Jump to content
Калькуляторы

PBR на CAT45 и CAT65 PBR

Вопрос к кошководам.

 

Есть два каталиста, 45 и 65.

 

45:

 

sh mod

Chassis Type : WS-C4506-E

 

Power consumed by backplane : 0 Watts

Mod Ports Card Type                              Model              Serial No.
---+-----+--------------------------------------+------------------+-----------
1     6  Sup 6-E 10GE (X2), 1000BaseX (SFP)     WS-X45-SUP6-E      JAE1215DWC9 
2    48  10/100/1000BaseT (RJ45)                WS-X4548-GB-RJ45   JAE1010XSAN 
3    18  1000BaseX (GBIC)                       WS-X4418-GB        JAE061702RJ 
4    48  10/100/1000BaseT (RJ45)                WS-X4448-GB-RJ45   JAB063707X1 
5     6  1000BaseX (GBIC)                       WS-X4306-GB        JAE08522WB4 
6     6  1000BaseX (GBIC)                       WS-X4306-GB        JAE1115C92C 

 

65:

 

sh mod
Mod Ports Card Type                              Model              Serial No.
--- ----- -------------------------------------- ------------------ -----------
 1   48  CEF720 48 port 10/100/1000mb Ethernet  WS-X6748-GE-TX     SAL1650TYYZ
 2    4  CEF720 4 port 10-Gigabit Ethernet      WS-X6704-10GE      SAL1033YDYJ
 5    2  Supervisor Engine 720 (Active)         WS-SUP720-3BXL     JAF1219BTNS

 

45 выступает L3 ядром, 65 - бордером, и терминатором для VIP клиентов. Сеть не большая.

 

На 45 используеться PBR для NAT-a и шейпа. Трафика ~2.5Гбит в ЧНН.

 

ACL

 

ip access-list standard BRAS1_100.2
permit 192.168.0.0 0.0.15.255
permit 192.168.91.0 0.0.0.255
permit 192.168.92.0 0.0.0.255
permit 192.168.93.0 0.0.0.255
ip access-list standard BRAS2_101.2
ip access-list standard BRAS3
permit 10.202.0.0 0.0.255.255
permit 10.203.0.0 0.0.255.255
permit 31.41.104.0 0.0.0.255
ip access-list standard BRAS4_103.2
permit 192.168.0.0 0.0.63.255
ip access-list standard BRAS5_600VLAN
permit 10.200.0.0 0.0.255.255
permit 10.201.0.0 0.0.255.255
permit 31.41.104.0 0.0.0.255

 

route-map

 

route-map BRAS permit 11
match ip address BRAS1_100.2
set ip default next-hop 10.101.100.2
!
route-map BRAS permit 12
match ip address BRAS4_103.2
set ip default next-hop 10.101.103.2
!
route-map BRAS permit 14
match ip address BRAS3
set ip default next-hop 10.101.102.2
!
route-map BRAS permit 15
match ip address BRAS5_600VLAN
set ip default next-hop 10.101.105.2

 

(все что не матчится идет в дефолтный брас)

 

 

Трафик на брасах размазан так, что не более 500Мбит на каждом.

 

Внимание беда! Когда трафик доходит до 2.3Гбит сумарного на PBR начинают расти задержки на 10.101.10*.2

 

Грешу на то, что PBR на 45 полухардварный.

Подскажите, PBR-а на 65ке будет полностью хардварным ?

Share this post


Link to post
Share on other sites

The Catalyst 4500 switching engine supports matching a "set next-hop" route-map action with a packet on a permit ACL. 
All other route-map actions, as well as matches of deny ACLs, are supported by a flow switching model. In this model, the 
first packet on a flow that matches a route-map will be delivered to the software for forwarding. Software determines the 
correct destination for the packet and installs an entry into the TCAM so that future packets on that flow are switched 
in hardware. The Catalyst 4500 switching engine supports a maximum of 4096 flows.

 

Иногда надо таки читать мануалы от того что покупаете :)

Да, set ip default next-hop на 65ой коробке будет в железе.

http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst6500/ios/12-2SY/configuration/guide/sy_swcg/policy_based_routing_pbr.html#wp1014674

Share this post


Link to post
Share on other sites

Сразу после прочтения:

 

Understanding PBR on Supervisor Engine 6-E

 

The Catalyst 4500 Supervisor Engine 6-E supports matching route-map actions with a packet by installing entries in the TCAM that match the set of packets described by the ACLs in the match criteria of the route map. These TCAM entries point at adjacencies that either perform the necessary output actions or forward the packet to software if either hardware does not support the action or its resources are exhausted.

 

 

The Supervisor Engine 6-E does not implement PBR using flow switching.

 

The Catalyst 4500 switching engine supports matching a "set next-hop" route-map action with a packet on a permit ACL. All other route-map actions, as well as matches of deny ACLs, are supported by a flow switching model. In this model, the first packet on a flow that matches a route-map is delivered to the software for forwarding. Software determines the correct destination for the packet and installs an entry into the TCAM so that future packets on that flow are switched in hardware. The Catalyst 4500 switching engine supports a maximum of 4096 flows.

 

 

The ACL, QoS, or PBR entries that cannot be programmed into TCAM are software switched and can result in performance degradation.

 

 

Решили все таки перескакивать =))

Share this post


Link to post
Share on other sites

А почему нельзя сделать вот так:

 

route-map BRAS permit 11
match ip address BRAS1_100.2
set ip next-hop 10.101.100.2
!
route-map BRAS permit 12
match ip address BRAS4_103.2
set ip  next-hop 10.101.103.2
!
route-map BRAS permit 14
match ip address BRAS3
set ip  next-hop 10.101.102.2
!
route-map BRAS permit 15
match ip address BRAS5_600VLAN
set ip next-hop 10.101.105.2

route-map BRAS permit 1000
set ip next-hop ваш_дефолт

 

... ?

Share this post


Link to post
Share on other sites

Вероятно в таблице есть еще маршруты, которые было бы не плохо чтобы работали :) Обычно именно в этом причина нужности default next-hop.

Share this post


Link to post
Share on other sites

Вероятно в таблице есть еще маршруты, которые было бы не плохо чтобы работали :) Обычно именно в этом причина нужности default next-hop.

 

 

Все верно.

 

Перешли на 65тый, проблемы с задержками в ЧНН пропали, и даже выросла общая загрузка канала.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.