On Wed, Dec 28, 2011 at 1:30 AM, Reuben Farrelly <[email protected]> wrote: > Hi guys > > Is GRE tunnelling supported on this platform?
Yes, but the cpu-switch asic interface is *not* fast. you'll see ~1mbit usable through it (same as on 3550, 3560, 3750). these are "not good" devices for this need. if you needed low impact out of band, tftp/ftp access for a remote pop you're turning up, or bgp/isis/ospf routing of some internal space over island-ed transit, sure. but not transit bits or production traffic. The 4948, or a cat4k chassis + sup4 or sup5 will you ~92 mbit usable, as their cpu--switch asic appear to have ~100 mbits usable, and GRE happens in software on a 333mhz+ powerPC cpu, making it roughly as quick as NPE-225. > We've a need to run GRE tunnels for a URL filtering solution at our Head > Office from outside the firewall, and policy routing + GRE is the only way > this can be set up with the upstream vendor. > > [Pretty sure policy routing is not supported on this platform yet also but > confirmation of this would be good as well]. Like the 3550/3560/3750 family, policy routing support is a tcam + sdm carving option on the ME's in question (google 'sdm prefer'). I have not tested/tried matching L4 parameters on these platforms, but L3 matches appear to work indeed. Of course you lose FIB capacity by enabling this support. One would be better off, imho, using wccp v2 to redirect selected/registered traffic to the off-net filtering/etc appliance than PBR tricks or tunnels. Of course, you may end up needing both wccp and gre, in which case, look to cat4k for something approaching reasonably fast/usable/affordable. -Tk _______________________________________________ cisco-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
