Don't see any hits

I have moved all config to a test enviroment so PBR is not on po11 but te6/3.101 for testing.

prove-core-a-pe-01#show tcam interface te6/3.101 acl in ip

* Global Defaults not shared

Entries from Bank 0

Entries from Bank 1

    permit       ip any 224.0.0.0 15.255.255.255

    policy-route ip 10.52.0.0 0.1.255.255 any

    permit       ip any any

prove-core-a-pe-01#

/claus

Hi Claus,

does your module on slot 3 (the one where the PBR is actually attached to) have a DFC?

I might think so; in this case you need to check the stats on that module.

show tcam interface te6/3.101 acl in ip module 3

Riccardo

Yes (it is actully module 6)

/claus

prove-core-a-pe-01#sh module

Mod Ports Card Type                              Model              Serial No.

--- ----- -------------------------------------- ------------------ -----------

  5    2  Supervisor Engine 720 (Active)         WS-SUP720-3BXL     xxxxx

  6    4  CEF720 4 port 10-Gigabit Ethernet      WS-X6704-10GE      xxxxx

Mod MAC addresses                       Hw    Fw           Sw           Status

--- ---------------------------------- ------ ------------ ------------ -------

  5  0013.7f0a.5808 to 0013.7f0a.580b   4.3   8.1(3)       15.0(1)S5    Ok

  6  0019.30fe.a148 to 0019.30fe.a14b   2.6   12.2(14r)S5  15.0(1)S5    Ok

Mod  Sub-Module                  Model              Serial       Hw     Status

---- --------------------------- ------------------ ----------- ------- -------

  5  Policy Feature Card 3       WS-F6K-PFC3BXL     xxxxxxxx  1.6    Ok

  5  MSFC3 Daughterboard         WS-SUP720           xxxxxxxx  2.3    Ok

6  Distributed Forwarding Card WS-F6700-DFC3BXL   xxxxx  5.3    Ok

Mod  Online Diag Status

---- -------------------

  5  Pass

  6  Pass

prove-core-a-pe-01#

Hi Claus, I made clearly a typo

the command to check is

show tcam interface te6/3.101 acl in ip module 6

do you get stats?

I saw the typo, and made did the command for the correct interface.

/claus

I suppose you get increasing hits now, correct?

unfortunately not.

The network i a small SP running an MPLS core. The link where i try to PBR on is NOT a part of the mpls cloud, but the next-hop i'm trying to set is.

/claus

so the traffic which is supposed to be policy routed will be MPLS labelled after the lookup?

If this is the cse the PBR will not work. PBR is just for IP routing not for MPLS routing.

what if trafic comes on a labeled link, but will be forwarded on a non mpls link?

When it comes to the node there is no label course penultimate-hop is kicked in, or am i totatly of here?

I made a small drawing as an eksample, hope it make sense :-)

/claus

it depends of the type of mpls you are talking about.

considering that you mentioned the PE role you might be talking of MPLS VPN and not just a MPLS enabled core network.

If it is MPLS VPN the traffic coming from the core, even after the PHP behavior, will have a MPLS label (VPN label).

If this is true the PBR will not work was you cannot have an input IP ACL matching against MPLS traffic.

Is yours a MPLS VPN setup (i.e.: the source is behind some vrf)?

The source is in the Global routing table, så no MPLS VPN.

So from that point of view, just plane MPLS :-)

/claus

it should work then

if it does not let me know as I might have a look at it