Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Webcast-Catalyst9k
New Member

Policy based routing on Cat6513-SUP720b

Hello All,

I have a question about policy based routing on Cat6500. I want to

split HTTP traffic and route it through proxy and route rest of the

traffic straight to the internet. The only thing that worries me is

will 6500 with sup720 be powerful enough to route 1-10Gbps of traffic

with PBR. I know that sup720 does PBR in hardware (PFC) but I want to

mach with acl on destination port so it will be L4 decision and I'm

not sure will it forward in hardware or will fallback to process

switching. My configuration would look like this:

Access-list 123 permit tcp any any eq 80

Access-list 123 permit tcp any any eq 443

Access-list 123 permit tcp any any eq ftp

=== or

access-list 123 permit ip any any dscp X

===

!

Route-map WEB permit 10

Match ip address 123

Set ip netx-hop 1.2.3.4

!

Interface vlan123

Ip vrf TESTS1

Ip address 2.3.4.5 255.255.255.0

Ip policy route-map WEB

Ip route-cache policy

!

I thought I would add another VRF in front of FWSM in 6500 and will

put PBR on it.

My physical design looks like this:

IP Cloud) <=>(Cisco SCE2020) <=>

(Cat6513Sup720<->VRF<->FWSM<->VRF<->ACE<->(OUT VRF)[rt import/export](VRF

Intenet))<=>ASA55xx

Maybe it's worth to mark "interesting" traffic on SCE with DSCP or

something but I checked that on Cat6500 I can only do mach in

route-map on access-list …

All suggestions appreciated.

Regards,

Darius

127
Views
0
Helpful
0
Replies
CreatePlease to create content