01-30-2007 08:39 AM - edited 03-05-2019 02:04 PM
Hello,
I currently have a 3560 connecting 9 different networks with about 500 machines. I have four dsl lines connected to it and I'm using pbr to route certain network to certain dsl lines. The problem is when I transfer a large file from network x to network x the way I have the pbr setup is hogging the cpu. Sometimes I see up to 90% cpu utilization on the switch. Here is an example of the access list and the route-map that I have setup:
ip access-list extended inet
deny ip any 192.168.0.0 0.0.255.255
deny ip any 10.50.0.0 0.0.255.255
deny ip any 10.51.0.0 0.0.255.255
deny ip any 10.90.0.0 0.0.255.255
permit ip any any
ip access-list extended inet-wiband
deny ip any 192.168.0.0 0.0.255.255
deny ip any 10.50.0.0 0.0.255.255
deny ip any 10.51.0.0 0.0.255.255
permit ip host 192.168.25.3 any
ip access-list extended servers
deny ip any 192.168.0.0 0.0.255.255
deny ip any 10.50.0.0 0.0.255.255
deny ip any 10.51.0.0 0.0.255.255
permit ip host 192.168.25.10 any
permit ip host 192.168.25.11 any
ip access-list extended techncmail
deny ip any 192.168.0.0 0.0.255.255
deny ip any 10.50.0.0 0.0.255.255
deny ip any 10.51.0.0 0.0.255.255
permit ip host 192.168.25.25 any
!
route-map swinet permit 10
match ip address inet
set ip next-hop 10.51.6.4
!
route-map do-inet permit 10
match ip address inet
set ip next-hop 10.51.2.2
!
route-map dsl03 permit 10
match ip address inet
set ip next-hop 10.51.3.2
!
route-map dsl02 permit 10
match ip address inet
set ip next-hop 10.51.2.2
!
route-map dsl01 permit 6
match ip address inet-wiband
set ip next-hop 10.51.5.2
!
route-map dsl01 permit 8
match ip address techncmail
set ip next-hop 10.51.4.2
!
route-map dsl01 permit 9
match ip address servers
set ip next-hop 10.51.5.2
!
route-map dsl01 permit 10
match ip address inet
set ip next-hop 10.51.1.2
!
route-map dsl04 permit 5
match ip address techncmail
set ip next-hop 10.51.1.2
!
route-map dsl04 permit 10
match ip address inet
set ip next-hop 10.51.4.2
!
When I disable the pbr and do a file transfer the cpu utilization never goes over 10% and its much faster.
Is there a better way to do this so I don't use so much cpu power?
Should I use a router to do the pbr instead of the switch?
If so how I connect the router so I could accomplish the same task?
Which router should I use?
Thanks,
Dan.
01-30-2007 12:56 PM
Dan,
It totaqlly depends on the amount of traffic you are pushing through the 3560 switch and link utilization of DSL lines.One thing you can try is tuning the SDM template so that the switch can be optimized for PBR.The default template is the default desktop. Do a show sdm prefer and if your SDM template is default change it to "routing" template.You will have to reboot the switch in order to change the template,so do it in downtime.
Let me know if this helps..
tc,
Dev
01-31-2007 07:11 AM
Dev,
I had to change the sdm template initially because without changing it I could not do pbr routing. It is set to "desktop routing"
Each dsl line has 3mbit, but there is other traffic going through the switch as well because we have about 15 servers connected to it as well.
Should I be using a router to do the pbr instead?
Dan.
02-01-2007 02:20 PM
So if I did this:(see attached) Could I just set the default route on the 3560 to be the 2811 router, then route the source networks to the correct adsl via the router?
Would this configuration allow me to still maintain internal network connectivity and still be able to route different networks to different adsl routers and totally remove PBR on the 3560?
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: