Thanks so much..Harold

Harold Ritter wrote:
Hi Anukalp,
For egress load balancing, If you want to load balance using the default route, you can can install both default routes received from both upstream peers in the RIB and let CEF do the load balancing per flow. You would need to configure "maximum-paths 2" for that to happen.

Actually, that is not needed. Default maximum-path value is bigger that 2 already. So in practice, nothng needs to be done, as I had indicated above.

For ingress load balancing, I would suggest you split the prefix you advertise to your ISP in two and advertise the first half through one link and the other half through the other link. For redundancy purposes, you would also need to advertise the whole prefix through both links. For the ingress load balancing to work, you would need to make sure that addresses are used out of both halves of the prefix that was assigned to you. There is only so much you can do to load balance the traffic ingress if all the traffic is going to the same destination address.

Here you are omitting to mention using local-preference, community attributes, and other advance tecniques that are recommended over splitting prefixes. From that my recommendation above of studying the matter before doing anything, or even better, give the job to a qualified engineer.

Paolo,

> Actually, that is not needed. Default maximum-path value is bigger that 2  already.

> So in practice, nothng needs to be done, as I had indicated  above.

The default value for maximum-paths is 1.

http://www.cisco.com/en/US/docs/ios/12_2/iproute/command/reference/1rfindp1.html#wp1019705

> Here you are omitting to mention using local-preference, community  attributes, and other

> advance tecniques that are recommended over  splitting prefixes. From that my

> recommendation above of studying the  matter before doing anything, or even better,

> give the job to a  qualified engineer.

Local preference is something you would use to influence egress traffic, not ingress traffic. Community attributes could be used assuming your ISP does something with it. Not all of them do. I agee there are some other ways to address the issue.

Regards

Hi Harold..

Since configuration to achieve this load sharing seems complicated so i want you to help me out on this.Below is my router config and i want splitting should be done in the way that starting 8-10 IPs should be flow over one link and rest over second circuit.

Also if any circuit goes down all prefixes should flow over active circuit.

Current i am using both circuits as primary and secondary.

----------------------------------------------------------------

interface GigabitEthernet0/0

description ##Primary link##

ip address x.x.x.x 255.255.255.252

duplex auto

speed auto

!

interface GigabitEthernet0/1

description ##Backup link##

ip address y.y.y.y 255.255.255.252

duplex auto

speed auto

!

interface GigabitEthernet0/2

description ### Public LAN Pool###

ip address 121.118.96.2 255.255.255.192

no ip route-cache cef

no ip route-cache

duplex auto

speed auto

!

router bgp 64512

no synchronization

bgp log-neighbor-changes

network 121.118.96.0 mask 255.255.255.192

neighbor x.x.x.x remote-as 4755

neighbor x.x.x.x update-source GigabitEthernet0/0

neighbor x.x.x.x weight 200

neighbor x.x.x.x prefix-list Out out

neighbor y.y.y.y remote-as 4755

neighbor y.y.y.y update-source GigabitEthernet0/1

neighbor y.y.y.y weight 100

neighbor y.y.y.y prefix-list Out out

ip prefix-list Out seq 5 permit 121.118.96.0/26

ip prefix-list Out seq 10 deny 0.0.0.0/0

----------------------------------------------------------------------------------

Hi Anukalp,

The overall config is really not that complicated. To address the egress traffic load balancing, you simply need to add "maximum-paths 2". To address the ingress traffic load balancing, you need to advertise 121.118.96.0/27 via the one link , 121.118.96.32/27 via the other and 121.118.96.0/26 via both links for redundancy.

router bgp 64512

maximum-paths 2

network 121.118.96.0 mask 255.255.255.192

network 121.118.96.0 mask 255.255.255.224

network 121.118.96.32 mask 255.255.255.224

neighbor x.x.x.x remote-as 4755

neighbor x.x.x.x prefix-list link1 out

neighbor y.y.y.y remote-as 4755

neighbor y.y.y.y prefix-list link2 out

!

ip prefix-list link1 seq 10 permit 121.118.96.0/26

ip prefix-list link1 seq 20 permit 121.118.96.0/27

ip prefix-list link1 seq 30 deny 0.0.0.0/0 le 32

!

ip prefix-list link2 seq 10 permit 121.118.96.0/26

ip prefix-list link2 seq 20 permit 121.118.96.32/27

ip prefix-list link2 seq 30 deny 0.0.0.0/0 le 32

!

ip route 121.118.96.0 255.255.255.224 GigabitEthernet0/2

ip route 121.118.96.32 255.255.255.224 GigabitEthernet0/2

This splits your /26 (64 addresses) in two blocks of 32 addresses. The first half will be preferred via link 1 and the second half via link 2. Again, make sure you discuss this with your ISP to ensure that they will not block the advertisement of the /27 prefixes.

Regards

Can you elaborate on this if you don't mind please?

ip route 121.118.96.0 255.255.255.224 GigabitEthernet0/2

ip route 121.118.96.32 255.255.255.224 GigabitEthernet0/2

Why does he need to add the routes to the network that he just split via its own interface?

Also:

ip prefix-list link1 seq 10 permit 121.118.96.0/26 (Shouldn't this be also /27?)

ip prefix-list link1 seq 20 permit 121.118.96.0/27 (Shouldn't this be 121.118.96.32/27)

ip prefix-list link1 seq 30 deny 0.0.0.0/0 le 32

!

ip prefix-list link2 seq 10 permit 121.118.96.0/26

ip prefix-list link2 seq 20 permit 121.118.96.32/27

ip prefix-list link2 seq 30 deny 0.0.0.0/0 le 32

Hi Mohammad,

>Can you elaborate on this if you don't mind please?

Sure.

>ip route 121.118.96.0 255.255.255.224 GigabitEthernet0/2

>ip route 121.118.96.32 255.255.255.224 GigabitEthernet0/2

> 

>Why does he need to add the routes to the network that he just split via its own interface?

These two static routes are required for the BGP routes (the /27s) to be originated via the network statement.

>Also:

>

>ip prefix-list link1 seq 10 permit 121.118.96.0/26 (Shouldn't this be also /27?)

The /26 needs to be advertised in addition to the /27 for redundancy purposes. If one link should fails, all traffic for the entire /26 would converge to the remaining link.

>ip prefix-list link1 seq 20 permit 121.118.96.0/27 (Shouldn't this be 121.118.96.32/27)

In this example, link 1 advertises the first half of the /26 (.0/27) and link 2 advertises the second half (.32/27).

>ip prefix-list link1 seq 30 deny 0.0.0.0/0 le 32

>!

>ip prefix-list link2 seq 10 permit 121.118.96.0/26

>ip prefix-list link2 seq 20 permit 121.118.96.32/27

>ip prefix-list link2 seq 30 deny 0.0.0.0/0 le 32

Regards

You are correct, I had forgot the BGP special maximum-path case, thanks for clarifying.

ThanksYou Harold..

Hi anukalp,
You can achieve load balancing by doing NAT (with ACL) for half of your source over the backup Internet.
This way any traffic coming from the 2nd half of the source subnet would match and be natted to the backup Internet and that should take care of the return routing as well.
In case the secondary link goes down then the associated NAT would also stop working and your entire traffic would have no way other than exiting via the primary circuit.
Since we are not splitting the source pool, we no longer have to worry about whether the provider would support a subset of the block or not.


This solution will not suit if your requirement is to access internet with your original source IPaddress.



- Hiraman

Sent from Cisco Technical Support iPad App

Hi Hiraman,

NAT in this specific case is performed on an internal ASA rather than on the Internet facing router itself. Also even if NAT was performed on the Internet facing router, you would still need to use something like PBR to forward the traffic to the respective outbound interface before the traffic gets natted. With inside to outside NAT, routing happens before NAT is performed.

http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080133ddd.shtml#topic1

Regards

Hi Harold,
I did realise a use of a global PBR after i posted my reply.
Good catch anyways.

Could you elaborate , why we can't NAT on the router. Where does ASA comes into picture, any advantage?

Thank you,
-Hiraman

Sent from Cisco Technical Support iPad App