Showing results for 
Search instead for 
Did you mean: 
Join Customer Connection to register!
neil grant

Moving away from GRE and Policy based routing, Need direction (performance based routing?)

Hi Guys / Gals

Need a bit of help, The current situation is we have dual connection sites MPLS and IPSEC site to site VPN.

Now we use PBR with the validate next hope option to ensure end to end connectivity with the use of GRE tunnels for delay sensitive traffic with a secondary statement for backup, now this is very inefficient as we are are losing the full mesh benefit of both the internet and the MPLS VPN our ISP provide.

So I'm thinking ....load sharing with performance routing? is it possible to securely (loose term) route via site to site VPN's without Tunnels over the internet (This will be possible but the administration needed for each site would be a pain). Currently we are operating a dual homed hub and spoke design.

I have yet to read the 300 page .pdf on performance routing but i am under the impression it can route traffic dependant on DSCP marking, so our delay sensitive traffic will be (under normal circumstances) be routed via the MPLS network?

Thanks Neil

Regards Neil

If you don't want to dig through the design guide PDF, I would recommend poking through the docwiki site, as it is one of the more full-featured docwiki topics I've seen:

I don't have any real world experience with PfR, but I find it an interesting topic to read about!



Steve Lyons

Hi Neil,

PfR provides at minimum the following 4 capabilities:

1) Link capacity monitoring/management.

2) Load balancing.

3) Routing based on application requirements (i.e.: delay, jitter, loss, etc).

4) Routing around soft network errors (i.e.: brownout conditions, blackout conditions, etc).

I would recommend looking into PfR as it looks to be the right feature for your requirements listed in this thread.

Let me know if you have any further questions.

Best Regards,

Steve Lyons - Cisco

If you have a larger network it may also be worth considering GET VPN, a tunneless VPN technology.

The advantages of the technology can be found here:

•  Provides highly scalable any to any mesh topology natively and  eliminates the need for complex peer-to-peer security associations.

•  For Multiprotocol Label Switching (MPLS) networks, maintains network  intelligence (such as full-mesh connectivity, natural routing path, and  QoS).Grants easy membership control with centralized key servers.

•  Helps ensure low latency and jitter by enabling full-time, direct  communications between sites, without requiring transport through a  central hub.

•  GETVPN allows replication of the packets after encryption. This allows  the multicast traffic to be replicated at the core, thereby reducing the  load and band width requirement on the Customer Premises Equipment  (CPE).

•  IP Address Preservation enables encrypted packets to carry the original  source and destination IP addresses in the outer IP header rather than  replacing them with tunnel endpoint addresses.

See also the following link