>From the limited details, it sounds like what you really want is vrf-lite. >Assuming the application traffic can be split into its own subnetwork, stick >them in a VRF whose "normal" routing table matches what you're forcing via PBR.
On Mar 6, 2012, at 6:55 PM, Zach Williams <[email protected]> wrote: > Hello. I have a question regarding the use of policy based routing. I've > always thought of it as a way to selectively change routing in exceptional > circumstances. > > I've come across an implementation where it is being used to explicitly set > a next-hop ip for 99% of all traffic headed from an application behind a > pair of of stacked 3750s. The default route on these layer 3 switches is > set to a 192.168.x.x IP which is part of a management network. The PBR is > in place to send the outbound application traffic towards a firewall and > out to the internet. > > Part of the reasoning for doing this was because the application will > require only a few separate class C's and the management network has many > more routes. A route-map matching an access-list or prefix-list for the > basis of PBR on the outbound application traffic would contain fewer lines > of configuration and thus it was deemed more elegant to set up PBR for the > application traffic rather than the management traffic. > > I'm having a tough time finding best-practices information on the use of > PBR and was wondering what cisco-nsp thought of this setup. > _______________________________________________ > cisco-nsp mailing list [email protected] > https://puck.nether.net/mailman/listinfo/cisco-nsp > archive at http://puck.nether.net/pipermail/cisco-nsp/ _______________________________________________ cisco-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
