Is ECMP for SD-WAN Edge load balancing traffic per flow OR per packet?

SIMMN · ‎06-15-2023

Referencing the simple diagram below, I am trying to understand more regarding how ECMP is used by SD-WAN edge to prevent traffic flapping between Edge routers in a dual internet DIA setup.

The Edge routers and switch are running OSPF with default generated from edge routers. ECMP would be used to load balance traffic between edge 1 and edge 2 on the LAN facing side. Either Edge 1 or 2 is configured with VPN0 to do NAT for the DIA.

So will ECMP prevent user single flow traffic (source 10.10.1.10, destination 1.1.1.1) to Internet bouncing between Edge 1 and Edge 2?

Kanan Huseynli · ‎06-15-2023

Hi,

in your topology ECMP is done by central switch which is not SD-WAN device. And it will depend on that switch logic. Normally and by default every device use per flow logic. So, due to cef load balancing result (assuming cisco is L3 Cisco) it will choose either R1 or R2 for the traffic from User (10.10.1.10) to some destination (1.1.1.1). Receiving router will simple do NAT and send to internet. Return traffic comes to the same router (due to public IP) and it does un-NAT and sends to switch where switch does simple routing& switching towards end user.

In general, in SD-WAN Load balancing is per-flow only. I have never seen any doc showing per-packet logic.

See section "Configure Load-Balancing Algorithm Using the CLI" from config guide:

https://www.cisco.com/c/en/us/td/docs/routers/sdwan/configuration/system-interface/ios-xe-17/systems-interfaces-book-xe-sdwan/configure-interfaces.html?bookSearch=true

"Classic IOS XE" command "ip load-sharing algorithm" is not used for per-packet or per-flow determination in interface anymore.
It is used in SD-WAN mode for SD-WAN load balancing logic.

Site2-Rtr1(config)# interface GigabitEthernet 2
Site2-Rtr1(config-if)# ip load
^
% Invalid input detected at '^' marker.

Site2-Rtr1(config-sdwan)# ip load-sharing algorithm ?
Description: hash algorithm
Possible completions:
[src-dst-ip]
ip-and-ports source,destination ip and port load-balancing
src-dst-ip source,destination ip load-balancing
src-ip-only source ip only load-balancing

https://www.cisco.com/c/en/us/td/docs/routers/sdwan/command/iosxe/qualified-cli-command-reference-guide/m-ip-commands.html#GUID-12160565-81FF-4A7D-A2DB-A8B29C2563F8

HTH,
Please rate and mark as an accepted solution if you have found any of the information provided useful.

SIMMN · ‎06-15-2023

Thanks for the info! It is a Cisco switch on the LAN. As far as the ECMP is doing per-flow load balancing, it should be good.

I believe VMware SD-WAN is per-packet load balancing wit the receiving end to do re-sequencing and re-assembly.

MHM Cisco World · ‎06-15-2023

The following load-balancing methods are supported on Cisco IOS XE SD-WAN devices:

Flow-Based

VLAN-Based

Kanan Huseynli · ‎06-15-2023

It is for SD-WAN port-channel, not for L3 routing:

https://www.cisco.com/c/en/us/td/docs/routers/sdwan/configuration/system-interface/ios-xe-17/systems-interfaces-book-xe-sdwan/m-cisco-sd-wan-etherchannel.html

HTH,
Please rate and mark as an accepted solution if you have found any of the information provided useful.

Joseph W. Doherty · ‎06-15-2023

"So will ECMP prevent user single flow traffic (source 10.10.1.10, destination 1.1.1.1) to Internet bouncing between Edge 1 and Edge 2?"

By bouncing between Edges 1 and 2, do you mean something like round-robin, per packet, ECMP?

If you do, cannot say for sure with regard to SD-WAN, but generally, Cisco does NOT, by default, round-robin a flow's packets. Flows, though, generally are round-robin when doing ECMP.

BTW, when you get into unequal cost multipath, or something like PfR which can dynamically load balance across multipath, those too generally do not split a flow's packets across paths.

Reason for trying to maintain a flow's packet sequencing, even though IP doesn't guarantee it and TCP will insure it, almost all networks applications don't like a flow's packets re-ordered.