PBR & CEF

Unanswered Question
Feb 28th, 2009
User Badges:
  • Bronze, 100 points or more

hi friends,


CEF entries are made based on routing table and packet is forwardrd accordingly,then routing table is not processed for the same destination again - this is what i understood- correct me if i am wrong .



now the Q

What will happen to to a PBR packet which is cef switched in a 6500?

will the acl and policy get checked every time a packet enters the respective interface or based on the cef it will be forwarded ?


if the PBR is not checked -


if i edit the acl with out removing the Policy from interface what will be the impact ? will there be changes in cef table ? if so how ?


and


how can we see the cef entry for a PBR packet ( ip cef entry & ip mls cef entry are showing routing table next hop only)


please clarify .

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Edison Ortiz Sat, 02/28/2009 - 08:34
User Badges:
  • Super Bronze, 10000 points or more
  • Hall of Fame,

    Founding Member

will the acl and policy get checked every time a packet enters the respective interface


Yes.


how can we see the cef entry for a PBR packet


Well, PBR in the 6500 is done mainly in hardware when using the following match|set commands within the route-map:

match ip address, set ip next-hop, and set ip default next-hop


Any other match|set commands will be done in software.


As you know, anything processed in hardware in the 6500 can't be logged or viewed via commands. Best way to check if the PBR is working is to traceroute from a device sitting behind the interface on which the PBR is applied.


HTH,


__


Edison.


rajivrajan1 Mon, 03/02/2009 - 22:25
User Badges:
  • Bronze, 100 points or more

hi ediortiz,


Thanx for ur reply - was helpful ( rated as well)


I have two STM-1s and servers transferring more than 50 GB data/day.but i could see only

(16633 matches) in the acl where the acl is called in route-map for the servers.


this acl matches are not cleared aleast for 1 week.


how this can happen ? can u please explain ?

Edison Ortiz Tue, 03/03/2009 - 06:18
User Badges:
  • Super Bronze, 10000 points or more
  • Hall of Fame,

    Founding Member

In some cases, the PBR will be software switched hence causing matches in the log to appear.


Cases such as; switching module reset, first packet on the flow, among others.


If you see the matches increase as the PBR is working, it's not a good thing as PBR performance will be degraded.


If the matches you've illustrated remain static, then that amount was accrued when the PBR was being configured and some of the flows were software switched.



HTH,


__


Edison.

rajivrajan1 Thu, 03/05/2009 - 00:10
User Badges:
  • Bronze, 100 points or more

Thanx again.


Do u have any links/docs i can use to further read abt the same?

Edison Ortiz Thu, 03/05/2009 - 06:10
User Badges:
  • Super Bronze, 10000 points or more
  • Hall of Fame,

    Founding Member

The 12.2(SXF) Release Notes have some mentioning of PBR. This is one of the features that is not well documented.


This article published by TAC reinforces my previous post:


http://supportwiki.cisco.com/ViewWiki/index.php/The_output_of_the_debug_command_does_not_show_any_traffic_when_configured_for_PBR_in_the_Cisco_Catalyst_6500_switch


HTH,


__


Edison.

Actions

This Discussion