Solved: ISR1100 routing performance difference sub interface vs service-instance/BDI

campbell.simpson · ‎01-21-2018

I'm testing with a C1111-8PW, one of the new ISR1100. I have found a large performance difference routing between WAN/LAN when using sub interface vs service-instance/BDI. This is with the same service-policy/access-group applied. It doesn't matter if the LAN interface is an etherswitch port or the other built-in WAN port. QFP CPU usage is about 50% higher when using a service instance on the WAN interface. I've also tried configuring the other WAN interface as the LAN port using service-instance to but no change in performance.

Any thoughts as to why the performance difference? I'd be happy to use the sub-interface design but likely need to use the router for both L3 routing and L2 bridging which means I'd need to use service instance on the WAN interface to support such a design.

interface GigabitEthernet0/0/0
 description WAN interface
 no ip address
 negotiation auto
 service instance 500 ethernet
  encapsulation dot1q 500
  rewrite ingress tag pop 1 symmetric
  service-policy output QoS-Egress
  bridge-domain 500
 !

interface BDI500
 description WAN
 ip address 100.72.191.2 255.255.255.252
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip access-group WAN-INTERFACE-IN in
 no cdp enable
 no shut
!
interface GigabitEthernet0/1/0
 description LAN Switch
 switchport access vlan 550
!
interface Vlan550
 description LAN subnet
 ip address 100.72.130.1 255.255.255.0
 ip helper-address 100.72.149.131
 ip helper-address 100.72.149.195
 no ip redirects
 no ip proxy-arp
 ip verify unicast source reachable-via rx
 ip access-group LAN-INTERFACE-IN in
 load-interval 30


VS below with much better performance

interface GigabitEthernet0/0/0
 no ip address
 negotiation auto
!
interface GigabitEthernet0/0/0.500
 description WAN
 encapsulation dot1Q 500
 ip address 100.72.191.2 255.255.255.252
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip access-group WAN-INTERFACE-IN in
 no cdp enable
 service-policy output QoS-Egress
!
interface GigabitEthernet0/1/0
 description LAN Switch
 switchport access vlan 550
!
interface Vlan550
 description LAN subnet
 ip address 100.72.130.1 255.255.255.0
 ip helper-address 100.72.149.131
 ip helper-address 100.72.149.195
 no ip redirects
 no ip proxy-arp
 ip verify unicast source reachable-via rx
 ip access-group LAN-INTERFACE-IN in
 load-interval 30

campbell.simpson · ‎02-15-2018

Cisco TAC have come back to me and explained that it's functioning as designed 'Bridging is an expensive feature for IOSXE as we have to create a software switch to forward the traffic.'

So to ensure you get the best performance from this router best stick with routed sub interfaces.

View solution in original post

Philip D'Ath · ‎01-21-2018

I wonder if it is not doing this in hardware. is the CPU quite high when this is happening?

campbell.simpson · ‎01-22-2018

I haven't checked the 'main' CPU usage during BDI testing only looked at the QFP CPU usage which is 98%. I'll need to check if this is the case. Distributed CEF is enabled though.

campbell.simpson · ‎01-24-2018

Upgraded IOS and found a performance improvement overall. But there's still approx 50% increase in QFP CPU load when using service instance and BDI compared to sub interface. I confirmed main control plane CPU is not impacted and sits at 1-2% no matter what I'm doing

campbell.simpson · ‎02-15-2018

Cisco TAC have come back to me and explained that it's functioning as designed 'Bridging is an expensive feature for IOSXE as we have to create a software switch to forward the traffic.'

So to ensure you get the best performance from this router best stick with routed sub interfaces.