06-22-2007 08:23 AM - edited 03-05-2019 04:54 PM
Hi to all,
I need some help regarding some information about per-packet load balancing in Cisco routers and switches. By "per packet" load balancing I mean to say that the packets forming part of one particular connection are forwarded to different machines, in a round-robin manner. I know that there is something called stateless load balancing where load balancing is based on mac pair or ip pair hash, but this is not what I want. I wanted to know if there are Cisco routers and switches that support the per-packet load balancing scheme i'm talking about (not stateless load balancing).
I have also heard that Cisco routers can do per-packet load balancing on a router interface by issuing the following command:
Router(config-if)#no ip route cache
My network topology is as follows:
|A||B||c||D|
| | | |
| | | |
|Switch|
|
|Router|
I wanted to ask whether the above command will load balance traffic from the internet onto the four PCs (A,B,C,D) connected to the switch on a per-packet basis (i.e plain round-robin irrespective of the connection to which packet belongs to). What I basically want to do is that packets pertaining to one particular connection get load balanced in a round robin fashion over the 4 PCs. Will the above command do that or should I go for etherchannel?
Any help will be much appreciated..
Warm regards,
Visham
06-22-2007 09:41 AM
Visham
I do not understand very well all that you are asking. Perhaps you can clarify your requirements a bit. But there is one part of your question that I believe that I can answer:
you ask: "i.e plain round-robin irrespective of the connection to which packet belongs to"
the answer is no and that the router is always processing based on the connection that the destination belongs to.
HTH
Rick
06-23-2007 11:06 AM
Hi to all,
Sorry for the confusion..I'll summarise my question this time. My network topology is as follows:
I have 4 PCs acting as firewall that are directly connected to a switch. The switch is, in turn, connected to a router. I want to load balance traffic coming from the router onto the 4 PCs on a per-packet basis. The 4 PCs are on the same subnet and they forward traffic to destination nodes, which are also part of that subnet. How can I do that that load balancing part? Is there some kind of configuration that I have to do on the switch? Or will the fact that the 4 interfaces, to which the 4 PCs are connected, are pointing towards the same network address be enough for the switch to choose one interface at a time to forward the packets?
Many thx for the reply...
Warm regards,
Visham
06-23-2007 11:08 AM
Hi to all,
Sorry for the confusion..I'll summarise my question this time. My network topology is as follows (setup picture attached):
I have 4 PCs acting as firewall that are directly connected to a switch. The switch is, in turn, connected to a router. I want to load balance traffic coming from the router onto the 4 PCs on a per-packet basis. The 4 PCs are on the same subnet and they forward traffic to destination nodes, which are also part of that subnet. How can I do that that load balancing part? Is there some kind of configuration that I have to do on the switch? Or will the fact that the 4 interfaces, to which the 4 PCs are connected, are pointing towards the same network address be enough for the switch to choose one interface at a time to forward the packets?
Many thx for the reply...
Warm regards,
Visham
06-23-2007 11:23 AM
Hi,
Why not using 4 static routes on the router for the LAN (the LAN shouldn't be directly connected to the router, if i've understood your solution correct) with both the 4 different next-hop ip address and the outgoing interface (which will be the same for the 4 routes, to make sure that the route is removed if the interface failed), enabling CEF, and using the "ip load-sharing per-packet" under the interface, may Rick please comment on this suggestion.
I just have one question to Visham, how would you insure the return traffic from the LAN through the 4 FW.
HTH,
Mohammed Mahmoud.
06-23-2007 11:01 PM
Hi to all,
To mohammedmahmoud:
First of, may thx for the reply..I thought about the "ip load sharing per-packet command" but cisco documentation says that it is available in Routers of the 10000 series and above...maybe the "no ip route-cache" will do the trick of PPLB in routers of lower series. But I'm not sure how it works when there are those 4 static routes. Does it choose them one at a time in a round-robin fashion?
As for the return traffic, I am using a Linux box which has software to do that PPLB over the 4 firewall nodes. It was just that I'm nt sure of how to balance incoming traffic from the router onto the 4 firewall nodes.
Warm regards,
Visham
06-23-2007 11:54 PM
Hi Visham,
No, CEF and "ip load sharing per-packet" command is available in nearly all the Cisco routers in the recent codes, it works by sending one packet over the first path and another packet over the second path and so on packet by packet if there exists multiple paths with the same metric, my only doubt in your case was that all the paths have the same outgoing interface and thats why i've asked for Rick's comment, but in my opinion it should work.
HTH,
Mohammed Mahmoud.
06-24-2007 04:48 AM
Visham
I believe that your reference about the behavior of CEF being restricted to very high end routers must be from pretty old documentation. Mohammed is quite correct that CEF and per-packet load balancing is supported on pretty much all the router product line now.
I believe that Mohammed's suggestion of 4 static routes, and enabling CEF per-packet balancing would probably achieve what you have asked. But I wonder if that is really what you need. My primary concern is the effect of the 4 PCs acting as firewalls. Most firewalls maintain state about connections and will reject packets coming through the firewall that do not match the state table. So for example if the TCP 3 way handshake for a HTTP connection to a server went through PC#1 and then an HTTP packet to the server went through PC#2, the firewall would reject it because it had not seen the beginning of the TCP session. Do these PC firewalls not maintain state? How do they enforce their firewall rules?
HTH
Rick
06-24-2007 05:35 AM
Hi Rick,
Totally agree on your concern, and thus i think that per destination load balancing would be the solution as it would go ok with the firewall state, but still there is a problem, how would the router know that this packet flow should go back through the first FW for example (the one that has initiated the state in the state table when it was first sent to the internet).
BR,
Mohammed Mahmoud.
06-24-2007 12:36 PM
Mohammed
I agree that there is an issue about how you assure that return traffic (responses to traffic originating from outside) goes back through the same firewall as where the traffic originated. I believe that this is an issue whether you are doing per destination balancing or per packet balancing.
HTH
Rick
06-25-2007 01:41 AM
I'm performing state synchronisation on the stateful firewall nodes. Hence, since PPLB and stateful firewalling work well, I dont need to care which firewall the packets go through, since all the firewall nodes will have state info about the same connections.
Many thx to all of you for your help...
Warm regards,
Visham
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide