftp

=== or

access-list 123 permit ip any any dscp X



Route-map WEB permit 10

Match ip address 123

Set ip netx-hop


Interface vlan123

Ip vrf TESTS1

Ip address

Ip policy route-map WEB

Ip route-cache policy


I thought I would add another VRF in front of FWSM in 6500 and will

put PBR on it.

My physical design looks like this:

IP Cloud) <=>(Cisco SCE2020) <=>

(Cat6513Sup720<->VRF<->FWSM<->VRF<->ACE<->(OUT VRF)[rt import/export](VRF


Maybe it's worth to mark "interesting" traffic on SCE with DSCP or

something but I checked that on Cat6500 I can only do mach in

route-map on access-list …

All suggestions appreciated.



I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)


This Discussion