3750X Port-Channel Load-Blanace method

Similar Messages

• Port Channel Load-Balancing Algorithm (North Bound)

  I'm trying to figure out what the load balancing algorithm for the 6100 and 6200 FIs for the Northbound connections. I can't find any documentation on how to change it.
  The Nexus 7000s use an 8-bit hash, making it very easy to do something other than 2, 4, or 8 link port channel and get even (at least algorithmically) distribution.
  Catalyst switches (not sure about Sup2T though) would use a 1, 2, or 3-bit index, which would skew traffic algorthmically if you used a non-power of 2.
  Looking at the 5K documentation, it seems to use the Catalyst style (though haven't been able to confirm). My guess is that whatever is used for the 5Ks is used for the 6100/6200.
  Design wise, this would mean you would want to use powers of 2 for your NB uplinks.

  Hello Tony,
  On UCS FI, it uses " sr-cdest-ip " as the load balancing algorithm and uses 8 parameters for hashing
  6248-01-B(nxos)# sh port-channel load-balance
  Port Channel Load-Balancing Configuration:
  System: source-dest-ip
  Port Channel Load-Balancing Addresses Used Per-Protocol:
  Non-IP: source-dest-mac
  IP: source-dest-ip source-dest-mac
  6248-01-B(nxos)# show platform fwm info pc port-channel 1
  dump pc info: if_index 369098752 dump_all 0 verbose 1
  Po1: state 0x0  #pifs 1  fwimpd ctx 0x9666c1c
  Po1: hash params - l2_da 1 l2_sa 1 l3_da 1 l3_sa 1
  Po1: hash params - l4_da 1 l4_sa 1 xor_sa_da 1 hash_elect 1
  I could not find an option to change these values.
  Padma

• Nexus 6K: Port-Channel Load-Balance

  Hi all,
  I configured "port-channel load-balance ethernet source-dest-mac" on Nexus 6001. But when I use "show run all | in load-balance", it displays module 1 and module 2 are still using source-dest-ip for port-channel load-balance. And for command "show port-channel load-balance" and "show port-channel load-balance forwarding-path interface", it still shows switch using MAC for hash algorithm. The NXOS is 6.0(2)N1(2a).
  Does anybody know:
  -  What is the function of "port-channel load-balance ethernet source-dest-ip module" and in which situation this command will be effective?
  -  It shows "port-channel load-balance ethernet source-dest-ip module" command for both module 1 and 2. Module 1 is N6K Supervisor and module 2 is 4xQSFP Ethernet Module. Is it possible to set different load-balance algorithm  to these 2 modules?   
  # show run all | in load-balance
  port-channel load-balance ethernet source-dest-mac
  port-channel load-balance ethernet source-dest-ip module 1
  port-channel load-balance ethernet source-dest-ip module 2
  # show port-channel load-balance
  Port Channel Load-Balancing Configuration:
  System: source-dest-mac
  Port Channel Load-Balancing Addresses Used Per-Protocol:
  Non-IP: source-dest-mac
  IP: source-dest-mac
  # show port-channel load-balance forwarding-path interface port-channel 30 vlan 150 src-ip 172.25.228.6 dst-ip 172.25.226.97
  Missing params will be substituted by 0's.
  Load-balance Algorithm on switch: source-dest-mac
  crc_hash: 977 Polynomial: CRC10b        Outgoing port id  Ethernet1/2
  Param(s) used to calculate load-balance:
          seed: 0x701
          dst-mac:  0000.0000.0000
          src-mac:  0000.0000.0000
  # show module
  Mod Ports Module-Type                         Model                  Status
  1   48    Norcal 64 Supervisor                N6K-C6001-64P-SUP      active *
  2   10    Nexus 4xQSFP Ethernet Module        N6K-C6001-M4Q          ok
  Mod  Sw              Hw      World-Wide-Name(s) (WWN)
  1    6.0(2)N2(3)     1.0     --
  2    6.0(2)N2(3)     1.0     --

  Hi all,
  I configured "port-channel load-balance ethernet source-dest-mac" on Nexus 6001. But when I use "show run all | in load-balance", it displays module 1 and module 2 are still using source-dest-ip for port-channel load-balance. And for command "show port-channel load-balance" and "show port-channel load-balance forwarding-path interface", it still shows switch using MAC for hash algorithm. The NXOS is 6.0(2)N1(2a).
  Does anybody know:
  -  What is the function of "port-channel load-balance ethernet source-dest-ip module" and in which situation this command will be effective?
  -  It shows "port-channel load-balance ethernet source-dest-ip module" command for both module 1 and 2. Module 1 is N6K Supervisor and module 2 is 4xQSFP Ethernet Module. Is it possible to set different load-balance algorithm  to these 2 modules?   
  # show run all | in load-balance
  port-channel load-balance ethernet source-dest-mac
  port-channel load-balance ethernet source-dest-ip module 1
  port-channel load-balance ethernet source-dest-ip module 2
  # show port-channel load-balance
  Port Channel Load-Balancing Configuration:
  System: source-dest-mac
  Port Channel Load-Balancing Addresses Used Per-Protocol:
  Non-IP: source-dest-mac
  IP: source-dest-mac
  # show port-channel load-balance forwarding-path interface port-channel 30 vlan 150 src-ip 172.25.228.6 dst-ip 172.25.226.97
  Missing params will be substituted by 0's.
  Load-balance Algorithm on switch: source-dest-mac
  crc_hash: 977 Polynomial: CRC10b        Outgoing port id  Ethernet1/2
  Param(s) used to calculate load-balance:
          seed: 0x701
          dst-mac:  0000.0000.0000
          src-mac:  0000.0000.0000
  # show module
  Mod Ports Module-Type                         Model                  Status
  1   48    Norcal 64 Supervisor                N6K-C6001-64P-SUP      active *
  2   10    Nexus 4xQSFP Ethernet Module        N6K-C6001-M4Q          ok
  Mod  Sw              Hw      World-Wide-Name(s) (WWN)
  1    6.0(2)N2(3)     1.0     --
  2    6.0(2)N2(3)     1.0     --

• Nexus port channel load balance

  Hi
  I just want to clarify one setting for the port channel load balance on Nexus 6k switch. If I use the load balance option source-dest-ip-only, will following four converstions be load balanced?
  10.10.10.1 -> 192.168.1.1
  10.10.10.2 -> 192.168.1.1
  10.10.10.1 -> 192.168.1.1
  10.10.10.1 -> 192.168.1.2
  Thanks. Leo

  Hi Leo,
  I think there may be typo in your question as I only see three conversations and not four. That aside I've not seen the Nexus port-channel load balancing sufficiently well documented to be able to give you the exact answer.
  In their configuration guides Cisco only include the following statement:
  Cisco NX-OS load balances traffic across all operational interfaces in a port channel by reducing part of the binary pattern formed from the addresses in the frame to a numerical value that selects one of the links in the channel.
  There is other documentation that states the load balancing algorithm uses a CRC-8 based polynomial, but as we don't know exactly which parts of the frame are used in the calculation, I don't see it's possible to calculate the answer and so derive the link that will be used for a given conversation.
  While I've not seen full documentation regarding the science used in the calculation, what Cisco have done is provide a command on the switch CLI that will allow you to determine which link of a port-channel will be used.
  If you run the command show port-channel load-balance forwarding-path interface port-channel vlan src-ip dst-ip then one of the parts of the output is the member link of the port-channel that will be used for that flow.
  You can find full details of the options for the show port-channel load-balance command in the command reference.
  One other point to remember is that the load balancing across a port-channel is unidirectional, and the hashing might be completely different for the return flow of a conversation. For example it is entirely possible that traffic from A to B could use one link of a port-channel, while the return traffic from B to A for the same conversation could use a different link.
  In general I would use the source-dest-port option for load balancing on the Nexus switches as this will obviously include the Layer-4 port numbers in the calculation, and so give you a better distribution of flows across all member links.
  Regards

• Nexus - port-channel load balancing

  Port-channel   load balancing is a global command or interface command in Nexus switch?
  Thanks,
  Manu

  Hi,
  It's a global command; port-channel load-balance ethernet.
  You can find details in the Configuring Load Balancing Using Port Channels section of the Nexus 5500 Series NX-OS Interfaces Configuration Guide.
  Regards

• Cisco MDS Port channel load balancing

  A customer recently asked an interesting question about exchange based load balancing on an FC port channel. The platform is UCS with an 8 and 16 port channel per fabric interconnect on two separate UCS domains. The application is Oracles data warehousing which has been known to saturate 4 x 8gb fc links. Since the balancing method is exchange based what constitutes the start and end of an exchange? We are trying to avoid a condition where and intense read write conversation locks to a single link in the port channel and not spread across 8/16 links. Where can I find more information about exchange based routing protocol or how should I go about managing extreme io in a converged infrastructure.

  The default loadbalance method on FI and MDS is src-dst-ox-id based. Note that loadbalancing is done by a device on *outgoing traffic*. FI and MDS do not have to negotiate anything here. Technically, one device can do src-dst-id based while the other can use src-dst-ox-id. However, in your case there is no reason for such a change.
  As I wrote before, If all of the links in the port-channel are touching the max capacity, you should recommend your customer to increase links in the bundle (max 16) or upgrade to 16G links. If few of the links are heavily utilized while other links in the same port-channel are under utilized, you may want to check the application or HBA for capability of breaking down the large reads/writes under smaller exchanges. If no traffic is going on few of the links at all, then I would suspect UCS to FI pinning as well.

• Port channel Load balancing in Storage VDC

  Hi i am not able to find how to check PO load balancing for storage VDC, although i know by default for FCoE traffic on storage vdc it is OXID but whether it is src-dst l4port or src-dst ipl4port.

  Hi,
  From "Nexus 5500 to Nexus 7000 Multi-Hop FCoE Configuration Example" , 
  Note: On Nexus 7000, by default the source-destination-oxid load balancing mechanism is used for FCoE traffic.
  So let's see what is the default load balancing mechanism in Nexus 7000,
  From "Nexus 7000 interface configuration guide" ,
  The default load-balancing mode for Layer 3 interfaces is the source and destination IP address, and the default load-balancing mode for non-IP interfaces is the source and destination MAC address.
  Which means src-dst ip.
  So what I think is you need to have src-dst ip in default VDC for OXID load balancing in Nexus 7000.

• OSPF load balancing across multiple port channels

  I have googled/searched for this everywhere but haven't been able to find a solution. Forgive me if I leave something out but I will try to convey all relevant information. Hopefully someone can provide some insight and many thanks in advance.
  I have three switches (A, B, and C) that are all running OSPF and LACP port channelling among themselves on a production network. Each port channel interface contains two physical interfaces and trunks a single vlan (so a vlan connecting each switch over a port channel). OSPF is running on each vlan interface.
  Switch A - ME3600
  Switch B - 3550
  Switch C - 3560G
  This is just a small part of a much larger topology. This part forms a triangle, if you will, where A is the source and C is the destination. A and C connect directly via a port channel and are OSPF neighbors. A and B connect directly via a port channel and are OSPF neighbors. B and C connect directly via a port channel and are OSPF neighbors. Currently, all traffic from A to C traverses B. I would like to load balance traffic sourced from A with a destination of C on the direct link and on the links through B. If all traffic is passed through B, traffic is evenly split on the two interfaces on the port channel. If all traffic is pushed onto the direct A-C link, traffic is evenly balanced on the two interfaces on that port channel. If OSPF load balancing is configured on the two vlans from A (so A-C and A-B), the traffic is divided to each port channel but only one port on each port channel is utilized while the other one passes nothing. So half of each port channel remains unused. The port channel on B-C continues to load balance, evenly splitting the traffic received from half of the port channel from A.
  A and C port channel load balancing is configured for src-dst-ip. B is a 3550 and does not have this option, so it is set to src-mac.
  Relevant configuration:
  Switch A:
  interface Port-channel1
  description Link to B
   port-type nni
   switchport trunk allowed vlan 11
   switchport mode trunk
  interface Vlan11
   ip address x.x.x.134 255.255.255.254
  interface Port-channel3
  description Link to C
   port-type nni
   switchport trunk allowed vlan 10
   switchport mode trunk
  interface Vlan10
   ip address x.x.x.152 255.255.255.254
  Switch B:
  interface Port-channel1
   description Link to A
   switchport trunk encapsulation dot1q
   switchport trunk allowed vlan 11
   switchport mode trunk
  interface Vlan11
   ip address x.x.x.135 255.255.255.254
  interface Port-channel2
   description Link to C
   switchport trunk encapsulation dot1q
   switchport trunk allowed vlan 12
   switchport mode trunk
  interface Vlan12
   ip address x.x.x.186 255.255.255.254
  Switch C:
  interface Port-channel1
   description Link to B
   switchport trunk encapsulation dot1q
   switchport trunk allowed vlan 12
   switchport mode trunk
  interface Vlan12
   ip address x.x.x.187 255.255.255.254
  interface Port-channel3
   description Link to A
   switchport trunk encapsulation dot1q
   switchport trunk allowed vlan 10
   switchport mode trunk
  interface Vlan10
   ip address x.x.x.153 255.255.255.254

