Comware Based
1748236 Members
3790 Online
108759 Solutions
New Discussion

Re: A5500 EI / 5900AF - Policy Based Routing PBR hardware? speed? similar to Cisco CEF?

 
ajkett
Frequent Visitor

A5500 EI / 5900AF - Policy Based Routing PBR hardware? speed? similar to Cisco CEF?

Hi all and thanks for taking the time to read this.

 

I am looking after the routing for 3 companies that have recently merged. all 3 companies have 1 range that conflicts with each other (lets call it 10.1.0.0/24 that all companies run but seperatley) but 75% of the IP ranges are compatible and routable. so right now, any non-conflicting range can talk to any other non-conflicting range in any company (and where needed conflicts are handled with NAT's or /32 routes where possible).

 

however....

we are merging into a single mpls cloud and for branches of one company to efficiently talk to one of the branches in one of the other companies (without being routed up/down a single DC) i need to start looking at policy based routing (pbr) and VRF's (vpn instance in the h3c/hp tongue). i.e. if source/dest = conflict IP range, then i route only to the "DC of that particular company" and if source/dest = compatible IP range, then i route to global VRF allowing that site to talk directly with another site.

 

getting to the point....

I have HP A5500's (EI) and HP 5900 AF at my disposal both of which can do PBR (and vpn instance if necessary).

Questions:

1. Can these devices do PBR at hardware speed (i.e. like the cisco 3750 can do it on its CEF asic (with limitiations)) or is it done in software (killing cpu).

 

2. Two of the companies are currently linked with a dark fibre 10gbit point to point... if i was to use PBR on either of the above devices, do you think it would keep up... i.e. would the "normal" routed ranges still get 10gbit, while PBR ranges less? or do you think the whole switch would have less PPS routing speed in general. think i might get a few gbit/s out of it? i cannot find any PBR stat's on any data sheet....only normal forwarding speeds.

 

3. the 3750 (cisco) is limited in the fact it cannot do PBR on interfaces that are joined to a VRF instance. is this the case on the HP models above? 

 

4. do you think that VRF/VPN instances with route leakage between VRF's is better than PolicyBasedRouting? speed wise? or just technically. - is route leakage possible on these devices and again, what would the speeds be like. the route leakage would be necessary as obviously the comapnies "non conflicting" ranges would still want to talk to each other (keeping the conflicting ranges inside each companies VRF).

 

I could upload a load of diagrams, but all im after is a bit of advice in general and more importantly if anyone has any experience with speeds from this (considering i will be hooking up some of these devices at 10gbit).

 

many thanks for reading

Network Chap.

 

 

3 REPLIES 3
manuel.bitzi
Trusted Contributor

Re: A5500 EI / 5900AF - Policy Based Routing PBR hardware? speed? similar to Cisco CEF?

Hi ajkett

 

PBR is implemented in Hardware as well as VRF/VPN-Instance on 5500 and 5900. I have different installations with PBR and VPN-Instances and never experienced a performance impact.

 

But one question: You overlaping ip ranges in the branches and want to deside the way to the DC with PBR. Okay ... but how do you control the traffic back from the DC to overlaping ranges?

 

br

Manuel

H3CSE, MASE Network Infrastructure [2011], Switzerland
ajkett
Frequent Visitor

Re: A5500 EI / 5900AF - Policy Based Routing PBR hardware? speed? similar to Cisco CEF?

Hi Manuel,

 

thanks for your quick response.

 

the branches fortunately, do not overlap.. all the IP conflicts are at the DC(s). so i can route traffic from the branches into the global VRF and if it doesnt find its destination (i.e. something that conflicts) it would hit the statically set default gateway at each site and that gateway would point to a seoncd vrf at the same site aka "a specific company VRF" which would contain the routes to the conflicting subnets.

 

i.e. if the destination IP is not conflicting, then route to it directly job done.  But if the destination is conflicting, then it ends up searching the 2nd vrf on site after failing to find the route in the global VRF and basically the 2nd vrf would point them to the DC in question.

 

that does mean i have to label each branch as a "company 1" or "company 2" site so each branch gets the correct secondary VRF relating to them. it also means conflicts will never talk to conflicts.. however, that is the case right now.

 

so branches wouldnt need pbr routes as their source address is always good.

 

 

 

When you say you have no performance inpact.. do you have gbit speed links? my company has many 1gbit and some 10gbit links that i would need to consider. what sort of speeds do you send over your PBR's?

Apachez-
Trusted Contributor

Re: A5500 EI / 5900AF - Policy Based Routing PBR hardware? speed? similar to Cisco CEF?

Perhaps time to introduce your company for IPv6 and use one /48 per site? :-)