Which hardware to do PBR Routing

Unanswered Question
Jan 30th, 2007

Hello,

I currently have a 3560 connecting 9 different networks with about 500 machines. I have four dsl lines connected to it and I'm using pbr to route certain network to certain dsl lines. The problem is when I transfer a large file from network x to network x the way I have the pbr setup is hogging the cpu. Sometimes I see up to 90% cpu utilization on the switch. Here is an example of the access list and the route-map that I have setup:

ip access-list extended inet

deny ip any 192.168.0.0 0.0.255.255

deny ip any 10.50.0.0 0.0.255.255

deny ip any 10.51.0.0 0.0.255.255

deny ip any 10.90.0.0 0.0.255.255

permit ip any any

ip access-list extended inet-wiband

deny ip any 192.168.0.0 0.0.255.255

deny ip any 10.50.0.0 0.0.255.255

deny ip any 10.51.0.0 0.0.255.255

permit ip host 192.168.25.3 any

ip access-list extended servers

deny ip any 192.168.0.0 0.0.255.255

deny ip any 10.50.0.0 0.0.255.255

deny ip any 10.51.0.0 0.0.255.255

permit ip host 192.168.25.10 any

permit ip host 192.168.25.11 any

ip access-list extended techncmail

deny ip any 192.168.0.0 0.0.255.255

deny ip any 10.50.0.0 0.0.255.255

deny ip any 10.51.0.0 0.0.255.255

permit ip host 192.168.25.25 any

!

route-map swinet permit 10

match ip address inet

set ip next-hop 10.51.6.4

!

route-map do-inet permit 10

match ip address inet

set ip next-hop 10.51.2.2

!

route-map dsl03 permit 10

match ip address inet

set ip next-hop 10.51.3.2

!

route-map dsl02 permit 10

match ip address inet

set ip next-hop 10.51.2.2

!

route-map dsl01 permit 6

match ip address inet-wiband

set ip next-hop 10.51.5.2

!

route-map dsl01 permit 8

match ip address techncmail

set ip next-hop 10.51.4.2

!

route-map dsl01 permit 9

match ip address servers

set ip next-hop 10.51.5.2

!

route-map dsl01 permit 10

match ip address inet

set ip next-hop 10.51.1.2

!

route-map dsl04 permit 5

match ip address techncmail

set ip next-hop 10.51.1.2

!

route-map dsl04 permit 10

match ip address inet

set ip next-hop 10.51.4.2

!

When I disable the pbr and do a file transfer the cpu utilization never goes over 10% and its much faster.

Is there a better way to do this so I don't use so much cpu power?

Should I use a router to do the pbr instead of the switch?

If so how I connect the router so I could accomplish the same task?

Which router should I use?

Thanks,

Dan.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
devsharma Tue, 01/30/2007 - 12:56

Dan,

It totaqlly depends on the amount of traffic you are pushing through the 3560 switch and link utilization of DSL lines.One thing you can try is tuning the SDM template so that the switch can be optimized for PBR.The default template is the default desktop. Do a show sdm prefer and if your SDM template is default change it to "routing" template.You will have to reboot the switch in order to change the template,so do it in downtime.

Let me know if this helps..

tc,

Dev

danletkeman Wed, 01/31/2007 - 07:11

Dev,

I had to change the sdm template initially because without changing it I could not do pbr routing. It is set to "desktop routing"

Each dsl line has 3mbit, but there is other traffic going through the switch as well because we have about 15 servers connected to it as well.

Should I be using a router to do the pbr instead?

Dan.

danletkeman Thu, 02/01/2007 - 14:20

So if I did this:(see attached) Could I just set the default route on the 3560 to be the 2811 router, then route the source networks to the correct adsl via the router?

Would this configuration allow me to still maintain internal network connectivity and still be able to route different networks to different adsl routers and totally remove PBR on the 3560?

Actions

This Discussion