Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 
cancel
Start a conversation
729
Views
0
Helpful
7
Replies

Etherchannel load sharing algorithm

sridhar ch
Level 1
Level 1

ā€Ž05-02-2023 07:43 AM

Hi,

I got 2*4500x switches connected B2B on L2 & L3 port channels. L3 for OSPF, L2 for VLAN's.

I have a requirement to setup one more L2 PO between 4500x and checkpoint FW. Current algorithm is src-dst-ip. I want both the ports in the new PO to share traffic. what would be the algorithm? if i change the algorith, will there be any impact to exisitnng PO's?

4500x switch supports below

dst-ip Dst IP Addr
dst-mac Dst Mac Addr
dst-port Dst TCP/UDP Port
src-dst-ip Src XOR Dst IP Addr
src-dst-mac Src XOR Dst Mac Addr
src-dst-port Src XOR Dst TCP/UDP Port
src-ip Src IP Addr
src-mac Src Mac Addr
src-port Src TCP/UDP Port

 

Thanks,

Sridhar

Labels:
0 Helpful
7 Replies 7

MHM Cisco World
VIP
VIP

ā€Ž05-02-2023 07:48 AM

we can recommend one for you but there is from my view one point I read in cisco doc. you need to match the load balance in both side. 
so select the load balance hash support from both SW and FW

0 Helpful

sridhar ch
Level 1
Level 1
In response to MHM Cisco World

ā€Ž05-02-2023 07:54 AM

thx for the quick response. on checkpoint end, we are planning to use Layer3+4 as shown below.

 

sridharch_0-1683039154521.png

 

0 Helpful

MHM Cisco World
VIP
VIP

ā€Ž05-02-2023 08:02 AM - edited ā€Ž05-02-2023 08:02 AM

 Layer 2 information (XOR of hardware MAC addresses), or Layer 3+4 information (IP addresses and Ports)

since there are two PO 
L2 PO must use L2 and cisco side have these options
dst-mac Dst Mac Addr
src-dst-mac Src XOR Dst Mac Addr
src-mac Src Mac Addr

L3 PO FW use L3+L4 cisco side have these options

dst-ip Dst IP Addr
src-dst-ip Src XOR Dst IP Addr
src-ip Src IP Addr

0 Helpful

Elliot Dierksen
VIP
VIP

ā€Ž05-02-2023 08:22 AM

It also helps to know what kind of traffic is traversing the link to know what load balancing method to use. If the link is going to a file server then using the destination IP/MAC address isn't going to work well since those will be the same. I am not certain if the load balancing will use the destination IP address for the load balancing or it would use the next hop IP it is routed traffic transiting the link. The distribution will never be totally even, but you may have to different load balancing methods and see which one gives the best distribution.

0 Helpful

sridhar ch
Level 1
Level 1
In response to Elliot Dierksen

ā€Ž05-02-2023 09:00 AM

Hi Elliot,

the traffic that will cross the new PO is internet (teams, O365 etc). both core switches and FW's are in the same VLAN with FW inside connected to core as shown below. all 4 are running OSPF.

 

sridharch_0-1683042830652.png

 

0 Helpful

Joseph W. Doherty
Hall of Fame
Hall of Fame

ā€Ž05-02-2023 09:03 AM

Often src-dst-ip is a good all around choice.

Understand your LB choice only impacts egress traffic.  For ingress, you need to set the other side's device.

"if i change the algorith, will there be any impact to exisitnng PO's?"

Depends on the attributes of the traffic on every port-channel. Another reason why src-dst-IP is a often a good choice.

0 Helpful

sridhar ch
Level 1
Level 1
In response to Joseph W. Doherty

ā€Ž05-09-2023 04:34 AM

configured PO between 4500x and checkpoint with src-dst-ip on cisco and layer3+4 on the other end. all looks good.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card