I got the problem in customer network. The requirement is :
1. to service private ip subscriber with more than 40Gbps traffic.
2. i only got 1 ASR9010 router with 4 ISM module
3. each ISM module handling 14Gbps NAT translation of my private subscriber.
What is the best recommendation configuration for this ?
Can we bundled all the service cng into 4 active ISM module ?
Can we create one big subscriber private ip on service app1 and one big public pool on serviceapp2 that will be served by ISM module 1, ISM module 2, ISM module 3, ISM module 4 ?
We doesn't want the pool/service app configured per assigned one ISM module, can it be done ?
Another question, if from serviceapp1 from subscriber private ip, there are public subscriber ip, can we exclude the subscriber public ip not getting translated on the ISM/serviceapp1 ?
Thanks a lot,
We want to ask about ISM scalability issue. The issue are :
1. Each ISM handling 14Gbps of NAT translation.
2. We want to install 6 ISM module to handle 80Gbps NAT traffic from subs.
3. We only have one big bundled interface on the ASR router to the subscriber.
the diagram :
subscriber --- (gateway router) --- (ASR NAT router) --- internet
each link is 80Gig traffic.
(The gateway router) send all 0.0.0.0/0 traffic to (ASR NAT router)
(The gateway router) have bundled-ether(8 TenGElink) interface to (ASR NAT router)
(The gateway router) doesn't have capability to sort/classify/choose which customer ip goes to which interface to internet because of 0.0.0.0/0 to (ASR NAT router)
What is the solution for this, so that (ASR NAT router) can :
1. Can utilize all the ISM prefered active module for all subs.
2. Can have only one big insidevrf assigned to bundle-ether (8 TenGE link). And this one big insidevrf applied to all 6 ISM module.
3. Can use the same insidevrf name for each of all servicecgn that assigned to each of all 6 ISM module.
4. Can use different insidevrf name for each of 6 ISM servicecgn. But the different insidevrf share the same private IP pool from bundle-ether, but different public map pool. (because gateway router only sending 0.0.0.0/0 to ASR NAT and cannot do which subs pool goes to which interface to ASR NAT using route-map/set next hop).
5. Can the ISM module be bundled in one servicecgn. And all NAT process is spreading accross 6 module, and from customer via gateway with default gateway without doing the ACL to specify source of customer pool go to specific interface to get associated with unique vrf that get assigned to specific which ISM doing the nat work. But instead one big bundled of 6 ISM to 1 ISM processing NAT.
So in bundle-ether, we can configure in global vrf, and using ABF to set nexthop on 6 vrf to 6 ISM.
I'm affraid about the process load on the router. I mean, we only got the RSP4, and who is doing the ABF, is it ISM or RSP4 ?
Can the router doing the ABF for 6 ISM, and handling 80Gbps traffic in from subscriber ?
you are right: different inside-VRFs and the ABF next-hop will point to the serviceApp interfaces in these inside-VRFs.
The ABF (like every feature applied on interface) will have the same impact than an ACL.
This performance impact of using ABF will be present at the Typhoon NPU ASICs of the line card, not the RSP440 nor the ISM board.
It's usually minimal and not a matter of concern.
More, the impact will be the same, regardless of the number of entries in your ACL.
The only important limitation to consider with ABF is that it only work on IPv4 traffic and not MPLS, so if the traffic is labeled when received on the interface, packets are not matched (and in that case some other tricks may be needed).
Lets says, there will be 6-12 ACL statement / ABF to each of 6 inside vrf assigned to the ISM.
Does it has troughput impact on linecard MOD-80TR ? is the processor resource increase significantly / traffic throughput get decreased ?
Thanks a lot,
Budi, ISM-100 needs 2 pair of ServiceApp for maximum throughput.
One pair of ServiceApp can process no more then 1,5 Mpps in each direction.
So, you need 12 VRF (24 ServiceApp) to achieve 90Gbps full-duplex on 6 ISM card with packet size 700 byte.
Also, for failover reason, access list in ABF must be created with multiple nexthops to VRFs belonging to different ISM-100 cards.