PBR & CEF

Unanswered Question
Feb 28th, 2009

hi friends,

CEF entries are made based on routing table and packet is forwardrd accordingly,then routing table is not processed for the same destination again - this is what i understood- correct me if i am wrong .

now the Q

What will happen to to a PBR packet which is cef switched in a 6500?

will the acl and policy get checked every time a packet enters the respective interface or based on the cef it will be forwarded ?

if the PBR is not checked -

if i edit the acl with out removing the Policy from interface what will be the impact ? will there be changes in cef table ? if so how ?

and

how can we see the cef entry for a PBR packet ( ip cef entry & ip mls cef entry are showing routing table next hop only)

please clarify .

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Edison Ortiz Sat, 02/28/2009 - 08:34

will the acl and policy get checked every time a packet enters the respective interface

Yes.

how can we see the cef entry for a PBR packet

Well, PBR in the 6500 is done mainly in hardware when using the following match|set commands within the route-map:

match ip address, set ip next-hop, and set ip default next-hop

Any other match|set commands will be done in software.

As you know, anything processed in hardware in the 6500 can't be logged or viewed via commands. Best way to check if the PBR is working is to traceroute from a device sitting behind the interface on which the PBR is applied.

HTH,

__

Edison.

rajivrajan1 Mon, 03/02/2009 - 22:25

hi ediortiz,

Thanx for ur reply - was helpful ( rated as well)

I have two STM-1s and servers transferring more than 50 GB data/day.but i could see only

(16633 matches) in the acl where the acl is called in route-map for the servers.

this acl matches are not cleared aleast for 1 week.

how this can happen ? can u please explain ?

Edison Ortiz Tue, 03/03/2009 - 06:18

In some cases, the PBR will be software switched hence causing matches in the log to appear.

Cases such as; switching module reset, first packet on the flow, among others.

If you see the matches increase as the PBR is working, it's not a good thing as PBR performance will be degraded.

If the matches you've illustrated remain static, then that amount was accrued when the PBR was being configured and some of the flows were software switched.

HTH,

__

Edison.

rajivrajan1 Thu, 03/05/2009 - 00:10

Thanx again.

Do u have any links/docs i can use to further read abt the same?

Actions

This Discussion