09-12-2018 11:11 AM - edited 03-08-2019 04:08 PM
Hello Guys,
@paul driver @Joseph W. Doherty @Reza Sharifi @Deepak Kumar @Georg Pauwen @Leo Laohoo
I have some confusions about load-balancing with etherchannels,
what are options to do load balancing ?
how to decide the right method for best results ?
I know these are parameters that can used, source-ip, dst-ip, source-mac, dst-mac , src-dst-MAC , may be more (please mention if something left).
whats the diff bw src-MAC and src-dst-MAC and where to use each ?
Thanks
Solved! Go to Solution.
09-14-2018 09:33 AM
09-14-2018 11:01 AM
You have asked three questions and here is how I would answer them.
1) If the etherchannel consists of 4 ports then each port carries some of the traffic. It would not necessarily be 25% on each port. The distribution of traffic depends on the algorithm and depends on the diversity of traffic. Let me suggest an extreme example: think about a situation in which a single client in the Internet accesses a single server in your network. In that case 100% of the traffic would use a single link in the Etherchannel.
2) asks about Internal employees using a single port in the Etherchannel. The main part of the topic of this discussion was about load sharing. But in this question it seems that you want to defeat sharing and force all traffic from Internal employees to use one port. If this discussion were about just layer 3 load sharing then I might suggest that you could achieve your objective that Internal traffic use just one path by using Policy Based Routing. But when the discussion is about etherchannel then I do not know of any way to arrange that traffic of Internal users would use just a single port.
3) I believe that the third question suggests an Etherchannel between a server and an access switch is functioning to optimize traffic and asks how to similar optimize traffic between the access switch and the Gateway/Firewall. We would need to know much more about your environment, especially what kind of connections exist between the access switch and the Gateway/Firewall.
HTH
Rick
09-12-2018 12:00 PM
09-13-2018 05:01 AM
09-13-2018 02:11 PM
The original post was not clear whether these Etherchannels are configured as layer 2 or as layer 3. And the options for load balancing vary depending on which layer you are operating at. The one thing we can say is that the load balancing will be better the more variability there is in what is being evaluated. And in general more variability will occur the more parameters are being evaluated. So source dest with port would in general provide more variability than source dest which would provide more variability that just source or just dest.
The choice of what is best really depends on knowledge to the local environment and of the traffic patterns in the network.
HTH
Rick
09-14-2018 05:37 AM
Hello @Richard Burts@Joseph W. Doherty @Reza Sharifi @Georg Pauwen
Thanks alot, I know that load balancing at L2 USE MAC-ADD and L3 use IP addresses , I am still confuse,
For example lets say, using src-dst mac , which means you can forward the traffic from specific src towards specific mac through particular link of ether-channel. Is that correct ?
and using src mac only means that traffic from that particular src will pass through particular user defined link of ether-channel with considering destination. Is that correct ?
Now question arrive that at L3 load balancing, lets say we have web server connect through lacp ether-channel of 4 ports which is utilized from Internet by alot of people and we want to do load balancing.
First question , By default all four ports are splitting the traffic by 25% each. Is that correct ?
Second, Lets say I want that Internal employees will use only 1 link out 4, I believe I have to use src-dst IP in this case. Is that correct ?
Third Question, doing ether-channel with server and access layer switch can helpful for traffic between their communication but how to achieve this till Gateway/Firewall ?
I am asking these type of questions because my IT Manager thinks ether-channel is useless because in the end Firewall is connected with just one port to ISP. I explain him that we can do traffic shaping at Firewall to make web-server traffic prioritize.
09-14-2018 05:59 AM
Etherchannel uses an algorithm to work out which link to use so if you use src mac only then it is just that address that is used with the algorithm to work out which link to use, whereas src-dst mac would use both addresses as input to the algorithm etc.
That is all you are doing, providing variable input to an algorithm to try and spread the traffic as evenly as possible across multiple links.
Etherchannel load balancing is not precise so there is no guarantee of an exact split between the links and if even if there were load balancing is done per connection (flow) with no account taken of the amount of traffic in that flow.
If you only want to allow internal employees to use one of the links the question really is why use etherchannel ?
Not sure I understand the firewall question.
Bear in mind etherchannel is as much about redundancy as throughput so it is not always about just increasing bandwidth.
Jon
09-14-2018 06:13 AM
Thanks @Jon Marshall
I understand the ether channel is best for redundancy only , please share with me the best solution how to provide load-blancing with internal hosted web server so that people will not experience delay in peak hours? (we are open to buy any sort of new equipment or device.)
Also how I will setup different path or prioritize path for internal network (192.168.x.x/24) so they can do any work without any issues.
09-14-2018 09:35 AM
09-14-2018 09:33 AM
09-14-2018 11:01 AM
You have asked three questions and here is how I would answer them.
1) If the etherchannel consists of 4 ports then each port carries some of the traffic. It would not necessarily be 25% on each port. The distribution of traffic depends on the algorithm and depends on the diversity of traffic. Let me suggest an extreme example: think about a situation in which a single client in the Internet accesses a single server in your network. In that case 100% of the traffic would use a single link in the Etherchannel.
2) asks about Internal employees using a single port in the Etherchannel. The main part of the topic of this discussion was about load sharing. But in this question it seems that you want to defeat sharing and force all traffic from Internal employees to use one port. If this discussion were about just layer 3 load sharing then I might suggest that you could achieve your objective that Internal traffic use just one path by using Policy Based Routing. But when the discussion is about etherchannel then I do not know of any way to arrange that traffic of Internal users would use just a single port.
3) I believe that the third question suggests an Etherchannel between a server and an access switch is functioning to optimize traffic and asks how to similar optimize traffic between the access switch and the Gateway/Firewall. We would need to know much more about your environment, especially what kind of connections exist between the access switch and the Gateway/Firewall.
HTH
Rick
09-15-2018 09:22 AM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide