BTW, I was just looking at CEF options in CML and found, at least in later IOS-XE versions, a new DPI (deep packet inspection - see Load Balancing Application Flows Using Deep Packet Inspection Algorithm) has been added to CEF hashing.  This seems specifically designed to "see" within tunneled packets to try to separate encapsulated flows so they can be better distributed by CEF across ECMP.  I suspect your switch might not support this option, but if it did, it would be a better (?) alternative to per-packet load sharing.

I've also been looking over MLPoE, but unclear it can performed without "users" and/or whether it could handle 200 Mbps (and whether a switch would even support it - keep in mind, switches tend to be feature poor compared to routers - but, of course, they can often move a lot, lot more bits for the same price).

The switch is a 9300 running 17.1.1 which is older I know so I thought that might be the issue but it’s iOS XE and the latest version just shows the same. I defaulted the interfaces too to test but that’s the limit of the command. I can set the load share algorithm to tunnel globally but that’s about it. 

EDIT. looking at your link above for dpi and it references ver 16 and I think I see the issue I’m not on the same page. That config is for the port channel. After it appeared a port channel wasn’t the answer I ripped it out. I’m gonna look deeper at this config using a port channel and test…

Edit 2: (deep packet inspection - see Load Balancing Application Flows Using Deep Packet Inspection Algorithm) 

I see this in the literature and it makes sense, but that command definitely does not exist in global config mode, in the portchannel config or the interfaces...on the IOSXE i'm running.  And each time try to do a search for an equivalent doc under 17.x.x i get a "Search is currently unavailable due to technical issues. We are working to resolve the problem as quickly as possible." error from Cisco.  I'm very close to the point of pushing back on the other vendor now. At lease with this thread I can probably get one of their engineers to take an interest

Problem might be, feature not supported on a switch.

You mentioned the 9300 is in front of a router?  If so, model of router and free ports?  (BTW, routers can usually do port channels too.)

Well I looked at a router, with a universalk9 bin file and the dpi command is there. So it’s either a router/switch difference or a k9 vs ipbase thing. Either way it’s a stopping point…the wrong license or the wrong hardware to accomplish this.  This now becomes a finance decision. A million thanks tho!

Hello @wwwlstr0707 ,

this DPI for load balancing is an advanced feature that requires high level of flexibility that can be achieved on software based routers but it is really difficult to implement on hardware based platforms like switches in your case Cat9300. So my guess is that this is not a question of license level rather a platform functional limit.

As I have noted your best move is to get an high speed link like 250 Mbps.

Hope to help

Giuseppe

Yeah that’s a goal for me, one larger link it’s just there’s other vendors involved and ummmm those pesky politics but thanks a bunch for the explanation too!

Very, very likely a switch vs. router difference, for the reasons @Giuseppe Larosa describes.

Again, though, does this gets its traffic from an upstream router?  If so, reason for using switch?

Simply the switch provides the necessary port density for the port channel. And it was the knee jerk response, and it didn’t work out of the gate and here we are. lol. 
Sounds like the resolution, if a single larger link doesn’t pan out, is a router upgrade. 

Just a side note, @MHM Cisco World reference is the same feature, DPI, my previous reply references.  However, his reference is to an earlier IOS release which doesn't also note a possibly VERY CRITICAL (for OP case) feature noted in my reference, tunnel-less support!  I.e. impacts port-channel (Etherchannel hashing) distribution!

This feature, if your platform supports, may easily mitigate your issue, at least for your egress traffic.

For ingress traffic (return traffic), as @Giuseppe Larosa earlier noted, this, or other approaches, require other side configuration changes too.  However, you should be able to use this feature, for your egress traffic, without any changes being needed on the other side.

To recap your possible options, you could obtain a higher bandwidth link.  As @Giuseppe Larosa earlier described, that would be about your best option for bandwidth (and/or least complexity).  The only major disadvantage is it's a single point of failure.

Obtaining maxium advantage of multiple links' bandwidth can run into many snags, a major one, is the one you've described, individual flows usually being limited to using just one link, in your case, it's the worst case as a tunnel is generally seen as a single flow.

However, most multi link technologies don't dynamically select links based on individual current link utilization.  For example, dual links usually don't effectively provide twice the bandwidth, they average about a 50% increase.

Technologies such as Cisco's PfR (which can perform dynamic load distribution) or per-packet routing, MLPPP or hardware mux come much closer to obtaining all available bandwidth, but some lose some bandwidth to their own embedded control data (also more impactful as packet size decreases).

Regardless of whether you have a single high bandwidth link multiple lessor bandwidth links, other considerations impact how well you leverage your WAN bandwidth.

As you're tunneling, you should insure you're not fragmenting packets.

Assuming your 50 Mbps links are higher bandwidth Ethernet ports, you should shape to avoid your WAN provider dropping some of your traffic "invisible" to you.

If your shaping shows congestion, you might consider QoS to manage such congestion.  (Ideally, if you can, enabling FQ often makes apps work "better" across such congestion.)

Can you check if your platform cef support universal ID or not ?

MHM