[c-nsp] ip cef load sharing

Aamer Akhter (aakhter) aakhter at cisco.com
Mon Aug 18 20:39:21 EDT 2008


Dan,

Another option is to use the PfR NAT integration. The idea is that PfR will actively monitor the traffic and move subnet reachabilty around to try to even out the traffic. For existing NATed flows, PfR will preserve the stickiness on the established path.

http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6554/ps6599/ps8787/white_paper_C11-458124.html


-- 
Aamer Akhter / aa at cisco.com
Ent & Commercial Systems, cisco Systems

> -----Original Message-----
> From: cisco-nsp-bounces at puck.nether.net [mailto:cisco-nsp-
> bounces at puck.nether.net] On Behalf Of Dan Letkeman
> Sent: Monday, August 18, 2008 12:06 PM
> To: Ben Steele; cisco-nsp at puck.nether.net
> Subject: Re: [c-nsp] ip cef load sharing
> 
> My only options for the IP CEF command are as follows:
> 
>   original   Original algorithm
>   tunnel     Algorithm for use in tunnel only environments
>   universal  Algorithm for use in most environments
> 
> I tried original, and it seems as if it load balances, but it doesn't
> switch from modem to modem very fast.  But in any case there is a lot
> less problems with this on.
> 
> I also found out that the content filter that is before the cisco
> router is also doing NAT.  I'm assuming that's a problem as well
> because now the router doesn't know what the source IP is anymore.
> 
> Any other ideas on how to make this work better?
> 
> Thanks,
> Dan.
> 
> On Sat, Aug 16, 2008 at 6:35 PM, Ben Steele
> <ben.steele at internode.on.net> wrote:
> > Dan the reason your having issues is not MTU related, it's NAT
> related,
> > because you have 3 ADSL lines each doing NAT against a different
> outside IP
> > when you turn on per-packet load sharing you end up with flows to the
> same
> > destination having different source IP addresses.
> >
> > Your only option is per-destination load balancing (ie the default),
> one way
> > you can tweak this a little without breaking to much is to change the
> > standard algorithm to include ports.
> >
> > Try adding "ip cef load-sharing algorithm include-ports destination"
> into
> > your global config once you've removed your per-packet load sharing
> and see
> > how you go.
> >
> > You are never going to get perfect load balancing in your scenario
> but if
> > you have enough hosts on your LAN it should be sufficient enough, one
> way
> > you can do per-packet is if you get another IP routed down all 3 adsl
> lines
> > and put it on a loopback and NAT everything against that.
> >
> > Ben
> >
> > ----- Original Message ----- From: "Dan Letkeman"
> <danletkeman at gmail.com>
> > To: "Rodney Dunn" <rodunn at cisco.com>; <cisco-nsp at puck.nether.net>
> > Sent: Saturday, August 16, 2008 3:29 AM
> > Subject: Re: [c-nsp] ip cef load sharing
> >
> >
> >> Still seem to have the same problem even with this:
> >>
> >> interface FastEthernet0/0
> >> ip address 10.1.10.1 255.255.255.0
> >> ip tcp adjust-mss 1300
> >> duplex auto
> >> speed auto
> >>
> >>
> >> interface FastEthernet0/1
> >> ip address 192.168.10.1 255.255.255.0
> >> ip load-sharing per-packet
> >> duplex auto
> >> speed auto
> >>
> >> Dan.
> >>
> >> On Fri, Aug 15, 2008 at 12:49 PM, Rodney Dunn <rodunn at cisco.com>
> wrote:
> >>>
> >>> On Fri, Aug 15, 2008 at 12:35:01PM -0500, Dan Letkeman wrote:
> >>>>
> >>>> ip load-sharing per-packet
> >>>>
> >>>> I tried adding this to F0/1 and the trace route works now(it
> randomly
> >>>> picks either line), but there seems to be issues with maybe the
> MTU?
> >>>> If I try to browse websites i get page errors and some of the
> pictures
> >>>> and pages don't load.
> >>>
> >>> Yep...try configuring "ip tcp adjust-mss 1300" or so on the
> >>> ingress interface from the LAN.
> >>>
> >>>>
> >>>> Any ideas?
> >>>>
> >>>> Thanks,
> >>>> Dan.
> >>>>
> >>>> On Fri, Aug 15, 2008 at 12:12 PM, Rodney Dunn <rodunn at cisco.com>
> wrote:
> >>>> > Try ip load-sharing per-packet on both egress interfaces.
> >>>> >
> >>>> > On Fri, Aug 15, 2008 at 12:00:46PM -0500, Dan Letkeman wrote:
> >>>> >> Hello,
> >>>> >>
> >>>> >> I have a 2621 router running 12.3(26) and I would like to setup
> load
> >>>> >> sharing to multiple adsl lines.  When I do a traceroute on the
> router
> >>>> >> it randomly picks a dsl line and seems to work fine.  But when
> I do
> >>>> >> traceroute tests from a workstation it always seems to take the
> same
> >>>> >> adsl line.  Is there something else I need to add to the >>
> >>>> >> configuration
> >>>> >> to make it pick random lines, or is there a timeout of some
> sorts
> >>>> >> before it will select the next ip route
> >>>> >>
> >>>> >> Here is my config:
> >>>> >>
> >>>> >> !
> >>>> >> interface FastEthernet0/0
> >>>> >>  ip address 10.1.10.1 255.255.255.0
> >>>> >>  duplex auto
> >>>> >>  speed auto
> >>>> >> !
> >>>> >> interface FastEthernet0/1
> >>>> >>  ip address 192.168.10.1 255.255.255.0
> >>>> >>  duplex auto
> >>>> >>  speed auto
> >>>> >> !
> >>>> >> ip http server
> >>>> >> ip classless
> >>>> >> ip route 0.0.0.0 0.0.0.0 192.168.10.10
> >>>> >> ip route 0.0.0.0 0.0.0.0 192.168.10.11
> >>>> >> !
> >>>> >>
> >>>> >> The two adsl modem/routers I have are 192.168.10.10, and >>
> >>>> >> 192.168.10.11
> >>>> >>
> >>>> >> Thanks,
> >>>> >> Dan.
> >>>> >> _______________________________________________
> >>>> >> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> >>>> >> https://puck.nether.net/mailman/listinfo/cisco-nsp
> >>>> >> archive at http://puck.nether.net/pipermail/cisco-nsp/
> >>>> >
> >>>
> >> _______________________________________________
> >> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> >> https://puck.nether.net/mailman/listinfo/cisco-nsp
> >> archive at http://puck.nether.net/pipermail/cisco-nsp/
> >>
> >
> >
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/


More information about the cisco-nsp mailing list