Collapsed Core/Distribuition VSS and load balancing the VLAN's out to the WAN

CSCO11492837 · ‎11-23-2012

Hi,

I'm wondering if people on here can assit me with a query i have about the way to load balancing a collapsed core/distribution as based on the below diagram.

The core/distribution layer will be where the vlan's gateways are configured and will reside. OSPF will be configured between the core layer and the WAN edge with 4 seperate cables for resilience/redundancy.

The query i have is we want to run the WAN routers in an Active/Active setup so to make best use of the available WAN links. I fully understand how this can be achieved on the WAN edge using BGP and setting the AS med values for certain subnets to be worse than others.

What im struggling to work out is how i can set the Cisco VSS logical switch to load balance some vlan's to the router on the left as its primary and then the other vlan's to the right hand router as its primary, they will then use each other as backup. i know in normaly layer 3 point-to-points you would use delays but this will affect all vlan's and not just the selected onces i want as primary on the left and others as primary on the right.

Hopefully its something fairly easy but im hoping for some assistance here and if VSS is the right solution for what i need to achieve.

Thanks in advance

Craig

shillings · ‎11-23-2012

Would you ideally like to load balance all VLANs across both gateways on a per-session basis, or is the requested VLAN split across the gateways preferable in some way?

CSCO11492837 · ‎11-23-2012

So what i would like to be able to do is set it so that say vlan 1-5 went out router on left and then 6-10 out router on the right, this would be matched with BGP to ensure symmetry on the routing in and out of the site but as this is acting as 1 big switch im not sure if its possible without something like PBR.....

shillings · ‎11-23-2012

Sorry, I do understand what you want, but there might be simpler methods, so I just wanted to make sure I wasn't missing something important.

Reference outbound traffic, what about IP CEF load balancing? This would be applied across all four /30 IP links between the VSS-enabled switch pair and the two WAN edge routers on your diagram. Load balancing would be performed on a per-session basis though, so I'm not sure if that works for you.

You could then tie each static default route to an IP SLA ping. Ideally each Ping would be destined to the remote end of each WAN circuit (i.e. a router located in your ISPs local PoP.) If the Ping fails after a preset number of attempts, then the relavant static default route is withdrawn from the IP Routing table on your VSS-enabled switch pair.

CSCO11492837 · ‎11-23-2012

ok, but would that enable me to select the vlan subnet ranges to manipulate them? im wondering if its worth etherchanneling to the routers from the VSS cores to limit the number of /30's required.

so how does the load balancing work, does it cover a subnet range or does it do on individual IP's as i want to be able to fully control routing inside and out

shillings · ‎11-23-2012

No, IP CEF will not split the traffic based on the source VLAN. It would not take into accont the source IP address. That's why I asked about the purpose behind your original question and splitting the VLANs across the two routers. Is this just what you think you must do or is there a specific reason behind it?

IP CEF load balancing, configured in 'per-destination' mode, takes each new destination session and sends it down the least utilised link. So as long as your traffic routes to a variety of end-point addresses (i.e. normal Internet browsing to a variety of websites), then you should get pretty even distribution. If you have a single VPN and send most of your traffic to the same VPN end-point address, then this won't work for you.

There is also IP CEF per-packet load balancing, but I would avoid this. It spreads the traffic more evening on a per-packet basis, but disrupts real-time traffic by increasing the chance of out-of-order packets.

I guess your EtherChannel idea would simplify the design a little bit. Just two static routes instead of four. I guess each WAN router will need a switchport WIC to terminate a layer-2 EtherChannel. Or perhaps they will each accept a layer-3 EtherChannel, similar to an ASA... What model and IOS feature set are they running?

CSCO11492837 · ‎11-28-2012

Hi Thanks for your detailed reply and apologies for my late reply.

There is no real purpose behind needing subnet specific load balancing. The site will be used in the future for VOIP services so i wanted to try and ensure a symmetrical routing flow, obviously i guess with CEF load balancing it will give me an even flow but there is the potential for asymmetric flows to occur.

Can you advise what is the requirement around the static routes and tieing it to an IP SLA ping, ive not really needed to use such things before, is this a requirement of CEF load balancing?

The routers im planning to use are 3925's running version 15 code but we dont have these devices yet so it will be the latest firmware at the time of order i guess.

Thanks for your help with this, its greatly appreciated.

Cheers

Craig

Joseph W. Doherty · ‎11-28-2012

Disclaimer

The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.

Liability Disclaimer

In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.

Posting

You might want to consider PfR.

shillings · ‎11-29-2012

Yes, traffic can definitely flow out one link and return via the other. Joseph's suggestion for PfR might fix this, but I've never used it. I thought it was quite expensive, but depends on what you consider expensive I guess.

The second reply in this thread defines the IP SLA config and ties it to a static route:

https://supportforums.cisco.com/thread/2108035

Bear in mind that IP CEF load balancing is only for your outbound traffic. You still need a method for inbound load balancing - i.e. from the ISP towards your network. If you have two ISPs, then I think you must use BPG for inbound load balancing. This is likely to be less granular than IP CEF. If you have a single ISP, then ask them what they can offer.

Ref IOS, if your Cisco partner buys through the correct in-country distribution channels, then you have 3 months free TAC support and IOS maintenance updates. So you'll have plenty of time to upgrade, if you wish. If it turns out to be a grey import, then I'm not sure where you stand.

Joseph W. Doherty · ‎11-29-2012

Disclaimer

The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.

Liability Disclaimer

In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.

Posting

Joseph's suggestion for PfR might fix this, but I've never used it. I thought it was quite expensive, but depends on what you consider expensive I guess.

Expensive, hmm? Earlier version, OER, I recall was in most feature sets except IP Base. Without researching, don't know what the current Cisco approach is for licensing PfR usage.