interface Loopback xx executed by Routeprocessor(software) ? (sup720/6500)

Unanswered Question
Apr 23rd, 2010

Hello all,

Currently we use policy routing and ip nat inside/outside on the sub720/msfc
in our 6509.

In the lab i tried with our test-6509 to separate the policy routing and nat
by using a Loopback interface.
That concept/test functional works, but doesn't perform at all.

the old method for reference i mesured 750Mbps througput (with netperf/2 labtops), both ways, but
when using a Loopback interface, only   22Mbps.

The route processor is fully loaded then:
#show proc cpu  sorted
CPU utilization for five seconds: 99%/65%; one minute: 33%; five minutes: 14%
PID Runtime(ms)   Invoked      uSecs   5Sec   1Min   5Min TTY Process
124       37792     25781       1465 29.43% 10.04%  3.14%   0 IP Input        
   6       30908      2533      12202  2.95%  0.37%  0.24%   0 Check heaps     
282       76780    626284        122  1.51%  0.45%  0.42%   0 Port manager per
  46       14296     12527       1141  0.39%  0.18%  0.05%   1 SSH Process     
223       17128     18359        932  0.23%  0.03%  0.00%   2 SSH Process     
<snip>


My questions:
-Is a Loopback interface executed in hardware or software?
-Can a loopback execture NAT/policy routing in hardware?
-Has anybody some performance number of using a Loopback interface?
-Is a Loopback designed for running production traffic?

Thanks for reading, and thanks in advance

Arjan Filius

Saasplaza


Details below:

!  Loopback 901 and Vlan 901 are a nat inside/outside combi
!
int Loopback901
  description dedicated NAT nat interface with interface vlan901
  ip address 109.72.176.65 255.255.255.252
  no ip proxy-arp
  ip nat outside
  ! send traffic to right next hop
  ip policy route-map sourcepbr
end
!
!
interface Vlan901
description Internal Interface
ip address 172.16.15.253 255.255.255.0
no ip proxy-arp
ip nat inside
! send traffic to Loopback 901
ip policy route-map natpbr
!
!
interface Vlan889
description External Interface
ip address 109.72.176.2 255.255.255.224
no ip proxy-arp
!
! used in sourcepbr
ip access-list extended businesssource
remark Use for defining Business Source for route-map sourcepbr
permit ip 109.72.176.0 0.0.7.255 any
! used in sourcepbr
ip access-list extended consumersource
remark Use for defining Consumer Source for route-map sourcepbr
permit ip 109.72.184.0 0.0.7.255 any
!
! used in destpbr
ip access-list extended businessdest
remark Use for defining Business Dest for route-map destpbr
permit ip any 109.72.176.0 0.0.7.255
! used in destpbr
ip access-list extended consumerdest
remark Use for defining Consumer Dest for route-map destpbr
permit ip any 109.72.184.0 0.0.7.255
!
route-map sourcepbr 10
description Business
match ip address businesssource
set ip next-hop 109.72.176.4
!
route-map sourcepbr 20
description Consumer
match ip address consumersource
set ip next-hop 109.72.176.6
!
! route to inside
ip route 109.72.176.0 255.255.240.0 172.16.15.1
!
route-map natpbr permit 10
description Old .. not using Loopback 901  performs well
match ip address tele2pbr
set ip next-hop 172.16.16.251
!
!
route-map natpbr permit 20
description new Loopback901 NAT PBR
match ip address loopback901insidetooutside
set ip next-hop 109.72.176.66
!
ip access-list extended loopback901insidetooutside
deny   ip host 193.172.126.230 any
deny   ip any host 193.172.126.230
deny   ip any host 172.16.20.241
deny   ip any host 172.16.20.253
permit ip 109.72.176.0 0.0.15.255 any
remark Business
permit ip 10.110.0.0 0.0.255.255 any
remark Consumer
permit ip 10.111.0.0 0.0.255.255 any
!

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Giuseppe Larosa Tue, 04/27/2010 - 02:52

Hello Arjan,

>> My questions:
-Is a Loopback interface executed in hardware or  software?
-Can a loopback execture NAT/policy routing in hardware?
-Has  anybody some performance number of using a Loopback interface?
-Is a  Loopback designed for running production traffic?

a loopback interface is a logical interface that allows to have an always-on interface until the node is alive and it is useful for routing protocols to create a consistent router-id that represents the node.

Clearly no HW resources are associated to a loopback interface being a logical interface

As stated above a loopback interface is useful for routing  protocols and other signalling protocols and it should not be used as NAT interface.

A possible use of a loopback interface is as a place holder to announce the IP subnet equivalent of a NAT pool in a routing protocol.

You should move ip nat outside command to vlan 901 and you should consider if PBR is needed or not

Hope to help

Giuseppe

Actions

This Discussion

Related Content