Hello All, I have a question about policy based routing on Cat6500. I want to split HTTP traffic and route it through proxy and route rest of the traffic straight to the internet. The only thing that worries me is will 6500 with sup720 be powerful enough to route 1-10Gbps of traffic with PBR. I know that sup720 does PBR in hardware (PFC) but I want to mach with acl on destination port so it will be L4 decision and I'm not sure will it forward in hardware or will fallback to process switching. My configuration would look like this:
Access-list 123 permit tcp any any eq 80 Access-list 123 permit tcp any any eq 443 Access-list 123 permit tcp any any eq ftp ! Route-map WEB permit 10 Match ip address 123 Set ip netx-hop 1.2.3.4 ! Interface vlan123 Ip vrf TESTS1 Ip address 2.3.4.5 255.255.255.0 Ip policy route-map WEB Ip route-cache policy ! I thought I would add another VRF in front of FWSM in 6500 and will put PBR on it. My physical design looks like this: IP Cloud) <=>(Cisco SCE2020) <=> (Cat6513Sup720<->FWSM<->VRF<->ACE<->(OUT VRF)[rt import/export](VRF Intenet))<=>ASA55xx Maybe it's worth to mark "interesting" traffic on SCE with DSCP or something but I checked that on Cat6500 I can only do mach in route-map on access-list … All suggestions appreciated. Regards, Darius _______________________________________________ cisco-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
