cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2236
Views
0
Helpful
4
Replies

Impact of PBR on a Layer 3 Switch.

Carlosperez1601
Level 1
Level 1

Hello Experts, 

 

I want to implement PBR on two VLANs of our L3 Switch and I need to know if that goes to have a huge impact in the perfomance of the Switch. Also I want to know if the PBR affects all the traffic of the VLANs or just impact the packets that match with the route map?

 

It's a very simple configuration to force a path to a specific destination for those users. Each Vlan handles approximately 200 users. The L3 Switch is a Catalyst 4700 Series. 

 

Below an example of the configuration:

 

ip access-list extended ACL-TEST
permit ip 192.168.52.0 0.0.0.255 host 10.50.14.199

 

route-map RM-Test permit 10
match ip address ACL-TEST
set ip next-hop 172.23.30.38

 

interface Vlan11
ip address 192.168.52.1 255.255.255.0
ip policy route-map RM-Test
end

 

interface Vlan12
ip address 192.168.52.1 255.255.255.0
ip policy route-map RM-Test
end

 

4 Replies 4

Joseph W. Doherty
Hall of Fame
Hall of Fame
If I remember correctly, it depends on what PBR commands are being used. I recall some PBR commands are not supported by the hardware, and if so, those would much degrade performance.

Richard Burts
Hall of Fame
Hall of Fame

The original poster asks a 2 part question:

1) if they implement PBR will it have a huge impact on the switch. Probably not. To provide a more complete answer we would need information about the switch being used, the version of software it is running, and the type and volume of traffic being forwarded by this switch.

2) does PBR affect all the traffic of the vlan or just the packets that match the ACL. PBR affects only the packets that match the ACL.

 

@Joseph W. Doherty answers a slightly different question, pointing out that some implementations of PBR on some switches do not support the full range of PBR parameters. The original poster should be aware of this restriction.

 

I notice one odd thing in the original post

interface Vlan11
ip address 192.168.52.1 255.255.255.0
ip policy route-map RM-Test
end

 

interface Vlan12
ip address 192.168.52.1 255.255.255.0
ip policy route-map RM-Test
end

 

how can vlan 11 and 12 both have the same IP address? The original post says they want to implement PBR on 2 vlans. To do this they will need either 2 route maps (one for each vlan and each with its own ACL and its own set statement), or they will need a single route map with 2 stanzas (each with its own ACL and its own set statement).

 

HTH

 

Rick

HTH

Rick

"@Joseph W. Doherty answers a slightly different question, pointing out that some implementations of PBR on some switches do not support the full range of PBR parameters. The original poster should be aware of this restriction."

". . . different question . . .", yes and no, my point was I recall (?) not all L3 switches support all PBR commands in hardware. Those PBR commands supported in hardware will effectively not impact performance. Those PBR commands, that are supported, but not in hardware, can very much impact (i.e. degrade) performance. As Rick describes, you might find that some switches that don't support some PBR commands in hardware also don't support those PBR commands at all. The latter would be to avoid the possible performance loss using those commands. (NB: often a L3 switch that does packet processing using its main CPU will have less performance than many "comparative" ISRs.)

BTW, Rick also (correctly) answers your second question.

@Joseph W. Doherty Thanks for pointing out a subtlety in your response that I did not recognize. I was focused on the part about "some layer 3 switches may not support all PBR commands". Probably that was influenced by the fact that I recently dealt with someone who was attempting to implement PBR on a layer 3 Catalyst switch. We found that while the switch did support set ip next-hop 1.2.3.4 it did not support set ip next-hop 1.2.3.4 verify-availability.

 

So your point was about support commands in hardware rather than about support commands. If there are PBR commands that are supported in software but not supported in hardware, then your comment is quite correct.

 

HTH

 

Rick

HTH

Rick
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: