HighSpeed Internet Router with Traffic Policing

Unanswered Question
Oct 20th, 2008

Looking for some feedback on a high-speed Internet configuration.

We have a customer that will have a 200meg internet connection (to start with) scaling to 400-500meg. They need traffic policing and full BGP routing.

We initially thought of the 3750Metro switch but this only has 128Meg of memory so Full BGP is out. We are now leaning towards a 7206-NPE2. We think this router will work fine in the 200meg range with policing but are unsure of its ability to scale to 400-500meg with policing. We're thinking we may have to front end it with a MetroE and let the metroE do the Policing at layer 2 and the 7200 do the routing.

Any thoughts on this configuration would be appreciated.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
konigl Tue, 10/21/2008 - 14:15

The router by itself should work fine.

I've got an older 7206VXR router with NPE-G1. It takes a 400 Mbps Internet feed from one ISP, and a 100 Mbps Internet feed from another. Full BGP routes on both connections: at this moment, 263,799 from the first one, and 263,990 from the second.

I use CAR to rate-limit my customers to their committed bandwidth rates, as their traffic crosses the boundaries of my network. I deal mostly with school districts.

Average CPU utilization during our busy time today was in the 30% range, with peaks into the 80% range. The router's using a total of 30% of its 1GByte of memory.

An NPE-G2 or equivalent (if you go with a 7201 router to save space) would probably handle the load even more comfortably.

For what it's worth, several neighboring Intermediate Units have opted for the newer ASR1002 router, to connect to the statewide network while maintaining high-speed connections with their existing ISPs. The ASRs were chosen because they have more processing power than the 7200-series routers. These IUs anticipate dealing with multiple Gigabit Ethernet links at full capacity. (I'm using my Catalyst 6509 switch with Supervisor 720-3BXL for that.)

Hope this helps.

jrhofman Tue, 10/21/2008 - 17:56

You feedback is greatly appreciated. I had a discussion with Cisco today and they were concerned with the 7206-NPE2. Howver, they could not sight any real world experience.

They had recommended a 6503 with a sup270. Anyway good to hear youe feedback. ASRs are a bit spendy if I recall.

I will have a discussion with the customer on their options.

Thanks again....

konigl Wed, 10/22/2008 - 14:38

Keep in mind that if your customers wants to go with the 6503 with Sup720 and they want to do full BGP routes, they need to have 1GB of memory on board these days. 512MB won't be enough.

I started out with a Sup720-3B which had 512MB. One day I started getting TCAM error messages in the log.

I researched the errors and found I was running out of space for IPv4 routes. The short-term fix was to tweak the memory allocation using "mls cef maximum-routes ip 239" and reboot, maximizing what was available for IPv4.

Eventually the TCAM errors returned. Upgrading to a -3BXL PFC with 1GB took care of the problem. Maximum-routes for IP defaults to 512K now, and can be increased to 1007K if needed.

Joseph W. Doherty Wed, 10/22/2008 - 16:29

I've seen a NPE-G1 handle a busy Internet OC-3 (155 Mbps) with ease. Haven't used policing on it but have use CBWFQ and shaping.

Also worked with NPE-G2, with busy private OC-3 and complex CBWFQ. It, as expected, offered more performance than the G1 and had lots of CPU left.

Hitting 500 Mbps on G2, from its specs, should be possible, provided you're not working with all minimum sized packets.

A "dark horse" router you might consider would be a 7304 using the NSE-150. I've also seen the 7304 with the NSE-100 carry the about the same load as a NPE-G1 with less CPU load. Both the NSE-100 and 150 are rated at 3.5 Mpps or about 4 Gbps duplex when using the PXF. The NSE-150 offers almost 2x the non-PXF performance of the NSE-100.


This Discussion