Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1130
Views
5
Helpful
6
Replies

Impact of PBR on a Layer 3 Switch.

Carlosperez1601
Level 1
Level 1

‎04-12-2019 08:27 AM - edited ‎04-12-2019 09:18 AM

Hello Experts, 

 

I want to implement PBR on two VLANs of our L3 Switch and I need to know if that goes to have a huge impact in the perfomance of the Switch. Also I want to know if the PBR affects all the traffic of the VLANs or just impact the packets that match with the route map?

 

It's a very simple configuration to force a path to a specific destination for those users. Each Vlan handles approximately 200 users. The L3 Switch is a Catalyst 4500 Series. 

 

Below an example of the configuration:

 

ip access-list extended ACL-TEST
permit ip 192.168.52.0 0.0.0.255 host 10.50.14.199

 

route-map RM-Test permit 10
match ip address ACL-TEST
set ip next-hop 172.23.30.38

 

interface Vlan11
ip address 192.168.52.1 255.255.255.0
ip policy route-map RM-Test
end

 

interface Vlan12
ip address 192.168.52.1 255.255.255.0
ip policy route-map RM-Test
end

Labels:
0 Helpful
6 Replies 6

Reza Sharifi
Hall of Fame
Hall of Fame

‎04-12-2019 08:58 AM

Hi,

The PBR should affect only the vlans/IPs that match the route-map.  

The L3 Switch is a Catalyst 4700 Series.

Is this 4500 series switch? if yes, it should not have much impact on the CPU especially if you have one of the newer model and sup.  Just to make sure there is no effect, after deploying it, I would monitor the CPU closely for a period of time.

HTH

0 Helpful

Carlosperez1601
Level 1
Level 1
In response to Reza Sharifi

‎04-12-2019 09:39 AM

You're right. It's a 4500 serie Switch.

 

I still have a doubt. The traffic of those vlans that doesn't match the ACL is proccess switching, fast switching or CEF. 

 

0 Helpful

Reza Sharifi
Hall of Fame
Hall of Fame
In response to Carlosperez1601

‎04-12-2019 10:31 AM

The vlans that don't match the ACL use default switching which is CEF.

Have a look at the 4500 document

 

The Forwarding Information Base (FIB) is a table that contains a copy of the forwarding information in the IP routing table. When routing or topology changes occur in the network, the route processor updates the IP routing table and CEF updates the FIB. Because there is a one-to-one correlation between FIB entries and routing table entries, the FIB contains all known routes and eliminates the need for route cache maintenance that is associated with switching paths, such as fast switching and optimum switching. CEF uses the FIB to make IP destination-based switching decisions and maintain next-hop address information based on the information in the IP routing table.

On the Catalyst 4500 series switches, CEF loads the FIB in to the Integrated Switching Engine hardware to increase the performance of forwarding. The Integrated Switching Engine has a finite number of forwarding slots for storing routing information. If this limit is exceeded, CEF is automatically disabled and all packets are forwarded in software. In this situation, you should reduce the number of routes on the switch and then reenable hardware switching with the ip cefcommand.

link:

https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst4500/12-2/31sg/configuration/guide/conf/cef.html

HTH

Carlosperez1601
Level 1
Level 1
In response to Reza Sharifi

‎04-12-2019 12:01 PM

Thanks Reza.

 

Maybe my question was wrong. My doubt is about the traffic that cross thru the interface where is applied the policy (interface Vlan 111). If that traffic doesn't match the ACL it continues using "CEF"?

 

For Example:

A traffic from the host 192.168.52.5 to the destination 10.50.50.5 would be proccess switched, fast switched or CEF?

 

Below the config:

ip access-list extended ACL-TEST
permit ip 192.168.52.0 0.0.0.255 host 10.50.14.199

 

route-map RM-Test permit 10
match ip address ACL-TEST
set ip next-hop 172.23.30.38

 

interface Vlan11
ip address 192.168.52.1 255.255.255.0
ip policy route-map RM-Test
end

 

0 Helpful

Reza Sharifi
Hall of Fame
Hall of Fame
In response to Carlosperez1601

‎04-12-2019 12:55 PM

It may depend on the version of the software you are running but here is what I see in this document on the 4500 series and PBR

Packets matching a PBR policy and specified with set interface and/or set default interface actions are software switched and forwarded at the CEF forwarding rate.

Link for more info:

https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst4500/12-2/53SG/configuration/config/pbroute.html

HTH

0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame

‎04-12-2019 09:25 AM

I do not see any issue, even that happens only for this ACL effect network, not all.

 

ip access-list extended ACL-TEST
permit ip 192.168.52.0 0.0.0.255 host 10.50.14.199

 

Put alert on your NMS Software if anything go up from the baseline to 20-30more send alerts so you can have look.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card