- Community Home
- >
- Networking
- >
- Switching and Routing
- >
- Comware Based
- >
- Re: A5500 EI / 5900AF - Policy Based Routing PBR h...
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-04-2014 03:46 AM
06-04-2014 03:46 AM
A5500 EI / 5900AF - Policy Based Routing PBR hardware? speed? similar to Cisco CEF?
Hi all and thanks for taking the time to read this.
I am looking after the routing for 3 companies that have recently merged. all 3 companies have 1 range that conflicts with each other (lets call it 10.1.0.0/24 that all companies run but seperatley) but 75% of the IP ranges are compatible and routable. so right now, any non-conflicting range can talk to any other non-conflicting range in any company (and where needed conflicts are handled with NAT's or /32 routes where possible).
however....
we are merging into a single mpls cloud and for branches of one company to efficiently talk to one of the branches in one of the other companies (without being routed up/down a single DC) i need to start looking at policy based routing (pbr) and VRF's (vpn instance in the h3c/hp tongue). i.e. if source/dest = conflict IP range, then i route only to the "DC of that particular company" and if source/dest = compatible IP range, then i route to global VRF allowing that site to talk directly with another site.
getting to the point....
I have HP A5500's (EI) and HP 5900 AF at my disposal both of which can do PBR (and vpn instance if necessary).
Questions:
1. Can these devices do PBR at hardware speed (i.e. like the cisco 3750 can do it on its CEF asic (with limitiations)) or is it done in software (killing cpu).
2. Two of the companies are currently linked with a dark fibre 10gbit point to point... if i was to use PBR on either of the above devices, do you think it would keep up... i.e. would the "normal" routed ranges still get 10gbit, while PBR ranges less? or do you think the whole switch would have less PPS routing speed in general. think i might get a few gbit/s out of it? i cannot find any PBR stat's on any data sheet....only normal forwarding speeds.
3. the 3750 (cisco) is limited in the fact it cannot do PBR on interfaces that are joined to a VRF instance. is this the case on the HP models above?
4. do you think that VRF/VPN instances with route leakage between VRF's is better than PolicyBasedRouting? speed wise? or just technically. - is route leakage possible on these devices and again, what would the speeds be like. the route leakage would be necessary as obviously the comapnies "non conflicting" ranges would still want to talk to each other (keeping the conflicting ranges inside each companies VRF).
I could upload a load of diagrams, but all im after is a bit of advice in general and more importantly if anyone has any experience with speeds from this (considering i will be hooking up some of these devices at 10gbit).
many thanks for reading
Network Chap.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-04-2014 08:08 AM
06-04-2014 08:08 AM
Re: A5500 EI / 5900AF - Policy Based Routing PBR hardware? speed? similar to Cisco CEF?
Hi ajkett
PBR is implemented in Hardware as well as VRF/VPN-Instance on 5500 and 5900. I have different installations with PBR and VPN-Instances and never experienced a performance impact.
But one question: You overlaping ip ranges in the branches and want to deside the way to the DC with PBR. Okay ... but how do you control the traffic back from the DC to overlaping ranges?
br
Manuel
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-04-2014 08:23 AM
06-04-2014 08:23 AM
Re: A5500 EI / 5900AF - Policy Based Routing PBR hardware? speed? similar to Cisco CEF?
Hi Manuel,
thanks for your quick response.
the branches fortunately, do not overlap.. all the IP conflicts are at the DC(s). so i can route traffic from the branches into the global VRF and if it doesnt find its destination (i.e. something that conflicts) it would hit the statically set default gateway at each site and that gateway would point to a seoncd vrf at the same site aka "a specific company VRF" which would contain the routes to the conflicting subnets.
i.e. if the destination IP is not conflicting, then route to it directly job done. But if the destination is conflicting, then it ends up searching the 2nd vrf on site after failing to find the route in the global VRF and basically the 2nd vrf would point them to the DC in question.
that does mean i have to label each branch as a "company 1" or "company 2" site so each branch gets the correct secondary VRF relating to them. it also means conflicts will never talk to conflicts.. however, that is the case right now.
so branches wouldnt need pbr routes as their source address is always good.
When you say you have no performance inpact.. do you have gbit speed links? my company has many 1gbit and some 10gbit links that i would need to consider. what sort of speeds do you send over your PBR's?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-06-2014 03:55 AM
06-06-2014 03:55 AM