Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4022
Views
0
Helpful
6
Replies

CPU impact on PBR

Go to solution
carlo.galicia
Level 1
Level 1

‎01-07-2014 06:19 PM - edited ‎03-07-2019 05:25 PM

Hi,

I have a Cisco 7609 with 2 x RSP720-3CXL module. The current traffic utilization is about 3Gbps and the CPU is less than 5%. Traffic utilization is expected to increase up to 10Gbps.

I need to do PBR for all TCP (only) traffic to another device. Would like to know what will be the impact on the CPU?

thanks,

Carlo

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Reza Sharifi
Hall of Fame
Hall of Fame

‎01-07-2014 07:00 PM

Hi,

It is hard to tell since no documentation can truly tell you if you for example create 10 PBRs, you CPU will increase 20% or 20 PBR, the CPU increase 40%. If you are deploying few PBRs, you shouldn't have to worry about CPU increases, but if you are planning to deploy a lots of PBR, you may want to do a few at a time and monitor the CPU to get an idea.

HTH

View solution in original post

0 Helpful

Go to solution
mtsb
Level 1
Level 1

‎01-07-2014 07:10 PM

Hi Carlo,

I believe the PBR is done on hardware in 7600 so if you operate within the scalability limits of that platform it should be fine I guess. As Reza suggested if you are not sure I would do an incremental approach of applying few PBR policies and monitor for the CPU usage and tcam usage and keep applying untill all configs are applied.

Thanks,

Madhu

View solution in original post

0 Helpful
6 Replies 6

Go to solution
Reza Sharifi
Hall of Fame
Hall of Fame

‎01-07-2014 07:00 PM

Hi,

It is hard to tell since no documentation can truly tell you if you for example create 10 PBRs, you CPU will increase 20% or 20 PBR, the CPU increase 40%. If you are deploying few PBRs, you shouldn't have to worry about CPU increases, but if you are planning to deploy a lots of PBR, you may want to do a few at a time and monitor the CPU to get an idea.

HTH

0 Helpful

Go to solution
mtsb
Level 1
Level 1

‎01-07-2014 07:10 PM

Hi Carlo,

I believe the PBR is done on hardware in 7600 so if you operate within the scalability limits of that platform it should be fine I guess. As Reza suggested if you are not sure I would do an incremental approach of applying few PBR policies and monitor for the CPU usage and tcam usage and keep applying untill all configs are applied.

Thanks,

Madhu

0 Helpful

Go to solution
carlo.galicia
Level 1
Level 1

‎01-07-2014 07:30 PM

Thank you both for the reply.

I found these pbr guide at some cisco forums. Can help to explain this further?

If  the MSFC address falls within the range of a PBR ACL, traffic addressed  to the MSFC is policy routed in hardware instead of being forwarded to  the MSFC. To prevent policy routing of traffic addressed to the MSFC,  configure PBR ACLs to deny traffic addressed to the MSFC.

Any  options in Cisco IOS ACLs that provide filtering in a PBR route-map  that would cause flows to be sent to the MSFC to be switched in software  are ignored. For example, logging is not supported in ACEs in Cisco IOS  ACLs that provide filtering in PBR route-maps.

PBR  traffic through switching module ports where PBR is configured is  routed in software if the switching module resets. (CSCee92191)

thanks,

Carlo

0 Helpful

Go to solution
mtsb
Level 1
Level 1
In response to carlo.galicia

‎01-07-2014 08:34 PM 

If   the MSFC address falls within the range of a PBR ACL, traffic  addressed  to the MSFC is policy routed in hardware instead of being  forwarded to  the MSFC. To prevent policy routing of traffic addressed  to the MSFC,  configure PBR ACLs to deny traffic addressed to the MSFC.

This means that the packet destined to the router itself should not be part of PBR. MSFC is the routing engine and the Ip address that is hosted on the router itself should not be matched by PBR. PBR is good for transit traffic.


Any  options in Cisco IOS ACLs that provide filtering in a PBR route-map  that would cause flows to be sent to the MSFC to be switched in software  are ignored. For example, logging is not supported in ACEs in Cisco IOS  ACLs that provide filtering in PBR route-maps.

If there are any options like 'log' keyword in ACL will be sent to CPU for central forwarding instead of hardware forwarding. Such options should not be included in PBR which will drop such packets and will not be software switched.

#
PBR  traffic through switching module ports where PBR is configured is  routed in software if the switching module resets. (CSCee92191)

This is just a release note of a bug and can be ignored if your IOS version is not affected by this bug.

Thanks,

Madhu

0 Helpful

Go to solution
carlo.galicia
Level 1
Level 1
In response to mtsb

‎01-07-2014 09:41 PM

thanks again, Madhu.

0 Helpful

Go to solution
mtsb
Level 1
Level 1
In response to carlo.galicia

‎01-07-2014 10:57 PM

Hi Carlo,

Just FYI, after configing PBR you can verify it with "show ip policy" and "show tcam interface Gix/y acl in ip" which will tell you what traffic will be policy routes, what will be sent to cpu for software switching, what follows normal hw switching etc.

test-76#show tcam interface gigabitEthernet 3/6 acl in ip       

* Global Defaults not shared

Entries from Bank 0

Entries from Bank 1

    policy-route ip host 10.1.1.1 host 20.1.1.1

    permit       ip any any

test-76#

if you see a 'punt' entry for an supposed to be pbr then its a problem.

Please mark answered if your queries are answered!

Thanks,

Madhu

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card