Layer 2 port-channel flood

Hi all,
I was wondering if you may be able to help me, hopefully I will provide enough information.
The background to my problem is this. Every Tuesday morning around 10AM we were experiencing network slowdowns, after many weeks fault finding I have narrowed it down to two backup jobs and two vlans. These are quite substantial backup jobs each 100GB in size.
The servers that are being backed-up are behind an ISA server which is controlling the routing for the subnets that these servers use. The ISA servers are load balanced using Microsoft NLB. It is thought by our security expert that this is the best way to secure these servers.
On our core switch (6513) we have a static route pointing to these subnets and the vlans are defined. Here is the basic config of one of the vlans:-
interface Vlan121
 description DB vlan
 no ip address
 ip flow ingress
 ip flow egress
end
ip route 192.168.221.0 255.255.255.0 192.168.219.10
I have managed to stop the flooding going to the user switches by denying the 121 vlan on the port-channels. The issue is still apparent however on our top of rack switches (server switches). The reason for this is, there are servers that require vlan 121 on nearly every top of rack switch.
If anyone can recommend a solution to this problem other than limiting vlans, I would greatly appreciate it.
If you require any further information, please let me know.
Kind regards,
Jamie.

Hi Jon, let me see if I can answer your questions.
There are four VLANs that reside behind the ISA VLAN -121, 122, 123 and 124. Any traffic that requires access to these VLANs have to pass through the ISA because the ISA dcontrols all the routing for the subnets associated with these VLANs.
The server that we are backing up lives on a VLAN 124 and the actual backup server lives on a VLAN outside of the protected VLANs. For the sake of argument lets say that the backup server is shown as the PC on VLAN 156. 
When the 90GB backup is initiated, the traffic propagates to all trunk ports throughout the network. I see traffic running at 500Mbps and it can last for up to 20 hours.
I have managed to stop the flood to all the user switches by denying the VLANs stated above. The problem is, I can't deny those VLANs to other top of rack switches because there is at lease one server in each switch that requires one of the VLANs.
In a nutshell, when large amounts of traffic pass through VLAN 666 (ISA) we see it flood to all trunk ports. We think this could be due to the nature of MLB forming a virtual MAC address. The core doesn't know about the MAC address so it sends a unicast flood to find out where it is.
If you have any ideas please let me know.
J.

Similar Messages

  • Port channel as a layer 3 interface

    I have just inherited a very complex network and noticed in the config, for a cat-6513 with layer 3, the following:
    interface Port-channel34
    ip address 10.20.4.10 255.255.255.252
    What would be a rationale for making a port-channel a layer 3 port?
    thanks.

    in the case of a portChannel as an L3 entity, it allows for the added capacity/redundancy of the link as well as provides the layer 3 topology either wanted or in some instances, required, such as when you need to make a multilink connection to a router from your switch.
    or perhaps you have a routed core infrastructure created in your L3 environment and you wish to increase the capacity of the links between devices without using VTP/trunking.

  • N7K Port Channel Layer 3 VLAN Question

    I have 2 N7K switches and would like to connect them via port channel and put the channel in VLAN 101. I have the following config, does it make sense? Thanks in advance!
    interface eth 3/1
    switchport
    channel-group 101 mode active
    interface eth 3/2
    switchport
    channel-group 101 mode active
    interface port-channel 101
    switchport
    switchport mode access
    switchport access vlan 10
    spanning-tree network type edge
    interface vlan 10
    ip address 10.1.1.1/24

    Could be something like this in the both sides (if the port numbers match):
    conf t
    feature lacp
    feature interface-vlan
    interface eth 3/1
    switchport
    channel-group 101 mode active
    interface eth 3/2
    switchport
    channel-group 101 mode active
    interface port-channel 101
    switchport
    switchport mode access
    switchport access vlan 101
    spanning-tree port type network
    interface vlan 101
    ip address 10.1.1.1/24
    no shut
    end
    vlan 101
    end
    *(This ip address will be available in only one box, you can use a FHRP as well, to increase the level of reachability)

