[c-nsp] Redirects / hair-pinning traffic vs. performance
Peter Rathlev
peter at rathlev.dk
Wed Jun 17 20:01:01 EDT 2009
Hi,
I have the need to introduce some PBR to solve a hopefully temporary
problem. Some of the traffic being routed will leave the same interface
as it arrives on.
My worry is if this would have any performance impact the traffic
arrives on and leaves from the same interface. I could imagine that some
forwarding implementations might penalize this scenario.
The PBR will be performed by two 3560s running IP Services and with HSRP
configuration on all interfaces. It should do PBR in hardware (we're not
using VRF Lite here) but is this also the case for traffic hair-pinning
like this?
To elaborate on the plan:
+---+ +---+
| X |---- ----| Y |
+---+ \ / +---+
\ /
\ /
+---------+
| PBR |
+---------+
|
|
+---+
| Z |
+----
The Z<->PBR and PBR<->Y interfaces are members of the same VLAN. The
PBR<->X interface will be in another VLAN.
Traffic from Z currently uses Y as gateway. I need to route some traffic
(based on a policy map) to X instead. Since I have little control over Y
(upstream Internet), and since Z relies on keeping it's current
interface address (it's an ASA using this interface address for VPN
identity) I can't split them.
The plan was to introduce the 3560 in the same subnet and then let Z's
default route be PBR instead of Y. Based on the policy map PBR will
either forward to Y (on the same interface) or X. To assure correct
policy routing I'd of course have to disable sending redirects.
(The "right" solution IMHO would be allocating a new subnet for PBR<->Y
and coordinate this with our upstream, but lack of both time and
cluefulness means that this will have to be some other time.)
Regards,
Peter
More information about the cisco-nsp
mailing list