Hans-Werner Braun, 25 March 2008
I started to implement Policy Based Routing in the network, largely driven by the OC3-capacity Harris radios only using dual-100BT ecternal interfaces, which can be segregated into separate channels. Initially I wanted it DSCP-based, utilizing the already implemented QoS component of DSCP-tagging everything on access links, and trusting DSCP values within the backbone. I implemented a 55/100Mbps bandwidth split across the two channels of the Harris radios (Configuration<tributary<EthernetPorts 1:35xDS1 2:65xDS1), and configured bandwidth parameters corresponding to the actual channel bandwidth in the routers, so EIGRP path reflect actual capacity. In a test, this got me about 93+Mbps on the high-speed path for MW-<NP. I was planning to move the top two DSCP values onto the 100Mbps path, and the other two DSCP values onto the 55Mbps path.
However, thinking further about this prior to the implementation, I realized that DSCP-based PBR is not really feasible, since it describes the wrong context, as the forwarding decisions are not IP based, making such a method applicable only to very simple topologies. After getting some advise from Monika ("if you want to put Palomar onto a separate channel, why don't you just do *that*?"), I created a much simpler approach of letting the main traffic go over the 100Mbps path, and data from Palomar to odata2 (Palomar's data cache/server at SDSC), as well as odata2 to Palomar, basically having the dedicated 55Mbps channel. That also solves another problem with my earlier method, where now the aggregation of Palomar traffic can exceed 100Mbps towards full OC3-capacity.
For each of the two channels, the routers will still follow the QoS selection of one of their four queues, based on the DSCP values that are tagging the packets since their entry into HPWREN. See 20070715 for details.
Configuration details:
MPO: ---- no ip access-list extended F-MPO-al ip access-list extended F-MPO-al permit ip any host 198.202.124.18 deny ip any any route-map F-MPO-rm permit 10 match ip address F-MPO-al set ip next-hop 172.16.32.185 interface Vlan800 ip policy route-map F-MPO-rm ---- n/a ---- NP: ---- no ip access-list extended F-MPO-al ip access-list extended F-MPO-al permit ip any host 198.202.124.18 deny ip any any route-map F-MPO-rm permit 10 match ip address F-MPO-al set ip next-hop 172.16.32.169 interface fa0/7 ip policy route-map F-MPO-rm ---- no ip access-list extended T-MPO-al ip access-list extended T-MPO-al permit ip host 198.202.124.18 any permit ip host 172.16.193.22 any deny ip any any route-map T-MPO-rm permit 10 match ip address T-MPO-al set ip next-hop 172.16.32.186 interface fa0/2 ip policy route-map T-MPO-rm ---- MW: ---- no ip access-list extended F-MPO-al ip access-list extended F-MPO-al permit ip any host 198.202.124.18 deny ip any any route-map F-MPO-rm permit 10 match ip address F-MPO-al set ip next-hop 172.16.32.153 interface fa0/8 ip policy route-map F-MPO-rm ip policy route-map F-MPO-rm ---- no ip access-list extended T-MPO-al ip access-list extended T-MPO-al permit ip host 198.202.124.18 any permit ip host 172.16.193.22 any deny ip any any route-map T-MPO-rm permit 10 match ip address T-MPO-al set ip next-hop 172.16.32.170 interface fa0/7 ip policy route-map T-MPO-rm ---- UCSD: ---- n/a ---- no ip access-list extended T-MPO-al ip access-list extended T-MPO-al permit ip host 198.202.124.18 any permit ip host 172.16.193.22 any deny ip any any route-map T-MPO-rm permit 10 match ip address T-MPO-al set ip next-hop 172.16.32.154 interface g0/2 ip policy route-map T-MPO-rm interface vlan800 ip policy route-map T-MPO-rm ----