  This is more FYI. 10.82.4.0/24 is a subnet on switch C. The path to it is split across vlans 10 and 11 but once it hits the port channel interfaces only one side of each is chosen. I'd like to avoid creating more vlan interfaces but right now that appears to be the only way to load balance equally across the four interfaces out of switch A.
  ME3600#sh ip route 10.82.4.0
  Routing entry for 10.82.4.0/24
    Known via "ospf 1", distance 110, metric 154, type extern 1
    Last update from x.x.x.153 on Vlan10, 01:20:46 ago
    Routing Descriptor Blocks:
      x.x.x.153, from 10.82.15.1, 01:20:46 ago, via Vlan10
        Route metric is 154, traffic share count is 1
    * x.x.x.135, from 10.82.15.1, 01:20:46 ago, via Vlan11
        Route metric is 154, traffic share count is 1
  ME3600#sh ip cef 10.82.4.0
  10.82.4.0/24
    nexthop x.x.x.135 Vlan11
    nexthop x.x.x.153 Vlan10
  ME3600#sh ip cef 10.82.4.0 internal       
  10.82.4.0/24, epoch 0, RIB[I], refcount 5, per-destination sharing
  sources: RIB 
  ifnums:
  Vlan10(1157): x.x.x.153
  Vlan11(1192): x.x.x.135
  path 093DBC20, path list 0937412C, share 1/1, type attached nexthop, for IPv4
  nexthop x.x.x.135 Vlan11, adjacency IP adj out of Vlan11, addr x.x.x.135 08EE7560
  path 093DC204, path list 0937412C, share 1/1, type attached nexthop, for IPv4
  nexthop x.x.x.153 Vlan10, adjacency IP adj out of Vlan10, addr x.x.x.153 093A4E60
  output chain:
  loadinfo 088225C0, per-session, 2 choices, flags 0003, 88 locks
  flags: Per-session, for-rx-IPv4
  16 hash buckets             
  < 0 > IP adj out of Vlan11, addr x.x.x.135 08EE7560
  < 1 > IP adj out of Vlan10, addr x.x.x.153 093A4E60
  < 2 > IP adj out of Vlan11, addr x.x.x.135 08EE7560
  < 3 > IP adj out of Vlan10, addr x.x.x.153 093A4E60
  < 4 > IP adj out of Vlan11, addr x.x.x.135 08EE7560
  < 5 > IP adj out of Vlan10, addr x.x.x.153 093A4E60
  < 6 > IP adj out of Vlan11, addr x.x.x.135 08EE7560
  < 7 > IP adj out of Vlan10, addr x.x.x.153 093A4E60
  < 8 > IP adj out of Vlan11, addr x.x.x.135 08EE7560
  < 9 > IP adj out of Vlan10, addr x.x.x.153 093A4E60
  <10 > IP adj out of Vlan11, addr x.x.x.135 08EE7560
  <11 > IP adj out of Vlan10, addr x.x.x.153 093A4E60
  <12 > IP adj out of Vlan11, addr x.x.x.135 08EE7560
  <13 > IP adj out of Vlan10, addr x.x.x.153 093A4E60
  <14 > IP adj out of Vlan11, addr x.x.x.135 08EE7560
  <15 > IP adj out of Vlan10, addr x.x.x.153 093A4E60
  Subblocks:                                                                                  
  None

• Load-balancing Algorithm for NX-OS Port Channels

  Hi, all
  I do not understand description of port-channel load-balance ethernet command.
  switch(config)# port-channel load-balance ethernet ?
    destination-ip         Destination IP address
    destination-mac        Destination MAC address
    destination-port       Destination TCP/UDP port
    source-dest-ip         Source & Destination IP address (includes l2)
    source-dest-ip-only    Source & Destination IP addresses only
    source-dest-mac        Source & Destination MAC address
    source-dest-port       Source & Destination TCP/UDP port (includes l2 and l3)
    source-dest-port-only  Source & Destination TCP/UDP port only
    source-ip              Source IP address
    source-mac             Source MAC address
    source-port            Source TCP/UDP port
  Please tell me what the following descriptions mean.
    Source & Destination IP address (includes l2)
    Source & Destination TCP/UDP port (includes l2 and l3)
  What are the meaning of "includes l2" and "includes l2 and l3" ?
  Thank you for your cooperation in advance.

  Hi Satoru,
  On the Nexus 5000/6000 platforms, all FEXs will inherit the global hashing algorithm from the parent device.
  On the Nexus 7000 platform, hashing algorithms can be assigned on a per FEX basis (all load balancing changes must be made from the Admin VDC):
  N7K-A(config)# port-channel load-balance src-dst ip-l4port fex 134
  Any FEX without a hashing algorithm configured with inherit the global hash. Making changes to the modular/global hash will not alter FEX specific hashing algorithms.
  To verify the configuration applied you can use this command:
  N5K_A# show port-channel load-balance
  On the Nexus 7000, the per FEX algorithm can be checked by appending the ‘fex <#>’ to the end of the command in the Admin VDC or the FEX’s respective VDC:
  N7K-A(config)# show port-channel load-balance fex 134
  Regards,
  Richard

• LACP Load Balancing Method

  We have two stack of 3750-X switchs interconnected through LACP, and a CheckPoint Firewall connected to one of the stack. The Firewall use a LACP bond to connect to the 3750-X Stack. On the Cisco switches we don't use any Layer3 functionality.
  Since the switch are used in Layer2 mode, can we define the a load balancing method that use IP informations ?
  For example Can we change the load balancing method from src-mac to src-dst-ip ?
  BRgds

    Hi,
  yes you can choose the method of Load balancing in LACP:
  port-channel load-balance {dst-ip | dst-mac | src-dst-ip | src-dst-mac | src-ip | src-mac}
  Configure an EtherChannel load-balancing method.
  The default is src-mac.
  Select one of these load-distribution methods:
  •dst-ip—Load distribution is based on the destination-host IP address.
  •dst-mac—Load distribution is based on the destination-host MAC address of the incoming packet.
  •src-dst-ip—Load distribution is based on the source-and-destination host-IP address.
  •src-dst-mac—Load distribution is based on the source-and-destination host-MAC address.
  •src-ip—Load distribution is based on the source-host IP address.
  •src-mac—Load distribution is based on the source-MAC address of the incoming packet.

• IOS to NXOS VPC PORT CHANNEL

  Hello
  I have a pair of Nexus 5K's in a VPC domain and some 2960's as VPC members, with a port channel to the domain.
  Topology is as follows:
  5K1 and 5K2 in VPC domain
  VPC from 5K1 and 5K2 to 2960
  2960 has gi0/1 and gi0/2 in 1 port channel
  gi0/1 to 5k1, gi0/2 to 5k2
  I know that what I am going to ask may be totally against the purpose of VPC, but, I am looking for a way to favour gi0/1 for traffic, rather than load balancing over gi0/1 and gi0/2. The reaon for this is that I would like to benefit from the lack of loop that VPC provides, but would also like to have a primary and secondary link as the majority of traffic should actually go via 5K1, rather than 5K2.
  Any suggestions welcome.
  Many thanks in advance
  Anthony

  Hi Anthony,
  The Cisco NX-OS software load balances traffic across all operational interfaces in a portchannel by hashing the addresses in the frame to a numerical value that selects one of the links in the channel. Port channels provide load balancing by default. Port-channel load-balancing uses MAC addresses, IP addresses, or Layer 4 port numbers to select the link. Port-channel load balancing uses either source or destination addresses or ports, or both source and destination addresses or ports.
  You can configure the load-balancing mode to apply to all port channels that are configured on the entire device or on specified modules. The per-module configuration takes precedence over the load-balancing configuration for the entire device. You can configure one load-balancing mode for the entire device, a different mode for specified
  modules, and another mode for the other specified modules. You cannot configure the load-balancing method per port channel.
  You can configure the type of load-balancing algorithm used. You can choose the load-balancing algorithm that determines which member port to select for egress traffic by looking at the fields in the frame.
  Note:  The default load-balancing mode for Layer 3 interfaces is the source and destination IP address, and the default load-balancing mode for non-IP interfaces is the source and destination MAC address.
  From the config mode you can try different load-balacing method ,
  port-channel load-balance {dest-ip-port | dest-ip-port-vlan |
  destination-ip-vlan | destination-mac | destination-port | source-dest-ip-port | source-dest-ip-port-vlan | source-dest-ip-vlan | source-dest-mac | source-dest-port | source-ip-port | source-ip-port-vlan | source-ip-vlan | source-mac | source-port} [module-number]
  To Summarize: I cannot say which port would be selected, it purely depends on type of frame you are sending with the combination of the load-balance method.
  After tweaking you can also know from the command which link the traffic is taking,
  NEXUS2-SPAN# show port-channel load-balance forwarding-path interface port-channel 71 src-ip 1.1.1.1 dst-ip 2.2.2.2 vlan 51 module 2
  Module 2: Missing params will be substituted by 0's.
  Load-balance Algorithm: src-dst ip-l4port
  RBH: 0xb0       Outgoing port id: Ethernet8/8
  we can also try tweaking the same load-balancing on the 2960 also. It purely depends on the load-balancing algorithm. Below is for 2960 Load-balancing tweaking,
  http://www.cisco.com/en/US/docs/switches/lan/catalyst2960/software/release/12.2_53_se/configuration/guide/swethchl.html
  Even after doing this i wouldnt say 100% it would select one link.
  Hope this helps!
  Thanks,
  Richard.
  *Rate if this is useful

• Design help related to ACE to Switch connectivity using Port-Channel

  Hi,
  I have a Cisco ACE 4710 configured in One-Arm mode. This ACE is getting connected with 2 3750 switches. These 2 3750 switches connected in trunk mode.
  ACE is connected to these 3750 switches using Port-channel.
  ACE Config:
  ================================
  interface gigabitEthernet 1/1
    description One-arm mode port to DMZ Switch 1 port 20
    channel-group 1
    no shutdown
  interface gigabitEthernet 1/2
    description One-arm mode port to DMZ Switch 2 port 20
    channel-group 1
    no shutdown
  interface port-channel 1
    switchport access vlan 51
    port-channel load-balance src-dst-ip
    no shutdown
  interface vlan 51
    ip address 10.40.56.131 255.255.255.128
    access-group input everyone
    access-group output everyone
    nat-pool 1 10.40.56.215 10.40.56.215 netmask 255.255.255.255 pat
    service-policy input LB
    service-policy input remote-access
    no shutdown
  ===========================================================
  The problem is that 3750 switches are not stacked.
  Application is working fine. But i am getting a lot of MAC flapping messages..
  kindly suggest whether this design is OK or something needs to be done to rectify it...
  Attached a small diagram..

  Hello acharyr123,
  I don't think this design is ok, and it would cause mac flapping since the two indepedendent 3750 switches will learn the ace mac addresses off of two different interfaces.  The 3750s would have to be stacked so that they would act as one switch then this should work correctly.
  Thanks
  Joel Lamousnery
  TAC CSE

• WLC LAG Mode and Port Channel

  So I was reading the controller best practices and got this:
  When you use LAG, the controller relies on the switch for the load balancing decisions on traffic that come from the network. It expects that traffic that belongs to an AP always enters on the same port. Use only ip-src or ip-src ip-dst load balancing options in the switch EtherChannel configuration. Some switch models might use unsupported load balancing mechanisms by default, so it is important to verify.
  This is how to verify the EtherChannel load balancing mechanism:
  switch#show etherchannel load-balance
  EtherChannel Load-Balancing Configuration:
  src-dst-ip
  EtherChannel Load-Balancing Addresses Used Per-Protocol:
  Non-IP: Source XOR Destination MAC address
  IPv4: Source XOR Destination IP address
  IPv6: Source XOR Destination IP address
  This is how to change the switch configuration (IOS):
  switch(config)#port-channel load-balance src-dst-ip
  Now Cisco switches by default will do src-mac.  If I make this change obviously this would be a global change.  I don't believe it should cause any performance issues but wanted to get some expert opinions on this.  Switches my controller will be connected to will also have two routers connected as well via Port Channel.
  I'm trying to understand the reasoning behind this.

  I've never seen that command cause any issues in any deployment I've worked on.
  HTH,
  Steve

• ASA5550 port channel configuration ERROR: nameif not allowed on empty etherchannel interface

  Hi All,
  I am having problem when configure port channel on asa5550 
  IOS ver asa914-k8.bin also in ver 9.02   and 8.47.
  Please let me know how can I solve this problem.
  UK-LON-FW(config)# int port-channel 3
  UK-LON-FW(config-if)# vlan 245
                         ^
  ERROR: % Invalid input detected at '^' marker.
  UK-LON-FW(config-if)# nameif secure
  ERROR: nameif not allowed on empty etherchannel interface.
  UK-LON-FW(config-if)#
  here is my interfaces configuration:
  interface GigabitEthernet0/0
  description fw1:G0/0 to uk-lon-gw1:e1/8 fw2:G0/0 to uk-lon-gw2:e1/9 outside zone
  channel-group 1 mode on
  no nameif
  no security-level
  no ip address
  interface GigabitEthernet0/1
  description fw1:G0/1 to uk-lon-gw2:e1/8 fw2:G0/1 to uk-lon-gw1:e1/9 outside zone
  channel-group 1 mode on
  no nameif
  no security-level
  no ip address
  interface GigabitEthernet0/2
  description fw1:G0/2 to uk-lon-sw1a:1 fw2:G0/2 to uk-lon-sw1a:2 dmz
  channel-group 2 mode on
  no nameif
  no security-level
  no ip address
  interface GigabitEthernet0/3
  description fw1:G0/3 to uk-lon-sw1b: fw2:G0/3 to uk-lon-sw1b:2 dmz
  channel-group 2 mode on
  no nameif   
  no security-level
  no ip address
  interface Management0/0
  management-only
  nameif management
  security-level 0
  ip address 10.10.51.18 255.255.254.0
  interface GigabitEthernet1/0
  description fw1:G1/0 to uk-lon-sw1a:3 fw2:G1/0 to uk-lon-sw1a:4 secure zone
  no nameif
  no security-level
  no ip address
  interface GigabitEthernet1/1
  description fw1:G1/1 to uk-lon-sw1b:3 fw2:G1/1 to uk-lon-sw1b:4 secure zone
  no nameif
  no security-level
  no ip address
  interface GigabitEthernet1/2
  description LAN Failover Interface
  no nameif   
  no security-level
  no ip address
  interface GigabitEthernet1/3
  description STATE Failover Interface
  no nameif
  no security-level
  no ip address
  interface Port-channel1
  description outside zone
  no nameif
  no security-level
  no ip address
  interface Port-channel1.5
  description outside zone Bundle FW:G0/0-G0/1 connect to GW1:e1/8-GW2:e1/8
  vlan 5
  nameif outside
  security-level 0
  ip address 216.239.105.5 255.255.255.128 standby 216.239.105.6
  interface Port-channel2
  description dmz Bunlde uk-lon-fw:G0/2-3 to sw1a:1-2 sw1b:1-2
  no nameif
  no security-level
  no ip address
  interface Port-channel2.105
  description dmz
  vlan 105
  nameif dmz
  security-level 50
  ip address 216.239.105.193 255.255.255.192 standby 216.239.105.194
  interface Port-channel3
  description secure zone Bunlde uk-lon-fw:G1/0-1 to sw1a:3-3 sw1b:3-4
  no nameif
  security-level 100
  ip address 10.254.105.1 255.255.255.0 standby 10.254.105.2
  UK-LON-FW(config-if)# 

  Hi Marvin,
  Thank you for your answer.  I did everything but it did not work. Turn out it is a bug ver 8.45 will let you created the sub logical interface but actually it did not work right.  Verson 9.x  doesn't let you create more than 2 port channel (limitation of ASA5550 hardware).
  https://tools.cisco.com/bugsearch/bug/CSCtq62715/?reffering_site=dumpcr 
  Also, you can see the 8.4 release notes were you can see that it is not supported:
  http://www.cisco.com/c/en/us/td/docs/security/asa/asa84/release/notes/asarn84.html#pgfId-522232
  Interface Features
  EtherChannel support (ASA 5510 and higher)
  You can configure up to 48 802.3ad EtherChannels of eight active interfaces each.
  Note You cannot use interfaces on the 4GE SSM, including the integrated 4GE SSM in slot 1 on the ASA 5550, as part of an EtherChannel.
  We introduced the following commands: channel-group , lacp port-priority , interface port-channel , lacp max-bundle , port-channel min-bundle , port-channel load-balance , lacp system-priority , clear lacp counters , show lacp , show port-channel .

• What is the maximum number of physical link we can bind to a ether-channel and port-channel

  Hi,
  I was studying about port-channel & ether-channel and found that, it can be bind up-to 8 ports. So maximum number, we can have of 8 ports or more ? 
  For binding we should have minimum of 2 ports or 1 ports will work ? For load-balancing purpose, is the port no. would be in a bundle of 2,4 and 8 ?
  Thanks

  Hi Kathik,
  I have gone through one document. It's saying the below mentioned things :
  Jun 7, 2012 9:36 PM (in response to Sarabjit)
  Re: What is the maximum number of etherchannels we can have?
  The maximum number of Etherchannels varies from platform to platform. The maximum number of ports in an etherchannel is either 8 ro 16 depending on the platform. The minimum number of ports in an etherchannel bundle is 1.
  Jun 8, 2012 1:27 AM (in response to Sarabjit)
  Re: What is the maximum number of etherchannels we can have?
  Etherchannels is a Cisco term. Other vendors call them 802.3ad trunks. It's common to see something like this in datasheets:
  48 ports 10/100/1000 Mbit/s
  802.3ad:
  Maximum of 32 groups
  Maximum of 8 ports per group
  The document url is https://learningnetwork.cisco.com/thread/43680
  The another document says the below mentioned things :
  Matrix of Load Balancing Methods
  This matrix consolidates the load balancing methods that this document describes:
  Platform
  Address Used in XOR
  Source-Based?
  Destination-Based?
  Source-Destination-Based?
  Load Balancing Method—Configurable/Fixed?
  6500/6000
  Layer 2, Layer 3 addresses, Layer 4 information, or MPLS information2
  Yes
  Yes
  Yes
  Configurable
  5500/5000
  Layer 2 address only
  Yes
  Cannot change the method
  4500/4000
  Layer 2, Layer 3 addresses, or Layer 4 information
  Yes
  Yes
  Yes
  Configurable
  2900XL/3500XL
  Layer 2 address only
  Yes
  Yes
  Configurable
  3750/3560
  Layer 2 or Layer 3 address only
  Yes
  Yes
  Yes
  Configurable
  2950/2955/3550
  Layer 2 address only1
  Yes
  Yes
  —1
  Configurable
  1900/2820
  These platforms use a special method of load balancing. See theCatalyst 1900/2820 section for details.
  8500
  Layer 3 address only
  Yes
  Cannot change the method
  1 For the 3550 series switch, when source-MAC address forwarding is used, load distribution based on the source and destination IP address is also enabled for routed IP traffic. All routed IP traffic chooses a port based on the source and destination IP address.
  2 For the 6500 series switches that run Cisco IOS, MPLS layer 2 information can also be used for load balancing MPLS packets.
  The document url is http://www.cisco.com/c/en/us/support/docs/lan-switching/etherchannel/12023-4.html
  Another document says the below mentioned things for load-balancing :
  inally, here is full list of valid load-distribution methods:
  •dst-ip—Load distribution on the destination IP address
  •dst-mac—Load distribution on the destination MAC address
  •dst-port—Load distribution on the destination TCP/UDP port
  •src-dst-ip—Load distribution on the source XOR destination IP address
  •src-dst-mac—Load distribution on the source XOR destination MAC address
  •src-dst-port—Load distribution on the source XOR destination TCP/UDP port
  •src-ip—Load distribution on the source IP address
  •src-mac—Load distribution on the source MAC address
  •src-port—Load distribution on the source port
  The document url is https://learningnetwork.cisco.com/thread/63064
  Please suggest.