Load balancing over 4 ADSL lines

london.ism · ‎10-17-2011

Hi guys

I'm having 4 ADSl lines (2.5Mb each) installed in one of our branch offices. The plan so far is to put 4 modems in, each presenting an ethernet connection to a Cisco 887VA router which is going to do all the clever stuff. Now I would like to load balance the traffic between these 4 lines in order to get a better service as 2.5Mb is the maximum we can get.

I presume people have done this before, would you be able to point me in the right direction/doc/link? Shall I do NAT on the router rather than the modems? Is there any other way of bonding the lines in order to get as much bandwidth as possible?

BT is not giving us the option for multilink bonding; it's not available at this particular location.

Many thanks!

Elena

Vaibhava Varma · ‎10-17-2011

Hi london.ism

From my personal understanding on this setup the targetted Physical and Logical Setup is as below

D S L P R O V I D E R

! ! ! !

Line1 Line2 Line3 Line4

! ! ! !

Modem1 Modem2 Modem3 Modem4

! ! ! !

LAN1 LAN2 LAN3 LAN4

! ! ! !

CISCO 887 VA

!

LAN Users

The DSL Modems operate either in Dynamic IP (PPPoE) or Static IP (Routed Mode) and the Public IP resides on the DSL Modem itself. We connect the LAN side of the DSL Modems to the Cisco 887VA. Is that correct ?

So now if the traffic requirement is to utilize all the 4 DSL Links as ISP is not providing Bonding then we need to create 4 X L3 Link betwwen the DSL Modems and 887 and put 4 default route to the Next-Hop IPs of DSL Modem LAN Next-Hop IP each. In this way we would be able to achieve the default per-destination load-balancing for the LAN users.

However NAT has still to be done on the DSL Modems as Public IP still resides on the DSL Modems.

Are you planning to use only one 887 VA ? I was just going through the product and found it has just 4 LAN Ports which in this scenario would not be able to achieve the required traffic.

Hope this helps to answer your query.

Regards

Varma

london.ism · ‎10-17-2011

Hi Varma

Thank you for your help.

The design is correct. I would like to do per packet load balancing rather than per destination. I would like the traffic to be spread accross the 4 lines if possible.

Yep, I am planning to us the 887VA as it has 4 FastEthernet interfaces and 1 Ethernet interface and planning to use the later one for the 'LAN Users'

Elena

Vaibhava Varma · ‎10-17-2011

HiElena

Oh I did not look for the Ethernet Interface. So it solves your requirement.Glad to hear it.

Per-Destination Load-Balancing will also spread the traffic across the 4 X DSL Links with the only difference that the spreading is per-flow basis.

Regarding the per-packet load-balancing, please check if you have the option to disable the route-caching on the LAN interfaces connecting to the DSL Modems with below command:

" no ip route-chache"

This command will disable fast-switching and enable the process-switching required for per-packet load-balancing.

Regards

Varma

london.ism · ‎10-18-2011

Hi Varma

Right, got my head around process-switching and fast-switching.

What I'm still a bit confused about is how I configure the routing on the 887 router? Usually I would have a default route pointing to one of the modem lan interfaces. How do I do that now that I have 4 outgoing routes?

Elena

cadet alain · ‎10-18-2011

Hi,

if you put 4 equal default routes of same AD and disable CEF then the router will do load-balancing per packet but if you also do NAT then you'll have to do a route-map matching outgoing interface and apply it like this:

suppose you nat 10.0.0.0/24 to int f0,f1,f2,f3

access-list 10 permit 10.0.0.0 0.0.0.255

route-map NAT1

match ip address 10

match interface f0

route-map NAT2

match ip address 10

match interface f1

route-map NAT3

match ip address 10

match interface f2

route-map NAT4

match ip address 10

match interface f3

ip nat inside source route-map NAT1 interface f0

ip nat inside source route-map NAT2 interface f1

ip nat inside source route-map NAT3 interface f2

ip nat inside source route-map NAT4 interface f3

Regards.

Alain.

Don't forget to rate helpful posts.

Peter Paluch · ‎10-18-2011

Alain,

I would personally never suggest disabling CEF - apart from increasing the load on the router's CPU considerably, some other features are dependent on active CEF, and deactivating it may disable those features as well. I repeat it: beware of deactivating CEF, it is a very dangerous move.

If per-packet load sharing is to be achieved via CEF, all outgoing interfaces shall be configured using the command

ip load-sharing per-packet

It is noteworthy to mention, however, that per-packet balancing in most cases is not a good idea, although it may apparently provide a fine-grained distribution of traffic. Per-destination load balancing, while not as fine-grained, solves many problems related to stateful firewalls and packet reordering, and from a global statistical perspective, it should provide roughly the same distribution of traffic, even though a single flow will not be balanced (which, then again, is not balanced even in EtherChannels and we accept that).

Best regards,

Peter

cadet alain · ‎10-18-2011

Hi Peter,

You're right I had not thought about this command and maybe I had misunderstood what the OP wanted to achieve.

Thanks for correcting my error and let's hope this time this command will get stuck in my mind

Regards.

Alain.

Don't forget to rate helpful posts.

london.ism · ‎10-18-2011

Hi Peter

And if I wanted to switch back to per destination load balancing I would just have to configure this on the same outgoing interfaces:

ip load-sharing per-destination

Also, once all the config is done, what would be the best way/commands to prove that the sharing is working as desired?

Many thanks

Elena

cadet alain · ‎10-18-2011

Hi,

you could apply an ACL outbound on each interface going to modems:

access-list 99 permit ip any any

then sh access-list will give you the hit count on each interface.

Regards.

Alain.

Don't forget to rate helpful posts.

Majed Saeed · ‎10-17-2011

hi ,,

as i understood ... you want to share traffic among all four lines ... if the correct , i suggest to you to use policy based routing for indended subnets with

help of ip access-list or ip refix-list ... then apply particular traffic/subnet OUT of specific FastEthernet interface ....

i hpre this will be helpful for you ..... and for any query get us back ...

regards,

majed

paolo bevilacqua · ‎10-18-2011

As very frequently mentioned on this forum, this is you only option:

http://www.cisco.com/en/US/tech/tk648/tk361/technologies_configuration_example09186a0080950834.shtml

Note: all other discussion, like CEF, per-packet sharing, etc, is totally irrelevant to your problem.

london.ism · ‎12-16-2011

Hey guys

I have finished my little project but unfortunately I didn't manage to make the load-balancing working.
That is because on the LAN side I have two Vlans that need to redirected via separate ADSL lines (2 for each Vlan) and I have done that using policy based routing which doesn't allow for load-sharing.
Now, on one of the Vlans I have a server that I want accessible from a different location on RDP which sometimes works but then it just stops and I don't understand why.
Below I posted my router config, if anyone has some time, any thoughts would be apreciated.
192.168.3.1 is the server.

no aaa new-model
memory-size iomem 10
crypto pki token default removal timeout 0
!
!
ip source-route
!
!
!
!
!
ip cef
ip inspect name myfw udp timeout 3600
ip inspect name myfw tcp timeout 3600
no ipv6 cef
!
!
!
!
vtp mode transparent

!
!
!
controller VDSL 0
!
vlan 2
name Guest
!
vlan 6
name BFR
!
vlan 111
name ADSL2
!
vlan 112
name ADSL3
!
vlan 113
name ADSL4
!
!
!
!
!
!
!
!
interface Ethernet0
no ip address
shutdown
no fair-queue
!
interface ATM0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
no atm ilmi-keepalive
pvc 0/38
oam-pvc 0
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
!
!
interface FastEthernet0
switchport mode trunk
!
interface FastEthernet1
switchport access vlan 111
!
interface FastEthernet2
switchport access vlan 112
!
interface FastEthernet3
switchport access vlan 113
!
interface Vlan1
description 'Management Interface'
ip address 192.168.3.254 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly in
ip policy route-map Server_Policy
!
interface Vlan2
description 'Guest'
ip address 192.168.2.254 255.255.255.0
ip access-group 102 in
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly in
ip policy route-map Guest_Policy
!
interface Vlan6
description 'BFR Interface'
ip address 192.168.6.254 255.255.255.0
ip access-group 106 in
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly in
ip policy route-map BFR_Policy
!
interface Vlan111
description 'ADSL2 Interface'
ip address 1.1.1.1 255.255.255.240
ip access-group 110 in
ip access-group 121 out
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
ip inspect myfw out
ip virtual-reassembly in
!
interface Vlan112
description 'ADSL3 Interface'
ip address 2.2.2.2 255.255.255.240
ip access-group 110 in
ip access-group 122 out
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
ip inspect myfw out
ip virtual-reassembly in
!
interface Vlan113
description 'ADSL4 Interface'
ip address 3.3.3.3 255.255.255.240
ip access-group 110 in
ip access-group 123 out
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
ip inspect myfw out
ip virtual-reassembly in
!
interface Dialer0
ip address 4.4.4.4 255.255.255.240
ip access-group 110 in
ip access-group 120 out
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
ip inspect myfw out
ip virtual-reassembly in
encapsulation ppp
dialer pool 1
dialer-group 1
ppp authentication chap pap callin
ppp chap hostname xxx
ppp chap password 7 xxxx
ppp pap sent-username xxx password 7 xxx
ppp ipcp dns request
ppp ipcp wins request
no cdp enable
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
ip nat inside source route-map NAT1 interface Dialer0 overload
ip nat inside source route-map NAT2 interface Vlan111 overload
ip nat inside source route-map NAT3 interface Vlan112 overload
ip nat inside source route-map NAT4 interface Vlan113 overload
ip nat inside source static 192.168.3.1 4.4.4.5 extendable
ip route 0.0.0.0 0.0.0.0 Dialer0
ip route 0.0.0.0 0.0.0.0 1.1.1.2
ip route 0.0.0.0 0.0.0.0 2.2.2.3
ip route 0.0.0.0 0.0.0.0 3.3.3.4
!
!
ip access-list extended Guest_Nat
permit tcp 192.168.2.0 0.0.0.255 any eq www
permit tcp 192.168.2.0 0.0.0.255 any eq 443
permit tcp host 192.168.3.1 host 1.1.1.3
permit tcp host 192.168.3.1 host 2.2.2.4
permit tcp host 192.168.3.1 host 3.3.3.5
deny   ip any any log
!
ip access-list extended BFR_Nat
permit tcp 192.168.6.0 0.0.0.255 any eq www
permit tcp 192.168.6.0 0.0.0.255 any eq 443
permit tcp host 192.168.3.1 host 1.1.1.3
permit tcp host 192.168.3.1 host 2.2.2.4
permit tcp host 192.168.3.1 host 3.3.3.5
deny   ip any any log
!
logging esm config
access-list 102 remark **** Allow Guest Access ****
access-list 102 permit tcp 192.168.2.0 0.0.0.255 any eq www
access-list 102 permit tcp 192.168.2.0 0.0.0.255 any eq 443
access-list 102 deny   ip any any log

access-list 106 remark **** Allowed BFR Access ****
access-list 106 permit tcp 192.168.6.0 0.0.0.255 any eq www
access-list 106 permit tcp 192.168.6.0 0.0.0.255 any eq 443
access-list 106 deny ip any any log

access-list 110 remark **** ADSL Inbound traffic ****
access-list 110 permit tcp host 12.12.12.12 host 4.4.4.5 eq 3389
access-list 110 deny ip any any log

access-list 120 remark **** Load Sharing Test ADSL1 ****
access-list 120 permit ip any any

access-list 121 remark **** Load Sharing Test ADSL2 ****
access-list 121 permit ip any any

access-list 122 remark **** Load Sharing Test ADSL3 ****
access-list 122 permit ip any any

access-list 123 remark **** Load Sharing Test ADSL4 ****
access-list 123 permit ip any any

access-list 130 permit ip host 192.168.3.1 host 12.12.12.12
!
!
!
!
route-map BFR_Policy permit 10
match ip address 106
set interface Dialer0 Vlan112 Vlan111
!
route-map Guest_Policy permit 10
match ip address 102
set interface Vlan113
!
route-map Server_Policy permit 10
match ip address 130
set interface Dialer0
!
route-map NAT3 permit 10
match ip address BFR_Nat
match interface Vlan112
!
route-map NAT2 permit 10
match ip address BFR_Nat
match interface Vlan111
!
route-map NAT1 permit 10
match ip address BFR_Nat
match interface Dialer0
!
route-map NAT4 permit 10
match ip address Guest_Nat
match interface Vlan113
!
!
control-plane
!
end