interface Loopback xx executed by Routeprocessor(software) ? (sup720/6500)
Currently we use policy routing and ip nat inside/outside on the sub720/msfc in our 6509.
In the lab i tried with our test-6509 to separate the policy routing and nat by using a Loopback interface. That concept/test functional works, but doesn't perform at all.
the old method for reference i mesured 750Mbps througput (with netperf/2 labtops), both ways, but when using a Loopback interface, only 22Mbps.
The route processor is fully loaded then: #show proc cpu sorted CPU utilization for five seconds: 99%/65%; one minute: 33%; five minutes: 14% PID Runtime(ms) Invoked uSecs 5Sec 1Min 5Min TTY Process 124 37792 25781 1465 29.43% 10.04% 3.14% 0 IP Input 6 30908 2533 12202 2.95% 0.37% 0.24% 0 Check heaps 282 76780 626284 122 1.51% 0.45% 0.42% 0 Port manager per 46 14296 12527 1141 0.39% 0.18% 0.05% 1 SSH Process 223 17128 18359 932 0.23% 0.03% 0.00% 2 SSH Process <snip>
My questions: -Is a Loopback interface executed in hardware or software? -Can a loopback execture NAT/policy routing in hardware? -Has anybody some performance number of using a Loopback interface? -Is a Loopback designed for running production traffic?
Thanks for reading, and thanks in advance
! Loopback 901 and Vlan 901 are a nat inside/outside combi ! int Loopback901 description dedicated NAT nat interface with interface vlan901 ip address 184.108.40.206 255.255.255.252 no ip proxy-arp ip nat outside ! send traffic to right next hop ip policy route-map sourcepbr end ! ! interface Vlan901 description Internal Interface ip address 172.16.15.253 255.255.255.0 no ip proxy-arp ip nat inside ! send traffic to Loopback 901 ip policy route-map natpbr ! ! interface Vlan889 description External Interface ip address 220.127.116.11 255.255.255.224 no ip proxy-arp ! ! used in sourcepbr ip access-list extended businesssource remark Use for defining Business Source for route-map sourcepbr permit ip 18.104.22.168 0.0.7.255 any ! used in sourcepbr ip access-list extended consumersource remark Use for defining Consumer Source for route-map sourcepbr permit ip 22.214.171.124 0.0.7.255 any ! ! used in destpbr ip access-list extended businessdest remark Use for defining Business Dest for route-map destpbr permit ip any 126.96.36.199 0.0.7.255 ! used in destpbr ip access-list extended consumerdest remark Use for defining Consumer Dest for route-map destpbr permit ip any 188.8.131.52 0.0.7.255 ! route-map sourcepbr 10 description Business match ip address businesssource set ip next-hop 184.108.40.206 ! route-map sourcepbr 20 description Consumer match ip address consumersource set ip next-hop 220.127.116.11 ! ! route to inside ip route 18.104.22.168 255.255.240.0 172.16.15.1 ! route-map natpbr permit 10 description Old .. not using Loopback 901 performs well match ip address tele2pbr set ip next-hop 172.16.16.251 ! ! route-map natpbr permit 20 description new Loopback901 NAT PBR match ip address loopback901insidetooutside set ip next-hop 22.214.171.124 ! ip access-list extended loopback901insidetooutside deny ip host 126.96.36.199 any deny ip any host 188.8.131.52 deny ip any host 172.16.20.241 deny ip any host 172.16.20.253 permit ip 184.108.40.206 0.0.15.255 any remark Business permit ip 10.110.0.0 0.0.255.255 any remark Consumer permit ip 10.111.0.0 0.0.255.255 any !
Re: interface Loopback xx executed by Routeprocessor(software) ?
>> My questions: -Is a Loopback interface executed in hardware or software? -Can a loopback execture NAT/policy routing in hardware? -Has anybody some performance number of using a Loopback interface? -Is a Loopback designed for running production traffic?
a loopback interface is a logical interface that allows to have an always-on interface until the node is alive and it is useful for routing protocols to create a consistent router-id that represents the node.
Clearly no HW resources are associated to a loopback interface being a logical interface
As stated above a loopback interface is useful for routing protocols and other signalling protocols and it should not be used as NAT interface.
A possible use of a loopback interface is as a place holder to announce the IP subnet equivalent of a NAT pool in a routing protocol.
You should move ip nat outside command to vlan 901 and you should consider if PBR is needed or not
Introduction This article will help you understand the steps on how to
download the UCS licenses from the Cisco Systems website and then
installing it on the UCS. The redacted (blue lines) just covers up
certain numbers for privacy please do not take them...
Introduction This article will help you understand and educate the
customer on how to clear their "expired licenses"
(license-graceperiod-expired) from their UCS-M. If a customer just
purchased a license and needs a step by step guide on how to download
==================== VIC FNIC driver does not support Virtual Volumes (
second level LUN ID ) An enhancement request has been created to track
this feature - CSCux64473 UPDATE - 12-14-2016 We made some traction on
the enhancement request - The Fix is in t...