Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1476
Views
0
Helpful
4
Replies

vpc symmetric load balancing

elahe
Level 1
Level 1

‎09-28-2024 06:13 AM - edited ‎11-10-2024 10:33 PM

Hello,

I am trying to use 9k nexus switches with symmetric load balancing to study traffic pattern. I have the following configuration as you can see in the picture. (The linux devices are just a simple bridge. I wanted to be able to see the traffic there using a simple tcpdump command.

I have set the vpc load balancing to be symmetric. But, although the traffic is balanced, it is not symmetric and the out band traffic dose not come back from the same port. I have searched a lot to find the hash algorithm or anything that can help regarding solving the issue, but I could not find anything. Any help to solve it or any suggestion on an alternative way to achieve symmetric load balancing will be appreciated. (it seems that sometimes it act symmetrically and sometimes not.) I also add the result of tcpdump. In the pictue, the first result is for the time I used src dst IP for load balancing and as you can see the 1.1.1.192 to 9.9.9.98 has gone from linux2 which is responsible for the e1/2 inteface of the switches but the packet from 9.9.9.98 to 1.1.1.192 has gone from e1/1! As I'm using a traffic generator (ostinato), I could check some different ips and I saw that the last octet of IP seems to affect the hash algorithm and when the two ending octets have some features, the symmetricity is not applied.

It seems that symmetric load balancing algorithm has a problem and needs some attention. If you have any ideas on how to solve it someway, please guide me.

The configuration of switches and routers are also added. (I just deleted the load balancing algorithm for now. But I checked both ip and ip l4 port on all for switches. I was careful to use a same algorithm on all switches. I can assure you that it was not the source of the problem.)

I changed the load balancing to ip l4port and again there is a similar issue. I also add another traffic in the picture to show that it sometimes work fine and sometimes not.

Thanks in advance.

Labels:
Preview file
84 KB
Preview file
136 KB
Preview file
4 KB
Preview file
4 KB
Preview file
2 KB
Preview file
4 KB
Preview file
2 KB
Preview file
4 KB
0 Helpful
4 Replies 4

balaji.bandi
Hall of Fame
Hall of Fame

‎09-28-2024 11:30 AM

When you are connecting the Nexus to nexus why do you need a bridge device ?

check some Load-balance methods how that works :

https://community.cisco.com/t5/data-center-and-cloud-knowledge-base/load-balancing-methods-for-port-channels-on-nexus/ta-p/3155042

Most of the DC environment for layer 2 they use vPC as best practice for the Layer 2

you only showing the topology, you have not provided the enough information how they are configured. output which you think not correct.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

elahe
Level 1
Level 1
In response to balaji.bandi

‎11-10-2024 10:37 PM - edited ‎11-10-2024 11:21 PM

thank you for your response. I added the configurations and the full topology figure and results in my post.

I added the bridge to be able to see the traffic and after observing if the load balancing and my configurations are fine, I can also find some patterns for ddos protection or firewall mechanisms for example.

0 Helpful

MHM Cisco World
VIP
VIP

‎09-28-2024 11:59 PM

You use double sided vPC?

Can I see config of vpc domain and vpc link between two vpc pair

MHM

0 Helpful

elahe
Level 1
Level 1
In response to MHM Cisco World

‎11-10-2024 10:40 PM

thank you for your response. I added the configurations and other resources.

0 Helpful
Customers Also Viewed These Support Documents