  • Right way of configuring higher MTU over a Port Channel

    Hi guys,
    I have a running critical Port-Channel between two locations.
    Here's the config
    SW1:
    interface Port-channel2
     switchport
     switchport trunk encapsulation dot1q
     switchport mode trunk
    end
    interface GigabitEthernet1/45
     switchport trunk encapsulation dot1q
     switchport mode trunk
     channel-protocol lacp
     channel-group 2 mode active
    end
    interface GigabitEthernet1/46
     switchport trunk encapsulation dot1q
     switchport mode trunk
     channel-protocol lacp
     channel-group 2 mode active
    end
    SW2
    interface GigabitEthernet1/1
     switchport trunk encapsulation dot1q
     switchport mode trunk
     channel-protocol lacp
     channel-group 2 mode passive
    end
    interface GigabitEthernet1/2
     switchport trunk encapsulation dot1q
     switchport mode trunk
     channel-protocol lacp
     channel-group 2 mode passive
    end
    interface Port-channel2
     switchport
     switchport trunk encapsulation dot1q
     switchport mode trunk
    end
    Now I need to increase the MTU from default value to 9198. What the right way to do it and avoid any connectivity loss, PortChannel restart.
    Does it matter what switch I start first?
    Thanks!
    L.E. both SW are WS-C4948

    Hi,
    Because you are using layer 2 interfaces - there is no fragmentation support at layer 2, and interfaces receiving frames which have an unsupported size will be dropped.
    I think the best way for you to proceed is to lab this up; and verify what happens - it may be that you need to make changes on switches at either end of the channel within a very short time frame to prevent too large an outage.
     When you are ready to maike your change - think the best way to do this is to use the interface range command, and apply the 'mtu' command to all the interfaces in this range. I don't think it matters which switch you apply this change to first, and I don't believe if you are hinting at the 802.3ad (controlled by system-priority) decision maker, that it makes any difference.
    HTH
    Mike

  • Interfaces in port-channel keep err-disabling because of keepalives

    Below is the current portchannel that I am having problems with.  The interfaces on Switch A keep going into an error disabled state because they receive their own loopback.  Cisco says to disable keepalives and that it will fix the problem, but I do not like the idea of disabling keepalives.  Has anyone found a solution other than disabling keepalives?  Notice that ios's are different, but am not convinced that this is the issue.  Also one is PoE and the other isn't.  Lastly, i found this article "Keepalives are sent on all interfaces by default in Cisco IOS Software Release 12.1EA-based software. In Cisco IOS Software Release 12.2SE-based software and later, keepalives are not sent by default on fiber and uplink interfaces".  I would think trunked interfaces in a port-channel would be uplink interfaces and if this is true, it should be sending out keepalives anyway since i am running the 12.2SE based ios.  Thanks for whatever input you may have.
    Switch A
    C3750E Boot Loader (C3750X-HBOOT-M) Version 12.2(53r)SE2, RELEASE SOFTWARE (fc1)
    System image file is "flash:/c3750e-universalk9-mz.122-55.SE3/c3750e-universalk9-mz.122-55.SE3.bin"
    cisco WS-C3750X-48P
    Port-channels in the group:
    Port-channel: Po52
    Age of the Port-channel   = 219d:04h:32m:49s
    Logical slot/port   = 10/39          Number of ports = 4
    GC                  = 0x00000000      HotStandBy port = null
    Port state          = Port-channel Ag-Inuse
    Protocol            =    -
    Port security       = Disabled
    Ports in the Port-channel:
    Index   Load   Port     EC state        No of bits
    ------+------+------+------------------+-----------
      0     00     Gi1/0/35 On                 0
      0     00     Gi1/0/36 On                 0
      0     00     Gi2/0/45 On                 0
      0     00     Gi2/0/46 On                 0
    %ETHCNTR-3-LOOP_BACK_DETECTED: Loop-back detected on GigabitEthernet1/0/35.
    %PM-4-ERR_DISABLE: loopback error detected on Gi1/0/35, putting Gi1/0/35 in err-disable state
    %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0/35, changed state to down
    %LINEPROTO-5-UPDOWN: Line protocol on Interface Port-channel39, changed state to down
    %LINK-3-UPDOWN: Interface Port-channel39, changed state to down
    Switch B
    C3750E Boot Loader (C3750X-HBOOT-M) Version 12.2(53r)SE2, RELEASE SOFTWARE (fc1)
    System image file is "flash:/c3750e-universalk9-mz.122-58.SE2/c3750e-universalk9-mz.122-58.SE2.bin"
    cisco WS-C3750X-48
    Port-channels in the group:
    Port-channel: Po52
    Age of the Port-channel   = 443d:18h:43m:06s
    Logical slot/port   = 10/39          Number of ports = 4
    GC                  = 0x00000000      HotStandBy port = null
    Port state          = Port-channel Ag-Inuse
    Protocol            =    -
    Port security       = Disabled
    Ports in the Port-channel:
    Index   Load   Port     EC state        No of bits
    ------+------+------+------------------+-----------
      0     00     Gi1/0/35 On                 0
      0     00     Gi1/0/36 On                 0
      0     00     Gi1/0/45 On                 0
      0     00     Gi1/0/46 On                 0

    PER CISCO
    Symptom:
    An interface on a Catalyst switch is errordisabled after detecting a loopback.
    Mar 7 03:20:40: %ETHCNTR-3-LOOP_BACK_DETECTED: Loop-back detected on
    GigabitEthernet0/2. The port is forced to linkdown.
    Mar 7 03:20:42: %LINK-5-CHANGED: Interface GigabitEthernet0/2, changed state
    to administratively down
    Mar 7 03:20:43: %LINEPROTO-5-UPDOWN: Line protocol on Interface
    GigabitEthernet0/2, changed state to down
    Conditions:
    This might be seen on a Catalyst 2940, 2950, 2950-LRE, 2955, 2970, 3550, 3560
    or 3750 switch running 12.1EA or 12.2SE based code.
    Workaround:
    Disable keepalives by using the no keepalive interface command. This
    will prevent the port from being errdisabled, but it does not resolve the root
    cause of the problem. Please see section below for more information.
    Additional Information:
    The problem occurs because the keepalive packet is looped back to the port that
    sent the keepalive. There is a loop in the network. Although disabling the
    keepalive will prevent the interface from being errdisabled, it will not remove
    the loop.
    The problem is aggravated if there are a large number of Topology Change
    Notifications on the network. When a switch receives a BPDU with the Topology
    Change bit set, the switch will fast age the MAC Address table. When this
    happens, the number of flooded packets increases because the MAC Address table
    is empty.

  • Sg300-28 port-channel options

    i have an sg300-28 running the latest firmware, and would like some insight on port-channel options.  below are the port configs i have for a LAG to my router.  i am currently using 802.3ad with LACP.  my router is a linux machine pulling duty as a basic (no dynamic routing) router, firewall and internet gateway.  the bonding options on the routers side explained at
    http://docs.fedoraproject.org/en-US/Fedora/16/html/System_Administrators_Guide/sec-Using_Channel_Bonding.html.  the mode is 4 or 802.3ad and the xmit_hash_policy is 2 or layer2+3.  i also have 2 servers setup in a similar fashion with 2 interfaces in a LAG.
    when i run a bandwidth test, iperf, between the two servers, i only get 900+ mbps which indicates that the GB ports are running fine.  this also indicates to me that the traffic is not being "striped" across the port-channeled interfaces, thereby giving me the aggregated bandwidth of all interfaces in the LAG.  i have found no options to use the balance-xor mode to create port-channels, which as i understand it, would aggregate the total bandwidth of all interfaces in the LAG.  is the sg300 capable of creating a LAG that will combine the throughput of all the members of the LAG?  for example, create a 2 GB pipe when 2 interfaces are port-channeled?  is the balance-xor mode what would do this (regardless of the sg300's ability to do this)
    interface gigabitethernet25
    description "Port Channel to Router"                
    channel-group 1 mode auto
    lldp notifications enable
    lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
    lldp management-address automatic
    interface gigabitethernet26
    description "Port Channel to Router"
    channel-group 1 mode auto
    lldp notifications enable
    lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
    lldp management-address automatic
    interface gigabitethernet27
    description "Port Channel to Router"
    channel-group 1 mode auto
    lldp notifications enable
    lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
    lldp management-address automatic
    interface gigabitethernet28
    description "Port Channel to Router"
    channel-group 1 mode auto                           
    lldp notifications enable
    lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
    lldp management-address automatic
    interface Port-channel1
    description "Port Channel to Router"
    switchport mode general
    switchport general allowed vlan add 2-3,25,37,50,52,253-255 tagged
    switchport general pvid 255

    Hi Brendan,
    You said "i only get 900+ mbps which indicates that the GB ports are running fine.  this also indicates to me that the traffic is not being "striped" across the port-channeled interfaces, thereby giving me the aggregated bandwidth of all interfaces in the LAG.  i have found no options to use the balance-xor mode to create port-channels, which as i understand it, would aggregate the total bandwidth of all interfaces in the LAG."
    As the Admin guide says on page 130, http://www.cisco.com/en/US/docs/switches/lan/csbms/sf30x_sg30x/administration_guide/78-19308-01.pdf
    Load Balancing
    Traffic forwarded to a LAG is load-balanced across the active member ports, thus achieving an effective bandwidth close to the aggregate bandwidth of all the active member ports of the LAG.
    Traffic load balancing over the active member ports of a LAG is managed by a hash-based distribution function that distributes Unicast and Multicast traffic based on Layer 2 or Layer 3 packet header information.
    The switch supports two modes of load balancing:
    By MAC Addresses—Based on the destination and source MAC addresses of all packets.
    By IP and MAC Addresses—Based on the destination and source IP addresses for IP packets, and destination and source MAC addresses for
    non-IP packets.
       So,  an IP host running running IPERF maybe checking unicast throughput between the two IP hosts.  There will be a Source and Desination IP address in that test.  The switch will direct the traffic over one of the LAG port members .  It wont Round robin the unicast traffic over multiple LAG ports, if the Source and Desination IP address of the traffic is the same.  .
    If the  PC  running IPerf,  had  another concurrent IPerf session to another or different IP host, the hash algorithm on the switch may direct that stream , maybe, over a different physical LAG interface.
    So your comment about  achieving  900+mbps  sounds normal   Yes LAG spreads the load, the benefit comes when lots of hosts on  both sides of the switches.
    You hay find with just two hosts on either side of a LAG, that the switch may run the traffic between two hosts over just one member of the LAG group.
    regards Dave

  • How to troubleshooting port channel in N7K

     i find N5K
    http://www.cisco.com/c/en/us/support/docs/switches/nexus-5000-series-switches/116199-technote-stp-00.html
    i notice distribution switch has root  guard block log
    does it mean that looping has occured yesterday?
    i use command below do not have yesterday record
    show spanning-tree internal event-history tree 1 brief | in "2015:03:15 10"
    first core is root switch
    now port channel shutdown in first core and use port channel in second core. How can i see which problem has occurred in port channel ?
    how to know which port has problem ?
    how to know which vlan caused the problem ?
    we notice one of access switch has lost config, will it affect the distribution layer switch?
    i remember that yesterday i just get log with filezilla after configure notebook same vlan and same network with the testing access switch

    Not sure if youre after the portchannel bandwidth or port-channel speed... If you really want to get an insight on the bandwidth usage, get SNMP on both sides, actively monitor the port channel and interfaces (real time by frequent polling)
    And you could get two endpoints @ 10 gb nics that are bundled, then 'thrash' the link, end to end. I use iperf, you could use big ftp transfers to test and see what performance is. You'll get the rate / speed in which the links are operating 'end to end'
    It may mean that the ports are @10gb full duplex, but the overall bandwidth is 20gb
    Sent from Cisco Technical Support iPhone App

  • FabricPath vPC port-channel err-disabled CE Vlan?

    I have a pair of Nexus 56128 configured with fabric path and vpc+. The Nexus pair has UCS connected downstream using vpc port-channels. When a Vlan is in mode fabricpath, it's ok for the vpc+ peer-link and the vpc port-channel to UCS. However when I changed the vlan to classic Ethernet, it's err-diabled in the vpc port-channels.
    Is this the normal behavior of fabric path domain? In other words, CE Vlans and fabric path Vlans cannot use the same Layer 2 path, correct?
    If I need to transport CE Vlans and fabric path Vlans from Nexus (fabric path vpc+) to UCS, I have to use a separate non-vpc port-channel for the CE Vlans between each Nexus and UCS?
    Thanks

    I have a pair of Nexus 56128 configured with fabric path and vpc+. The Nexus pair has UCS connected downstream using vpc port-channels. When a Vlan is in mode fabricpath, it's ok for the vpc+ peer-link and the vpc port-channel to UCS. However when I changed the vlan to classic Ethernet, it's err-diabled in the vpc port-channels.
    Is this the normal behavior of fabric path domain? In other words, CE Vlans and fabric path Vlans cannot use the same Layer 2 path, correct?
    If I need to transport CE Vlans and fabric path Vlans from Nexus (fabric path vpc+) to UCS, I have to use a separate non-vpc port-channel for the CE Vlans between each Nexus and UCS?
    Thanks

  • Stacking 3750s and Port Channel

    We're replacing legacy switches with 3750s in the coming months, and I have a question about stacking and port channel.
    The 3750s will be Layer 2 switches, and each will be uplinked via Gigabit fiber to a pair of 6500s acting as Layer 3 distribution switches.
    One thing I'm not sure about is if it will be possible to built Port Channel links for 2, 3, or 4 GB across different switches, or if I can only put Port Channels on the same switch. My understanding is with stacking it appears as one big switch and I can built Port Channels however I want, but am not 100% if this design will work.

    You can certainly configure EtherChannels across different 3750s in the same stack, thus avoiding your single point of failure by having the aggregate ports all in one switch.
    However in the scenario the port channel has to be configured explicitly to ON, PaGP is not supported across stack members.
    3750 stack switches appear as a single logical switch with a single management address. From which you can configure all physical ports. It is important to remember that you configure your switch priorities accordingly in order to govern which switch is your master, and also set a secondary.
    Regards
    Allan.
    Please kindly rate this post if you find this information helpful.

  • What is the maximum number of physical link we can bind to a ether-channel and port-channel

    Hi,
    I was studying about port-channel & ether-channel and found that, it can be bind up-to 8 ports. So maximum number, we can have of 8 ports or more ? 
    For binding we should have minimum of 2 ports or 1 ports will work ? For load-balancing purpose, is the port no. would be in a bundle of 2,4 and 8 ?
    Thanks

    Hi Kathik,
    I have gone through one document. It's saying the below mentioned things :
    Jun 7, 2012 9:36 PM (in response to Sarabjit)
    Re: What is the maximum number of etherchannels we can have?
    The maximum number of Etherchannels varies from platform to platform. The maximum number of ports in an etherchannel is either 8 ro 16 depending on the platform. The minimum number of ports in an etherchannel bundle is 1.
    Jun 8, 2012 1:27 AM (in response to Sarabjit)
    Re: What is the maximum number of etherchannels we can have?
    Etherchannels is a Cisco term. Other vendors call them 802.3ad trunks. It's common to see something like this in datasheets:
    48 ports 10/100/1000 Mbit/s
    802.3ad:
    Maximum of 32 groups
    Maximum of 8 ports per group
    The document url is https://learningnetwork.cisco.com/thread/43680
    The another document says the below mentioned things :
    Matrix of Load Balancing Methods
    This matrix consolidates the load balancing methods that this document describes:
    Platform
    Address Used in XOR
    Source-Based?
    Destination-Based?
    Source-Destination-Based?
    Load Balancing Method—Configurable/Fixed?
    6500/6000
    Layer 2, Layer 3 addresses, Layer 4 information, or MPLS information2
    Yes
    Yes
    Yes
    Configurable
    5500/5000
    Layer 2 address only
    Yes
    Cannot change the method
    4500/4000
    Layer 2, Layer 3 addresses, or Layer 4 information
    Yes
    Yes
    Yes
    Configurable
    2900XL/3500XL
    Layer 2 address only
    Yes
    Yes
    Configurable
    3750/3560
    Layer 2 or Layer 3 address only
    Yes
    Yes
    Yes
    Configurable
    2950/2955/3550
    Layer 2 address only1
    Yes
    Yes
    —1
    Configurable
    1900/2820
    These platforms use a special method of load balancing. See theCatalyst 1900/2820 section for details.
    8500
    Layer 3 address only
    Yes
    Cannot change the method
    1 For the 3550 series switch, when source-MAC address forwarding is used, load distribution based on the source and destination IP address is also enabled for routed IP traffic. All routed IP traffic chooses a port based on the source and destination IP address.
    2 For the 6500 series switches that run Cisco IOS, MPLS layer 2 information can also be used for load balancing MPLS packets.
    The document url is http://www.cisco.com/c/en/us/support/docs/lan-switching/etherchannel/12023-4.html
    Another document says the below mentioned things for load-balancing :
    inally, here is full list of valid load-distribution methods:
    •dst-ip—Load distribution on the destination IP address
    •dst-mac—Load distribution on the destination MAC address
    •dst-port—Load distribution on the destination TCP/UDP port
    •src-dst-ip—Load distribution on the source XOR destination IP address
    •src-dst-mac—Load distribution on the source XOR destination MAC address
    •src-dst-port—Load distribution on the source XOR destination TCP/UDP port
    •src-ip—Load distribution on the source IP address
    •src-mac—Load distribution on the source MAC address
    •src-port—Load distribution on the source port
    The document url is https://learningnetwork.cisco.com/thread/63064
    Please suggest.

  • Nexus port channel load balance

    Hi
    I just want to clarify one setting for the port channel load balance on Nexus 6k switch. If I use the load balance option source-dest-ip-only, will following four converstions be load balanced?
    10.10.10.1 -> 192.168.1.1
    10.10.10.2 -> 192.168.1.1
    10.10.10.1 -> 192.168.1.1
    10.10.10.1 -> 192.168.1.2
    Thanks. Leo

    Hi Leo,
    I think there may be typo in your question as I only see three conversations and not four. That aside I've not seen the Nexus port-channel load balancing sufficiently well documented to be able to give you the exact answer.
    In their configuration guides Cisco only include the following statement:
    Cisco NX-OS load balances traffic across all operational interfaces in a port channel by reducing part of the binary pattern formed from the addresses in the frame to a numerical value that selects one of the links in the channel.
    There is other documentation that states the load balancing algorithm uses a CRC-8 based polynomial, but as we don't know exactly which parts of the frame are used in the calculation, I don't see it's possible to calculate the answer and so derive the link that will be used for a given conversation.
    While I've not seen full documentation regarding the science used in the calculation, what Cisco have done is provide a command on the switch CLI that will allow you to determine which link of a port-channel will be used.
    If you run the command show port-channel load-balance forwarding-path interface port-channel vlan src-ip dst-ip then one of the parts of the output is the member link of the port-channel that will be used for that flow.
    You can find full details of the options for the show port-channel load-balance command in the command reference.
    One other point to remember is that the load balancing across a port-channel is unidirectional, and the hashing might be completely different for the return flow of a conversation. For example it is entirely possible that traffic from A to B could use one link of a port-channel, while the return traffic from B to A for the same conversation could use a different link.
    In general I would use the source-dest-port option for load balancing on the Nexus switches as this will obviously include the Layer-4 port numbers in the calculation, and so give you a better distribution of flows across all member links.
    Regards

  • IOS to NXOS VPC PORT CHANNEL

    Hello
    I have a pair of Nexus 5K's in a VPC domain and some 2960's as VPC members, with a port channel to the domain.
    Topology is as follows:
    5K1 and 5K2 in VPC domain
    VPC from 5K1 and 5K2 to 2960
    2960 has gi0/1 and gi0/2 in 1 port channel
    gi0/1 to 5k1, gi0/2 to 5k2
    I know that what I am going to ask may be totally against the purpose of VPC, but, I am looking for a way to favour gi0/1 for traffic, rather than load balancing over gi0/1 and gi0/2. The reaon for this is that I would like to benefit from the lack of loop that VPC provides, but would also like to have a primary and secondary link as the majority of traffic should actually go via 5K1, rather than 5K2.
    Any suggestions welcome.
    Many thanks in advance
    Anthony

    Hi Anthony,
    The Cisco NX-OS software load balances traffic across all operational interfaces in a portchannel by hashing the addresses in the frame to a numerical value that selects one of the links in the channel. Port channels provide load balancing by default. Port-channel load-balancing uses MAC addresses, IP addresses, or Layer 4 port numbers to select the link. Port-channel load balancing uses either source or destination addresses or ports, or both source and destination addresses or ports.
    You can configure the load-balancing mode to apply to all port channels that are configured on the entire device or on specified modules. The per-module configuration takes precedence over the load-balancing configuration for the entire device. You can configure one load-balancing mode for the entire device, a different mode for specified
    modules, and another mode for the other specified modules. You cannot configure the load-balancing method per port channel.
    You can configure the type of load-balancing algorithm used. You can choose the load-balancing algorithm that determines which member port to select for egress traffic by looking at the fields in the frame.
    Note:  The default load-balancing mode for Layer 3 interfaces is the source and destination IP address, and the default load-balancing mode for non-IP interfaces is the source and destination MAC address.
    From the config mode you can try different load-balacing method ,
    port-channel load-balance {dest-ip-port | dest-ip-port-vlan |
    destination-ip-vlan | destination-mac | destination-port | source-dest-ip-port | source-dest-ip-port-vlan | source-dest-ip-vlan | source-dest-mac | source-dest-port | source-ip-port | source-ip-port-vlan | source-ip-vlan | source-mac | source-port} [module-number]
    To Summarize: I cannot say which port would be selected, it purely depends on type of frame you are sending with the combination of the load-balance method.
    After tweaking you can also know from the command which link the traffic is taking,
    NEXUS2-SPAN# show port-channel load-balance forwarding-path interface port-channel 71 src-ip 1.1.1.1 dst-ip 2.2.2.2 vlan 51 module 2
    Module 2: Missing params will be substituted by 0's.
    Load-balance Algorithm: src-dst ip-l4port
    RBH: 0xb0       Outgoing port id: Ethernet8/8
    we can also try tweaking the same load-balancing on the 2960 also. It purely depends on the load-balancing algorithm. Below is for 2960 Load-balancing tweaking,
    http://www.cisco.com/en/US/docs/switches/lan/catalyst2960/software/release/12.2_53_se/configuration/guide/swethchl.html
    Even after doing this i wouldnt say 100% it would select one link.
    Hope this helps!
    Thanks,
    Richard.
    *Rate if this is useful

  • 3750X Port-Channel Load-Blanace method

    I have a 3750X and I'm wondering what would be the best Port-Channel Load-Balancing method would be for my network.
    switch(config)#port load ?
      dst-ip       Dst IP Addr
      dst-mac      Dst Mac Addr
      src-dst-ip   Src XOR Dst IP Addr
      src-dst-mac  Src XOR Dst Mac Addr
      src-ip       Src IP Addr
      src-mac      Src Mac Addr
    We have a few Layer 3 VLANs: Default, Servers, Clients, and Guests.
    Some of our servers are LACP bundled.
    So it would be mainly clients on the one layer 3 VLAN accessing the server on the other layer 3 VLAN.
    We also have a few smaller switches that are trunked and LACP bundled back to the core 3750X.
    Can anyone suggest which Load-Balancing method would be best for our situation?
    Thanks!

    The default load balancing method on the 3750 series is based on source-MAC address.  This usually works fine in most cases. If you change it to something different than this, it will affect all your port-channels in that switch.
    HTH

  • For port-channel

    Can I join Layer 2 MEC port channel with 10G SR and LR together?
    We are thinking of  using VSS setup.
    VSS with Server Farm switches.
    VSS sw1 and sw2 are in different building.
    in order to save cost..
    Server farm 1 with VSS sw1 will use 10G SR.
    Server farm 1 with VSS sw2 will use 10G LR.
    But I need to bundle that 10G SR and LR together to form L2 MEC..
    Thanks,
    John

    hi John,
    yes you can
    one thing you need to check  is that the qos scheduling match on the interfaces , they can differ depending on what cards they are on .....ie below (in bold)
    even if they dont match --  there is a command to ignore this in etherchannel formation -- i can dig up if you need.
    #sh int te 1/5/2 capabilities
    TenGigabitEthernet1/5/2
      Model:                 WS-X6708-10GE
      Type:                  10Gbase-SR
      Speed:                 10000
      Duplex:                full
      Trunk encap. type:     802.1Q,ISL
      Trunk mode:            on,off,desirable,nonegotiate
      Channel:               yes
      Broadcast suppression: percentage(0-100)
      Flowcontrol:           rx-(off,on),tx-(off,on)
      Membership:            static
      Fast Start:            yes
      QOS scheduling:        rx-(8q4t), tx-(1p7q4t)
      QOS queueing mode:     rx-(cos,dscp), tx-(cos,dscp)
      CoS rewrite:           yes
      ToS rewrite:           yes
      Inline power:          no
      Inline power policing: no
      SPAN:                  source/destination
      UDLD                   yes
      Link Debounce:         yes
      Link Debounce Time:    yes
      Ports-in-ASIC (Sub-port ASIC) : 2-3,6,8 (2)
      Remote switch uplink:  no
      Dot1x:                 no
      Port-Security:         yes

  • Port Channel over L2 MPLS links

    Hello.
    I was hoping that someone could over some suggestions on best practice or recommendations for configuring port channel to bundle to layer 2 MPLS links that we have.
    We have racks in two geographically separated data centres, each rack has a stack of Cisco 3850 switches, and there are two 100Mbps layer 2 connections linking these stacks together.  The links are provided by our supplier and runs over their core network (I can get more info on their setup if need be).
    I had initially just configured a simple port channel bundling the two ports on "Switch A", and the same on "Switch B".  However I have since noticed that one of the ports was put into error disabled state, and I have my doubts that we ever had 200Mbps throughput over the portchannel.
    The logs showed:
    UDLD-4-UDLD_PORT_DISABLED: UDLD disabled interface Gix/x/x, aggressive mode failure detected
    %PM-4-ERR_DISABLE: udld error detected on Gix/x/x, putting Gix/x/x in err-disable state
    How I understand is that one of ports recieved an unexpected (or incorrect) BPDU packet, and shut the port down as part of spanning tree process to stop a loop forming.
    For the time being I have removed the port channel config and re-opened all the ports, so I believe one of the ports is now in blocking state.
    Whilst redundancy for these links is great, ideally I would like to have the links bundled so I also get the benefit of higher throughput.
    Any thoughts are greatly appreciated.
    Thank you

    Hi,
    Thank you for your reply and suggestions.  I have been reading up on layer 2 protocol tunnelling and I'm not sure if this will work for us.  According to these guidelines for the catalyst 3550 (http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3550/software/release/12-1_19_ea1/configuration/guide/3550scg/swtunnel.html#wp1006657) it states:
    •If you enable PAgP or LACP tunneling, we recommend that you also enable UDLD on the interface for faster link-failure detection.
    •Tunneling is not supported on trunk ports. If you enter the l2protocol-tunnel interface configuration command on a trunk port, the command is accepted, but Layer 2 tunneling does not take affect unless you change the port to a tunnel port or an access port.
    •EtherChannel port groups are compatible with tunnel ports when the 802.1Q configuration is consistent within an EtherChannel port group.
    (maybe its a different and is supported on 3850's)
    Also, I cant use layer 3 over this link as I am looking to extend VLANs over the link so devices and virtual machines in each of the datacentre are in the same subnet and broadcast domain.
    I will speak with the supplier to see what they are willing to do.
    Thanks again.

Maybe you are looking for