Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1842
Views
15
Helpful
10
Replies

etherchannel load balancing - questions

Go to solution
ITexpert
Level 3
Level 3

‎09-12-2018 11:11 AM - edited ‎03-08-2019 04:08 PM

Hello Guys,

@paul driver  @Joseph W. Doherty  @Reza Sharifi @Deepak Kumar  @Georg Pauwen @Leo Laohoo

 

I have some confusions about load-balancing with etherchannels, 

 what are options to do load balancing ?

how to decide the right method for best results ?

 

I know these are parameters that can used, source-ip, dst-ip, source-mac, dst-mac , src-dst-MAC , may be more (please mention  if something left). 

whats the diff bw src-MAC and src-dst-MAC and where to use each ?

 

Thanks

1 person had this problem
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Joseph W. Doherty
Hall of Fame
Hall of Fame
In response to ITexpert

‎09-14-2018 09:33 AM

"Thanks alot, I know that load balancing at L2 USE MAC-ADD and L3 use IP addresses , . . ."

Not really. If I remember correctly, load balancing algorithm doesn't depend on whether the Etherchannel is configured as L2 or L3, the devices looks at the packets, regardless of the Etherchannel port configuration.

"First question , By default all four ports are splitting the traffic by 25% each. Is that correct ?"

That's the ideal, but it assumes your choice of algorithm ideally splits the flows (and even if it does that, Etherchannel [as also noted by others] doesn't take into account actual load on a link, so, especially over short time intervals. actually load is often not evenly split).

"Second, Lets say I want that Internal employees will use only 1 link out 4, I believe I have to use src-dst IP in this case. Is that correct ? "

That sorts of defeats the purpose of Etherchannel, and src-dest IP normally would not send different internal hosts to the same link (this assumes they all have different IPs).

"Third Question, doing ether-channel with server and access layer switch can helpful for traffic between their communication but how to achieve this till Gateway/Firewall ?"

Much depends whether the Gateway/Firewall is using a single attribute, like MAC, that you alone are using. However, if you use both src and dest, the other side often varies, and if it does, flows this be directed to different links.

View solution in original post

0 Helpful

Go to solution
Richard Burts
Hall of Fame
Hall of Fame
In response to ITexpert

‎09-14-2018 11:01 AM

You have asked three questions and here is how I would answer them.

1) If the etherchannel consists of 4 ports then each port carries some of the traffic. It would not necessarily be 25% on each port. The distribution of traffic depends on the algorithm and depends on the diversity of traffic. Let me suggest an extreme example: think about a situation in which a single client in the Internet accesses a single server in your network. In that case 100% of the traffic would use a single link in the Etherchannel. 

2) asks about Internal employees using a single port in the Etherchannel. The main part of the topic of this discussion was about load sharing. But in this question it seems that you want to defeat sharing and force all traffic from Internal employees to use one port. If this discussion were about just layer 3 load sharing then I might suggest that you could achieve your objective that Internal traffic use just one path by using Policy Based Routing. But when the discussion is about etherchannel then I do not know of any way to arrange that traffic of Internal users would use just a single port.

3) I believe that the third question suggests an Etherchannel between a server and an access switch is functioning to optimize traffic and asks how to similar optimize traffic between the access switch and the Gateway/Firewall. We would need to know much more about your environment, especially what kind of connections exist between the access switch and the Gateway/Firewall.

 

HTH

 

Rick

HTH

Rick

View solution in original post

0 Helpful
10 Replies 10

Go to solution
Tamim
Level 1
Level 1

‎09-12-2018 12:00 PM

it depends on what type of traffic is going over the ether channel.
So if there isn’t much variety of src dst ip addresses, you will notice that the load sharing isn't done evenly over the channel members.
Since the hashing will always be the same and thus the same channel member will be used while the other is not in use.

That’s when you can decide to load balance on a different level such as mac level or even port numbers.
The more various src dst patterns you have the more likeliness you have that a different hash comes out and thus resulting and evenly load balancing all the available channel members.
0 Helpful

Go to solution
Joseph W. Doherty
Hall of Fame
Hall of Fame

‎09-13-2018 05:01 AM

Load balancing options vary per platform. So, optimal load balancing isn't always possible.

"Best results" are generally obtained by using the attributes that vary the most between your different traffic flows.

Often you obtain good (to best) results if you use src-dest-IP. Src/dest IP with ports, when offered, often will provide the best results. However, again, you want to use the "best" available load balancing algorithm for your traffic mix and needs.

Go to solution
Richard Burts
Hall of Fame
Hall of Fame
In response to Joseph W. Doherty

‎09-13-2018 02:11 PM

The original post was not clear whether these Etherchannels are configured as layer 2 or as layer 3. And the options for load balancing vary depending on which layer you are operating at. The one thing we can say is that the load balancing will be better the more variability there is in what is being evaluated. And in general more variability will occur the more parameters are being evaluated. So source dest with port would in general provide more variability than source dest which would provide more variability that just source or just dest.

 

The choice of what is best really depends on knowledge to the local environment and of the traffic patterns in the network.

 

HTH

 

Rick

HTH

Rick

Go to solution
ITexpert
Level 3
Level 3
In response to Richard Burts

‎09-14-2018 05:37 AM

Hello @Richard Burts@Joseph W. Doherty  @Reza Sharifi @Georg Pauwen

 

Thanks alot,  I know that load balancing at L2 USE MAC-ADD and L3 use IP addresses ,   I am still confuse,

For example lets say, using src-dst mac   , which means you can forward the traffic from specific src towards specific mac through particular link of ether-channel. Is  that correct ?

 

 and using src mac only means that traffic from that particular src will pass through particular user defined link of ether-channel with considering destination. Is that correct  ?

 

Now question arrive that at L3 load balancing, lets say we have web server connect through lacp  ether-channel of 4 ports which is utilized from Internet by alot of people and we want to do load balancing. 

 

First question , By default all four ports are splitting the traffic by 25% each. Is that correct  ?

 

Second, Lets say I want that Internal employees will use only  1 link out 4, I believe I have to use src-dst IP in this case. Is that correct ?   

 

Third Question, doing ether-channel with server and access layer switch can helpful for traffic between their communication but how to achieve this till Gateway/Firewall ?

 

I am asking these type of questions because my IT Manager thinks ether-channel is useless because in the end Firewall is connected with just one port to ISP. I explain him that we can do traffic shaping at Firewall to make web-server traffic prioritize.

 

0 Helpful

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame
In response to ITexpert

‎09-14-2018 05:59 AM

 

Etherchannel uses an algorithm to work out which link to use so if you use src mac only then it is just that address that is used with the algorithm to work out which link to use, whereas src-dst mac would use both addresses as input to the algorithm etc. 

 

That is all you are doing, providing variable input to an algorithm to try and spread the traffic as evenly as possible across multiple links. 

 

Etherchannel load balancing is not precise so there is no guarantee of an exact split between the links and if even if there were load balancing is done per connection (flow) with no account taken of the amount of traffic in that flow. 

 

If you only want to allow internal employees to use one of the links the question really is why use etherchannel ? 

 

Not sure I understand the firewall question. 

 

Bear in mind etherchannel is as much about redundancy as throughput so it is not always about just increasing bandwidth. 

 

Jon

 

 

Go to solution
ITexpert
Level 3
Level 3
In response to Jon Marshall

‎09-14-2018 06:13 AM

Thanks @Jon Marshall  

 

I understand the ether channel is best for redundancy only , please share with me the best solution how to provide load-blancing with internal hosted web server so that people will not experience delay in peak hours?  (we are open to buy any sort of new equipment or device.)

 

Also how I will setup different path or prioritize path for internal network (192.168.x.x/24) so they can do any work without any issues.

0 Helpful

Go to solution
Joseph W. Doherty
Hall of Fame
Hall of Fame
In response to ITexpert

‎09-14-2018 09:35 AM

". . . please share with me the best solution how to provide load-blancing with internal hosted web server so that people will not experience delay in peak hours? "

Some Cisco routers support PfR, which can do dynamic (L3) load balancing. Also, if you ever use another ISP, it can find best performing path between your side and far side.
0 Helpful

Go to solution
Joseph W. Doherty
Hall of Fame
Hall of Fame
In response to ITexpert

‎09-14-2018 09:33 AM

"Thanks alot, I know that load balancing at L2 USE MAC-ADD and L3 use IP addresses , . . ."

Not really. If I remember correctly, load balancing algorithm doesn't depend on whether the Etherchannel is configured as L2 or L3, the devices looks at the packets, regardless of the Etherchannel port configuration.

"First question , By default all four ports are splitting the traffic by 25% each. Is that correct ?"

That's the ideal, but it assumes your choice of algorithm ideally splits the flows (and even if it does that, Etherchannel [as also noted by others] doesn't take into account actual load on a link, so, especially over short time intervals. actually load is often not evenly split).

"Second, Lets say I want that Internal employees will use only 1 link out 4, I believe I have to use src-dst IP in this case. Is that correct ? "

That sorts of defeats the purpose of Etherchannel, and src-dest IP normally would not send different internal hosts to the same link (this assumes they all have different IPs).

"Third Question, doing ether-channel with server and access layer switch can helpful for traffic between their communication but how to achieve this till Gateway/Firewall ?"

Much depends whether the Gateway/Firewall is using a single attribute, like MAC, that you alone are using. However, if you use both src and dest, the other side often varies, and if it does, flows this be directed to different links.
0 Helpful

Go to solution
Richard Burts
Hall of Fame
Hall of Fame
In response to ITexpert

‎09-14-2018 11:01 AM

You have asked three questions and here is how I would answer them.

1) If the etherchannel consists of 4 ports then each port carries some of the traffic. It would not necessarily be 25% on each port. The distribution of traffic depends on the algorithm and depends on the diversity of traffic. Let me suggest an extreme example: think about a situation in which a single client in the Internet accesses a single server in your network. In that case 100% of the traffic would use a single link in the Etherchannel. 

2) asks about Internal employees using a single port in the Etherchannel. The main part of the topic of this discussion was about load sharing. But in this question it seems that you want to defeat sharing and force all traffic from Internal employees to use one port. If this discussion were about just layer 3 load sharing then I might suggest that you could achieve your objective that Internal traffic use just one path by using Policy Based Routing. But when the discussion is about etherchannel then I do not know of any way to arrange that traffic of Internal users would use just a single port.

3) I believe that the third question suggests an Etherchannel between a server and an access switch is functioning to optimize traffic and asks how to similar optimize traffic between the access switch and the Gateway/Firewall. We would need to know much more about your environment, especially what kind of connections exist between the access switch and the Gateway/Firewall.

 

HTH

 

Rick

HTH

Rick
0 Helpful

Go to solution
Joseph W. Doherty
Hall of Fame
Hall of Fame

‎09-15-2018 09:22 AM

Perhaps a quick example will help you understand choice of the Etherchannel hashing algorithm.

Suppose you have:

server <Etherchannel> many hosts

From server to hosts, if you
only use src IP, all flows will only use one Etherchannel link as attribute being used never changes
only use dest IP, assuming hosts have different IPs, they should distribute across multiple Etherchannel links

From hosts to server, if you
only use dest IP, all flows will only use one Etherchannel link as attribute being used never changes
only use src IP, assuming hosts have different IPs, they should distribute across multiple Etherchannel links

Notice the other direction's flow "flips" the effect of src and dest.

If the platform offers src-dest-IP, then both directions, assuming hosts have different IPs, should distribute across multiple Etherchannel links.
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card