04-12-2019 07:44 AM
Hello Experts,
I want to implement PBR on two VLANs of our L3 Switch and I need to know if that goes to have a huge impact in the perfomance of the Switch. Also I want to know if the PBR affects all the traffic of the VLANs or just impact the packets that match with the route map?
It's a very simple configuration to force a path to a specific destination for those users. Each Vlan handles approximately 200 users. The L3 Switch is a Catalyst 4700 Series.
Below an example of the configuration:
ip access-list extended ACL-TEST
permit ip 192.168.52.0 0.0.0.255 host 10.50.14.199
route-map RM-Test permit 10
match ip address ACL-TEST
set ip next-hop 172.23.30.38
interface Vlan11
ip address 192.168.52.1 255.255.255.0
ip policy route-map RM-Test
end
interface Vlan12
ip address 192.168.52.1 255.255.255.0
ip policy route-map RM-Test
end
04-13-2019 06:57 AM
04-13-2019 10:06 AM
The original poster asks a 2 part question:
1) if they implement PBR will it have a huge impact on the switch. Probably not. To provide a more complete answer we would need information about the switch being used, the version of software it is running, and the type and volume of traffic being forwarded by this switch.
2) does PBR affect all the traffic of the vlan or just the packets that match the ACL. PBR affects only the packets that match the ACL.
@Joseph W. Doherty answers a slightly different question, pointing out that some implementations of PBR on some switches do not support the full range of PBR parameters. The original poster should be aware of this restriction.
I notice one odd thing in the original post
interface Vlan11
ip address 192.168.52.1 255.255.255.0
ip policy route-map RM-Test
end
interface Vlan12
ip address 192.168.52.1 255.255.255.0
ip policy route-map RM-Test
end
how can vlan 11 and 12 both have the same IP address? The original post says they want to implement PBR on 2 vlans. To do this they will need either 2 route maps (one for each vlan and each with its own ACL and its own set statement), or they will need a single route map with 2 stanzas (each with its own ACL and its own set statement).
HTH
Rick
04-14-2019 07:34 AM - edited 04-14-2019 07:37 AM
"@Joseph W. Doherty answers a slightly different question, pointing out that some implementations of PBR on some switches do not support the full range of PBR parameters. The original poster should be aware of this restriction."
". . . different question . . .", yes and no, my point was I recall (?) not all L3 switches support all PBR commands in hardware. Those PBR commands supported in hardware will effectively not impact performance. Those PBR commands, that are supported, but not in hardware, can very much impact (i.e. degrade) performance. As Rick describes, you might find that some switches that don't support some PBR commands in hardware also don't support those PBR commands at all. The latter would be to avoid the possible performance loss using those commands. (NB: often a L3 switch that does packet processing using its main CPU will have less performance than many "comparative" ISRs.)
BTW, Rick also (correctly) answers your second question.
04-14-2019 11:33 AM
@Joseph W. Doherty Thanks for pointing out a subtlety in your response that I did not recognize. I was focused on the part about "some layer 3 switches may not support all PBR commands". Probably that was influenced by the fact that I recently dealt with someone who was attempting to implement PBR on a layer 3 Catalyst switch. We found that while the switch did support set ip next-hop 1.2.3.4 it did not support set ip next-hop 1.2.3.4 verify-availability.
So your point was about support commands in hardware rather than about support commands. If there are PBR commands that are supported in software but not supported in hardware, then your comment is quite correct.
HTH
Rick
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide