09-11-2015 03:10 PM - edited 03-08-2019 01:44 AM
Hello Guys,
I currently have a network with two nexus 7000 act as layer 3 switches and two access switches layer 2. There are 2 laptops, each connects to each access switch as the map (attachment).
I configured vPC on the Nexus and port channels on the access switches. I also configure HSRP for VLAN 100 and everything works just fine. But there is one thing that I'm not sure how it works. And here is the case:
Laptop A goes to switch A and laptop B goes to switch B, both laptops are on the same data VLAN 100. When i try to go to internet, laptop A goes to Comcast (ISP) and laptop B goes to Mediacom (ISP) to outside world. I also plugged in couple laptops into switch A where laptop A is currently connected, the result is the same, they all go to Comcast. Similar to switch B, i plugged in these laptops,they go thru Mediacom.
Active HSRP VLAN 100 is on L3-Nexus-B switch and standby is on L3-Nexus-A. My thought was if you're on vlan 100, you should go to Mediacom because active HSRP of VLAN 100 is on B side but it doesn't seem to be the case?
I'm wondering what controls the routes of these laptops even they are on the same VLAN 100?
Thanks.
09-11-2015 04:33 PM
Hi,
With VPC and HSRP that is the correct behavior. Both routers will forward traffic and not just the active HSRP.
See HSRP/VPC design document (page 79)
link:
http://www.cisco.com/c/dam/en/us/td/docs/switches/datacenter/sw/design/vpc_design/vpc_best_practices_design_guide.pdf
HTH
09-11-2015 10:10 PM
Thanks! i get the hsrp and vpc part now but one thing i still dont get it why my laptop on access-switch-A gets to go to Comcast instead of Mediacom and other laptop on access-switch-B gets to go to Mediacom instead of Comcast?
what's redirecting this traffic? or is that something that vpc and hsrp randomly select which switch to go to the next hop? im confused. Thanks.
09-12-2015 03:21 AM
Hi,
As you have a port-channel from access switch A to both Nexus 7000, the traffic could be sent to either. The decision as to which physical link of the port-channel is used is made on the access switch based on the load balancing algorithm in use on the switch.
To determine which link to use for a particular traffic flow, the switch calculates a hash using one or more of the MAC address, IP address and TCP/UDP port. The result of the hash indicates a specific physical, operational link that should be used for that traffic flow.
You generally achieve better load balancing when using both source and destination addresses, and using MAC, IP and port where available. The load balancing options available will typically vary by platform, with the lower end platforms generally only using MAC and IP addresses in the hash calculation, and higher end platforms using MAC, IP and TCP/UDP port.
If the access switch were a Cisco Catalyst switch, then you can check the load balancing algorithm in use with the show etherchannel load-balance command. It can be changed with the global port-channel load-balance command.
Assuming the access switches are Catalyst, use port-channel load-balance src-dst-mixed-ip-port if possible or port-channel load-balance src-dst-ip if not.
There's a Cisco Troubleshooting Tech Note Understanding EtherChannel Load Balancing and Redundancy on Catalyst Switches that explains the load balancing across different platforms. You might also want to take a read of Understand Etherchannel Load Balancing post at Packet Pushers.
Regards
09-15-2015 08:53 AM
Thanks a lot for the info! My access switch in this case is cisco 3850.
To determine which link to use for a particular traffic flow, the switch calculates a hash using one or more of the MAC address, IP address and TCP/UDP port. The result of the hash indicates a specific physical, operational link that should be used for that traffic flow.
Last question, when the switch calculates a hash, does it use the host (my laptop in this case/source) information (MAC address, IP address and TCP/UDP port) ?
09-15-2015 11:41 AM
Correct. Assuming load balancing based on source and destination MAC and IP, the source addresses will be the sending host, but the destination addresses will change.
If we take the hyperthetical example of your laptop in VLAN 10 with MAC address X and IP address 10.10.10.10, sending traffic to another host in the same VLAN with MAC address Y and IP address 10.10.10.11, the hash would use the following:
If traffic were sent to a host in VLAN 11 with IP address 11.11.11.11 via a router running HSRP version 1, then the following would be the addressing used:
Regards
09-15-2015 11:58 AM
Btw, the etherchannel load-balance on my cisco 3850 is configured as 'src-mac'.
Again, thanks for your helps!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide