Per Packet load Balancing in Cisco Switches
Hi Team,
Can we enable per packet load balancing/sharing in cisco 3560 and 4948 Switches ? I can see two routes are installed in routing table for a destination prefix but for traffic to specific destination is not going across both the link. The option what i am getting in command line is ip load-sharing per-destination but not ip load-sharing per-packet.
Please do let me know is there any option to do per-packet load balancing
I have tried disabling route-cache, cef etc.. no result.
Rgds
Rama
Hi Ramachandra,
On both these platforms per packet load balancing is not surpported. it is a feature mostly seen in routers.
it can use the following variables for the load sharing hash (but the per packet is never used)
Source ip
Dest ip
Source tcp port
Dest tcp port
so you can configure flow based sharing based on above parameters on both the switches.
The more random variables going into the hash equation the more likely of an even distribution across links.
The src/dst ports in the equation gives us this randomization. If the same (static) variables go into the hash, the
same link is chosen.
Follow this link for more details:
http://www.cisco.com/en/US/docs/switches/lan/catalyst4500/12.2/25sg/configuration/guide/cef.html#wp1150531
cheers,
sandeep
Similar Messages
-
CEF and per-packet load balancing
We have four OC3 links across the atlantic and I was looking for a solution which would allow load balacing across the four links on a per-packet basis (not session). The objective is both resiliency i.e. being able to handle link failures transparently & balancing the load across all the links. BGP multptah looked like the ideal soultion. However, I was told that the CEF packet based load balancing is no longer supported by CISCO. Is this correct ? Is it applicable for all models ? Are there any other potential solutions?
Appreciate a response from the experts.Hello Rittick,
an MPLS pseudowire will use only one link of the 4 links based on inner MPLS label, it cannot be spread over multiple parallel links.
The MPLS pseudowire can travel within an MPLS TE LSP that can be protected by FRR.
per packet load balancing does not apply to your scenario.
You need to mark traffic of the critical application with an appropriate EXP settings. The EXP bits are copied to the outer (external) label.
On the OC-3 physical interfaces you will configure a CBWFQ scheduler providing 100 Mbps of bandwidth to traffic with specific EXP marking. This is elastic and over unused links bandwidth will be left available to other traffic.
On the LAN interface you need to mark the EXP bits in received packets using a policy-map
access-list 101 permit tcp host x.x.x.x host y,y,y,y
class CLASSIFY-BACKUP
match access-group 101
policy-map MARKER
class CLASSIFY-BACKUP
set mpls exp 3
class class-default
set mpls exp 0
int gex/y/z
service-policy in MARKER
class-map BACKUP
match mpls exp 3
policy-map SCHED-OC3
class BACKUP
bandwidth 100000
class class-default
fair-queue
int posx/y/z
service-policy out SCHED-OC3
applied on all pos interfaces. The MPLS pseudowire will use one link only. Different pseudowires can use different OC-3 links. Load balancing of MPLS traffic is based on internal label (the VC label of the pseudowire)
Note:
you should check if it is possible to mark traffic received on the incoming interface of the pseudowire otherwise you need to mark IP precedence nearer to the host.
Hope to help
Giuseppe -
Trying to load Balance several Cisco ISE servers.
Trying to load Balance several Cisco ISE servers. For persistence, Cisco recommends using Calling-Station-ID and Framed-IP-address...Session-ID is recommended if load balancer is capable of it. I have documentation for the Cisco ACE, but using F5 LTM's. Assuming this has to be done with an I-Rule as none of these are available as a default. Not sue where to begin. I tried attaching the Cisco PDF, but not able for whatever reason.
Please also keep in mind that When using a Load-Balancer (anyone's) you must ensure a few things.
Each PSN must be reachable by the PAN / MNT directly, without having to go through NAT (Routed mode LB, not NAT). No Source-NAT. This includes the Accounting messages, not just the Authentication ones.
This means the Load-Balancer must be in the direct path between the clients and the ISE PSNs.
Some organizations have used Policy Based Routing (PBR) to accomplish the path, without physically locating the Load-Balancer between the clients and the PSNs.
Endpoints (clients) must be able to reach each Policy Services Node Directly (not going through the VIP) for redirections/Centralized Web Authentication/Posture Assessments/Native Supplicant Provisioning, and more.
You may want to "hack" the certs to include the VIP FQDN in the SAN field (my next blog post should cover this trick).
Perform sticky (aka: persistence) based on Calling-Station-ID and Framed-IP-address.
VIP gets listed as the RADIUS server of each NAD for all 802.1X related AAA.
Dynamic-Authorization (CoA):
If you use Server NAT to replace the PSN IP address with the VIP Address for Change of Authorization, then you would use the VIP address as the Dynamic-Authorization (CoA) client.
Otherwise, use the real IP Address of the PSN, not the VIP.
The LoadBalancers get listed as NADs in ISE so their test authentications may be answered, to keep the probes alive.
ISE uses the Layer-3 Address to identify the NAD, not the NAS-IP-Address in the RADIUS packet. This is a big reason to avoid SNAT.
Failure Scenarios:
The VIP is the RADIUS Server, so if the entire VIP is down, then the NAD should fail over to the Secondary DataCenter VIP (listed as the secondary RADIUS server on the NAD).
Use probes on the Load-Balancers to ensure that RADIUS is responding, as well as HTTPS (at minimum).
LB Probes should send test RADIUS messages to each PSE periodically, to ensure that RADIUS is responding, not just look for open UDP ports.
LB Probe should also examine the response for HTTPS, not just look for the open port(s).
Use node-groups with the L2-adjacent PSN's behind the VIP.
If the session was in process and one of the PSN's in a node-group fails, then another member of the node-group will issue a CoA-reauth; forcing the session to begin again.
At this point, the LB should have failed the dead PSN due to the probes configured in the LB; and so this new authentication request will reach the LB & be directed to a different PSN… -
Packet per packet load sharing
hi, my question:
i have two routers which are connected over two links (same type, same speed).
now i want to change from per destination to per packet load-sharing.
i know there is the command "ip load-shar per packet" but my question:
must i use this command on all 4 interfaces (2 interfaces - two router),
or must i only configure this on one interface per router ??
thanks for answer !hi there. I have one doubt pertaining to per-packet load-sharing. In order to connect my two remote sites- A & B, Site A is having two WAN links and Site B is having two WAN links - one from ISP1 (30Mbps link) and the other from ISP2 (50Mbps link). I am doing static route load balancing using same AD values for both the ISPs. I have configured "ip load-sharing per-packet" on both the outgoing interfaces.
The load is getting distributed equally across both the links but total bandwidth utilization across both the links is not going beyond 30Mbps. The combined bandwidth of both links is 80Mbps (50+30). However links are not getting fully utilized even though heavy load is there on the links. Can you please tell me how to make full use of both the wan links at both the ends? -
Hi friends,
This is regarding I am facing issue with configuring the load balancing in cisco rv042 .I had configured the load balancing between dual wan of leased line and adsl coonection but loadbalancing is not working fine kindly help me on thisIf i close one link it takes 20 seconds of downtime and then ping goes without loses.
In the end i decided to go with PBR, since the deadline for our project was surpassed.
I set up acl that matched every other 32 adress block:
10 permit ip 192.168.100.32 0.0.0.31 any
20 permit ip 192.168.100.96 0.0.0.31 any
30 permit ip 192.168.100.160 0.0.0.31 any
40 permit ip 192.168.100.224 0.0.0.31 any
50 deny ip any any
Set a route map that sends that traffic trough one of the interfaces (Gi0/1) and let routing do the rest:
track 1 interface dialer 0 line-protocol
ip route 0.0.0.0 0.0.0.0.0 Dialer0 track 1
ip route 0.0.0.0 0.0.0.0.0 GigabitEthernet0/1 10
Its not exactly what i wanted but its close enough:)
Thanks for your advices. -
How can ftp service on non-standard port be load balanced using Cisco ACE.
How can ftp service on non-standard port be load balanced using Cisco ACE.For example ftp service required on tcp 2000 port
Hi Samarjit,
you can do this by specifying the port number in the class map that you create . Please find the below mentioend config guide where you can specify the tcp/udp port , range or ports or even the wild card to match the port.
http://www.cisco.com/en/US/docs/interfaces_modules/services_modules/ace/v3.00_A1/configuration/administration/guide/mapolcy.html#wp1318826
Regards
Abijith -
Two isp load balancing on cisco ACE(load balancer)
I don't know much about load balancer(ACE).
Is this is possible to load balance two isp's on load balancer (ACE). If so, how i can do so , any configuration example, or cisco document.Wrong forum, post in "Datacenter". You can move your posting with the Actions panel on the right.
-
Load balancing via CHOC12/STS3
Hi, our customer has a connection between 2 x 12012 via the 4 embedded channels of CHOC12/STS3 module.As every subinterface has its own ip-subnet we have 4 equal paths to every destinations.
Customer wants to configure dCEF per-packet load balancing and is concerned if he can get packet sequence problems for his VoIP applications like it may happen on 'normal' equal path cost connections when load balancing per-packet instead of per-destination.
Does anybody know if this can be a concern on the embedded channels ?
Regards GuentherGenerally speaking, for a given source-destination pair, with Per-packet load balancing enabled, packets might take different paths which could introduce reordering of packets. Thus Per-packet load balancing is inappropriate for voice over IP traffic and also for certain other types of data traffic that require packets received to be in sequence. For more information please see
http://www.cisco.com/en/US/products/sw/iosswrel/ps1828/products_configuration_guide_chapter09186a00800ca62c.html#3589. Whether the CHOC12/STS3 module has some special meachanism built in to take care of this is unknown to me. Per-packet load balancing via CEF is not supported on Engine 2 Gigabit Switch Router (GSR) line cards (LCs). -
Hi everybody! I go straight to the problem I'm facing:
I need to send a data stream via RSPAN to a remote device for traffic analysis. Because of the large amount of data (>1Gbps) I need to put the remote VLAN, which carries the RSPAN traffic, on an etherchannel and to load-balance that traffic among the members of the etherchannel.
The problem is that it seems that there's no algorithm I can use to load-balance the RSPAN traffic. The device I'm using is a Cisco 3750 switch, so no per-packet load balancing algorithm is available (and I think that, even if I could use this technique, I would encounter some sort of out-of-sequence packets issue).
Is there a way to efficiently load balance a RSPAN traffic on an etherchannel?Hey Enrico,
Etherchannel will perform load balancing as per the selected hashing algorithm. In 3750 default is src-mac address so it will only check the source mac-address of RSPAN traffic while performing load balancing across etherchannel. So you may change it to a more granular value, available options are provided in link below:http://www.cisco.com/en/US/docs/switches/lan/catalyst3750x_3560x/software/release/12.2_53_se/configuration/guide/swethchl.html#wp1276203
HTH.
Regards,
RS. -
Resources for designing redundancy and load balancing among data centers
Hello all,
I'm looking for resources for designing redundancy and load balancing between two physically separate data centers. I'm looking for some "best practice" links, tips, or recommendations. Any suggestions are appreciated!
Thanks.I think that we can do per packet load balancing by using CEF.
Please go to the following URL:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/fswtch_c/swprt1/xcfcefc.htm#xtocid5
Also, you may need local director or distributed director. What resource/application is availalbe in the data centre? (e.g. http server, ftp server, TN3270 server, and so on) -
I have a lab scenario, that is confusing me greatly. I can get per packet load-balancing working when I ping from R2 to interfaces in the 192.168.1.0/30. However, when I'm pinging from R3 , I can't packet load-balance to interfaces in 192.168.4.0/30. I also can't packet load-balance from R1 pinging to interfaces in 192.168.4.4/30. Am I doing something wrong? Thanks...
