Solved: Re: Policy-Based Routing (PBR) Speed issue

Qays · ‎09-21-2020

Hi,,

My company use 3750 switch as core switch that connected to 4 access switches with trunks each access switch has 10 VLANs, the 3750 routes the traffic for 10 networks (VLANs) using Policy-Based Routing, each VLAN has three route-maps ( VLANs in local site, WAN, internet), also each route-map based in many ACLs.

My problem is the connection between VLANs to slow although all cables are 1Gig speed, if I try to transmit files in the same VLANs the speed runs good, but if the connection needs to routed for other VLAN the speed slows down.

is the Policy-Based Routing takes too much time in the processing or the switch needs to replace?

is there another idea for the routing in my case?

THANKS

Joseph W. Doherty · ‎09-22-2020

I recall (?) PBR being documented on some platforms that certain PBR commands are not in the "fast path" (on routers [?] - on switches they might not be supported [?]), and if they are not, they will be "slower" then PBR commands that are in the "fast path".

View solution in original post

balaji.bandi · ‎09-21-2020

at this stage we are not sure what causing the issue, until we know more information of enviroment :

full device mode (3750 or 3750X)

show version

configuration

show sdm prefer

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Qays · ‎09-21-2020

This is an sample of the configuration

interface Vlan101

ip address 10.100.101.1 255.255.255.128
ip policy route-map VLAN-101

ip access-list extended Route-Map-101-VPN
permit ip 10.100.101.0 0.0.0.127 host 10.4.81.22
permit ip 10.100.101.0 0.0.0.127 10.100.30.0 0.0.0.255
permit ip 10.100.101.0 0.0.0.127 10.198.199.0 0.0.0.255
permit ip 10.100.101.0 0.0.0.127 host 10.192.100.120
permit ip 10.100.101.0 0.0.0.127 host 10.192.100.2
permit ip 10.100.101.0 0.0.0.127 host 10.192.100.141
permit ip 10.100.101.0 0.0.0.127 host 10.192.100.140
permit ip 10.100.101.0 0.0.0.127 10.10.20.0 0.0.0.255
ip access-list extended Route-Map-101-LAN
permit ip 10.100.101.0 0.0.0.127 10.100.250.0 0.0.0.255
permit ip 10.100.101.0 0.0.0.127 10.100.110.0 0.0.0.31
ip access-list extended Route-Map-101-Net
permit ip 10.100.101.0 0.0.0.127 any

route-map VLAN-101 permit 1
match ip address Route-Map-101-LAN
!
route-map VLAN-101 permit 2
match ip address Route-Map-101-VPN
set ip next-hop 10.100.101.125
!
route-map VLAN-101 permit 3
match ip address Route-Map-101-Net
set ip next-hop 10.100.101.126

The switch version

WS-C3750G-48TS 12.2(55)SE1 C3750-IPSERVICESK9-M

The Switch database management

The current template is "desktop routing" template.
The selected template optimizes the resources in
the switch to support this level of features for
8 routed interfaces and 1024 VLANs.

number of unicast mac addresses: 3K
number of IPv4 IGMP groups + multicast routes: 1K
number of IPv4 unicast routes: 11K
number of directly-connected IPv4 hosts: 3K
number of indirect IPv4 routes: 8K
number of IPv4 policy based routing aces: 0.5K
number of IPv4/MAC qos aces: 0.5K
number of IPv4/MAC security aces: 1K

Joseph W. Doherty · ‎09-21-2020

SE1? You might also consider upgrading to latest in that train.

Richard Burts · ‎09-21-2020

I will begin by acknowledging that I am not authoritative on this platform, and if someone who is authoritative will jump in I would appreciate it. But my guess is that while this switch does its layer 2 forwarding in hardware, it does the PBR by passing the frame to be processed by the cpu, and that this is the cause of the slowness. It is certainly possible that a later version of code would perform better. But if slowness is a problem then I believe that the best solution is a different platform.

HTH

Rick

Giuseppe Larosa · ‎09-21-2020

Hello @Qays ,

this kind of devices either do not support PBR or if they support it they perform it in hardware with no great performance penalty.

provide the output of the show commands suggested by BB to better understand your current scenario.

if you make a test with iperf or similar tools you get better results in the same VLAN when compared to inter vlan routing even with standard destination based routing.

Hope to help

Giuseppe

Qays · ‎09-21-2020

This is an sample of the configuration

interface Vlan101

ip address 10.100.101.1 255.255.255.128
ip policy route-map VLAN-101

ip access-list extended Route-Map-101-VPN
permit ip 10.100.101.0 0.0.0.127 host 10.4.81.22
permit ip 10.100.101.0 0.0.0.127 10.100.30.0 0.0.0.255
permit ip 10.100.101.0 0.0.0.127 10.198.199.0 0.0.0.255
permit ip 10.100.101.0 0.0.0.127 host 10.192.100.120
permit ip 10.100.101.0 0.0.0.127 host 10.192.100.2
permit ip 10.100.101.0 0.0.0.127 host 10.192.100.141
permit ip 10.100.101.0 0.0.0.127 host 10.192.100.140
permit ip 10.100.101.0 0.0.0.127 10.10.20.0 0.0.0.255
ip access-list extended Route-Map-101-LAN
permit ip 10.100.101.0 0.0.0.127 10.100.250.0 0.0.0.255
permit ip 10.100.101.0 0.0.0.127 10.100.110.0 0.0.0.31
ip access-list extended Route-Map-101-Net
permit ip 10.100.101.0 0.0.0.127 any

route-map VLAN-101 permit 1
match ip address Route-Map-101-LAN
!
route-map VLAN-101 permit 2
match ip address Route-Map-101-VPN
set ip next-hop 10.100.101.125
!
route-map VLAN-101 permit 3
match ip address Route-Map-101-Net
set ip next-hop 10.100.101.126

The switch version

WS-C3750G-48TS 12.2(55)SE1 C3750-IPSERVICESK9-M

The Switch database management

The current template is "desktop routing" template.
The selected template optimizes the resources in
the switch to support this level of features for
8 routed interfaces and 1024 VLANs.

number of unicast mac addresses: 3K
number of IPv4 IGMP groups + multicast routes: 1K
number of IPv4 unicast routes: 11K
number of directly-connected IPv4 hosts: 3K
number of indirect IPv4 routes: 8K
number of IPv4 policy based routing aces: 0.5K
number of IPv4/MAC qos aces: 0.5K
number of IPv4/MAC security aces: 1K

Georg Pauwen · ‎09-21-2020

Hello,

the configs look by the book. The only thing I can think of is to enable:

ip route-cache policy

on the interfaces where PBR is enabled.

Qays · ‎09-21-2020

THANKS,,,

I have tried it, it doesn’t make sense.

another questions please..

is the speed issue common with PBR ????

Joseph W. Doherty · ‎09-22-2020

I recall (?) PBR being documented on some platforms that certain PBR commands are not in the "fast path" (on routers [?] - on switches they might not be supported [?]), and if they are not, they will be "slower" then PBR commands that are in the "fast path".

Qays · ‎09-23-2020

Thanks