I have three routers: R1, R2, R3.
R1: Eth0 192.168.1.1/30 connected to R3 eth0
R1: Ser0 192.168.4.1/30 connect to R2 Ser0
R2: Ser0 192.168.4.2/30 connect to R1 Ser0
R2: Ser1 192.168.4.5/30 connect to R3 Ser0
R3: Eth0 192.168.1.2/30 connect to R1 eth0
R3: Ser0 192.168.4.6/30 connect to R2 Ser1
All of the routers run:
2500 Software (C2500-I-L), Version 12.2(29a), RELEASE SOFTWARE (fc1)
Configs for R1, R2, R3 are attached as a plain text file and listed below:
R1 config:
version 12.2
service timestamps debug uptime
service timestamps log uptime
service password-encryption
service udp-small-servers
service tcp-small-servers
hostname R1
ip subnet-zero
ip host R1 192.168.1.1
ip host R2 192.168.4.2
ip host R3 192.168.1.2
interface Ethernet0
ip address 192.168.1.1 255.255.255.252
no ip route-cache
no ip mroute-cache
interface Serial0
ip address 192.168.4.1 255.255.255.252
no ip route-cache
no ip mroute-cache
interface Serial1
no ip address
no ip mroute-cache
shutdown
interface Serial2
no ip address
no ip mroute-cache
shutdown
interface Serial3
no ip address
no ip mroute-cache
shutdown
interface BRI0
no ip address
encapsulation hdlc
no ip mroute-cache
shutdown
router rip
version 2
network 192.168.1.0
network 192.168.4.0
ip classless
no ip http server
line con 0
line aux 0
line vty 0 4
end
R2 config:
version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
service password-encryption
hostname R2
ip subnet-zero
ip host R1 192.168.1.1
ip host R2 192.168.4.2
ip host R3 192.168.1.2
interface Ethernet0
shutdown
interface Serial0
ip address 192.168.4.2 255.255.255.252
no ip route-cache
no ip mroute-cache
clockrate 56000
interface Serial1
ip address 192.168.4.5 255.255.255.252
no ip route-cache
no ip mroute-cache
clockrate 56000
interface Serial2
no ip address
shutdown
interface Serial3
no ip address
shutdown
interface Serial4
no ip address
shutdown
interface Serial5
no ip address
shutdown
interface Serial6
no ip address
shutdown
interface Serial7
no ip address
shutdown
interface Serial8
no ip address
shutdown
interface Serial9
no ip address
shutdown
interface BRI0
no ip address
encapsulation hdlc
shutdown
router rip
version 2
network 192.168.4.0
ip classless
no ip http server
line con 0
line aux 0
line vty 0 4
end
R3 config:
version 12.2
service timestamps debug uptime
service timestamps log uptime
service password-encryption
hostname R3
ip subnet-zero
ip host R2 192.168.4.2
ip host R1 192.168.1.1
ip host R3 192.168.1.2
interface Ethernet0
ip address 192.168.1.2 255.255.255.252
no ip route-cache
no ip mroute-cache
interface Serial0
ip address 192.168.4.6 255.255.255.252
no ip route-cache
no ip mroute-cache
interface Serial1
no ip address
no ip mroute-cache
shutdown
interface BRI0
no ip address
encapsulation hdlc
no ip mroute-cache
shutdown
router rip
version 2
network 192.168.1.0
network 192.168.4.0
ip classless
no ip http server
line con 0
line aux 0
line vty 0 4
endI figured it out. When I configur "no auto-summary" on each router it behaves nicely with per packet load balancing. I guess I needed to get rid of the summarized routes listing /24 for my VLSMed 4.0 4.4 /30 networks.
Thanks -
MPLS Load Balancing/Sharing with TE or CEF or Both?
So I am just playing around in GNS3 trying to set up multiple ECMP links between to P routers like this;
CE1 -- PE1 -- P1 == P2 -- PE2 -- CE2
(There are actually four links between P1 & P2!)
I have set up a pseudoswire xconnect from PE1 to PE2 so CE1 & 2 can ping each other on the same local subnet range. That works just fine.
My question is this:
I have configured "ip load-sharing per-packet" on each of the four interfaces on P1 and P2 that are facing each other (I know per-packet balancing is frowned upon but lets not talk about that right now!) and this works, traffic is distributed across all links (I can see with packet captures in GNS3).
Where does "ip load-sharing per-packet" fit in to the chain of events with regards to MPLS and CEF etc?; So, with MPLS enabled everywhere the two P routers are forwarding based on labels and not IP address. With MPLS enabled, does this command force the P routers to load-balance each MPLS frame as it comes in, round-robbin'ing the ingress frames across all links, the same as it would if it were a plain IP packet? So the command is ignorate of the kind of traffic being used? Or is the P router looking down into the MPLS frame for the IP in the IP packet?
Also, in order to get the same sort of performance boost you get from per-packet load balancing, seeing as I am using MPLS here, should I be using some francy MPLE TE to do this instead of that interface sub-command?
If I remove that command, I seem to always use link 2 for sending traffic towards P2 from P1, and link 3 for receiving the return traffic from P2 to P1. This is presumably because the ICMP packets have nothing to hash on except the source and destination IP addresses, so they always hash to the same physical links. Without using that command how else can I make use of the four links?Hello Jwbensley,
first of all,
"ip load-sharing per-packet" is not a viable option as it causes out of order issues.
Real world devices perform load balancing based on the second (more internal ) label value so to achieve some load balancing for example multiple pseudowires must be defined between the same pair of PE nodes.
L3 VPN use different internal labels for different customer prefixes of the same VRF site ( unless some special command is used to say use one label per VRF site)
>> f I remove that command, I seem to always use link 2 for sending traffic towards P2 from P1, and link 3 for receiving the return traffic from P2 to P1
This is the expected behaviour in this scenario.
With MPLS TE you can achieve results similar to the use of multiple pseudowires /LSPs : forms of load sharing not true load balancing. In all cases in MPLS world flow based and not per packet
Hope to help
Giuseppe -
Pix OSPF load balancing question
I have a pix 515e with two default routes, learned via OSPF from two routers on the "outside" interface.
Currently router#2 is being preferred way much more than router#1. There are many thousands of destinations for the traffic. These two routers are further doing NAT to nat rfc1918 ip's to the internet (the pix is NOT doing nat)
Can someone please let me know how the PIX does load balancing? is it by IP address destination? is it something else?
thanks,
JoePer TAC:
"the PIX will do per-destination Load Balancing instead of per packet
load balancing. The algorithm will look at the source and destination
addresses. It does not do 1:1 load balancing. Given enough different
source and destination addresses, the packets will more or less reach a
50/50 spit between the two next-hops. However, in real world testing
with the same source and destination addresses, it may not reach an even
load balancing." -
Load balancing with Serial Leased Lines & Etherdrops
This problem is a unique one.
I have 6 Internet Leased Lines of 2 Mbps each. Keeping in view of the increasing thirst for Bandwidth, I ordered Etherdrops for the ease of on the fly upgrade, as & when needed.
To my surprise, when these Etherdrops were terminated on router, there was no trafic flowing over these etherlinks. I had to forcefully put traffic on these links using PBR.
I want to use all my links i.e. 6 serial + 2 etherlinks for per packet load-balancing.
can some1 help.
Regards,Hi
are you running any routing protocols with your ISP ?
also you can have a max of 6 equal cost route in routers.
Thats the reason i feel you are unable to use the etherdrops.
Y dont u think off going on upgrading the E1s into Fiber and take them as single ethernet output or a E3 output ?
regds -
MPLS/VPN network load balancing in the core
Hi,
I've an issue about cef based load-balancing in the MPLS core in MPLS/VPN environment. If you consider flow-based load balancing, the path (out interface) will be chosen based on source-destination IP address. What about in MPLS/VPN environment? The hash will be based on PE router src-dst loopback addresses, or vrf packet src-dst in P and PE router? The topology would be:
CE---PE===P===PE---CE
I'm interested in load balancing efficiency if I duplicate the link between P and PE routers.
Thank you for your help!
GaborHi,
On the PE router you could set different types and 2 levels of load-balancing.
For instance, in case of a DUAL-homed site, subnet A prefix for VPN A could be advertised in the VPN by PE1 or PE2.
PE1 receives this prefix via eBGP session from CE1 and keep this route as best due to external state.
PE2 receives this prefix via eBGP session from CE2 and keep this route as best due to external state.
eBGP
PE1 ---------CE1
PE3----------P1 Subnet A
PE2----------CE2 /
eBGP
Therefore from PE3 point of view, 2 routes are available assuming that IGP metric for PE3/PE1 is equal to PE3/PE2.
The a 1rst level of load-sharing can be achieve thanks to the maximum-paths ibgp number command.
2 MP-BGP routes are received on PE3:
PE3->PE1->CE1->subnet A
PE3->PE2->CE2->subnet A
To use both routes you must set the number at 2 at least : maximum-paths ibgp 2
But gess what, in the real world an MPLS backbone hardly garantee an equal IGP cost between 2 Egress PE for a given prefix.
So it is often necessary to ignore the IGP metric by adding the "unequal-cost" keyword: maximum-paths unequal-cost ibgp 2
By default the load-balancing is called "per-session": source and destination addresses are considered to choose the path and the outgoing interface avoiding reordering the packets on the target site. Overwise it is possible to use "per-packet" load-balancing.
Then a 2nd load-sharing level can occur.
For instance:
__P1__PE1__CE1
PE3 \/ Subnet A
\ __P2__PE2__CE2
There is still 2 MP-BGP paths :
PE3->P1->PE1->CE1->subnet A
PE3->P1->PE2->CE2->subnet A
But this time for 2 MP-BGP paths 4 IGP path are available:
PE3->P1->PE1->CE1->subnet A
PE3->P1->PE2->CE2->subnet A
PE3->P2->PE1->CE1->subnet A
PE3->P2->PE2->CE2->subnet A
For a load-balancing to be active between those 4 paths, they must exist in the routing table thanks to the "maximum-path 4 "command in the IGP (ex OSPF) process.
Therefore if those 4 paths are equal-cost IGP paths then a 2nd level load-balancing is achieved. the default behabior is the same source destination mechanism to selected the "per-session" path as mentionned before.
On an LSP each LSR could use this feature.
BR
Maybe you are looking for
-
I have two devices (Iphone and Ipad) on the same Apple ID. When I go to Icloud and click at the "find Iphone" I see only one of my devices. How can I do to see both of them?
-
Sales BOM not exploding automatically while creating an order
Hi CRM experts, While creating an order in CRM, the sales BOM is not exploding automatically. It explodes when doing a request download of it and then entering in order. Found that the FM CRM_BOM_EXPLOSION_EC is responsible for exploding the BOM and
-
How do I archive certain albums in iPhoto?
Hi, I am using a Macbook Intel core 2 duo, so it's a few years old now and my iPhoto '11 is running incredibly slow. I have over 12,000 photo's in the library so what I want to do is archive most of these photo's and get them out of iPhoto. I plan on
-
Unable to view all the pdf menubars in internet browser
We are working on a web application where we have to provide options to users to edit pdf directly(like changing the text) and save to the server again. I installed acrobat professional on my machine to develop the code. But when i open the pdf in my
-
We are on SAP 4.6C and Vertex Q Series 3.1 I had to put in several exceptions for a North Dakota max tax, which was optional. We are taxing at item level and for these ND transactions I need the tax to be calculated at an invoice level. Is there a wa