[c-nsp] CEF-based per-packet load-sharing under MPLS VPN

Everton da Silva Marques everton at lab.ipaccess.diveo.net.br
Tue Mar 29 07:58:53 EST 2005


We often sell MPLS VPNs with a single site
attached to one PE thru multiple parallel links,
hence the need to perform load sharing. We
run IOS 12.0(27)S4 on multiple 7507 routers.

We used to rely on MLPPP for load sharing,
but several problems are pushing us away from
such option: (a) low bundle/member limit per
VIP, (b) need to spare MLPPP LFI for QoS/voice,
(c) experienced IOS instabilities.

Thus we are considering CEF-based per-packet
load-sharing for VPN sites with parallel links.
Problem is, as long as Cisco-aided troubleshooting
has led us to believe, such CEF-based load-sharing
won't work properly for the general MPLS VPN case.

For one VPN site attached to one PE thru parallel
links:
1) If all parallel links attach to a single
   VRF on the same PE:
   (a) Packets coming from VRFs in remote PEs
       are properly balanced among those multiple
       parallel links.
   (b) But VRFs at the same PE install only one
       route pointing directly to only one of the
       parallel output links, breaking the balance.
2) If each parallel link attach to a distinct
   VRF on the same PE, we see the opposite:
   (a) Packets coming from other VRFs of the
       same PE are properly balanced among
       the parallel output links.
   (b) But now packets coming from VRFs of
       remote PEs can't be balanced because
       there's only one interface in the
       destination VRF, breaking load-sharing
       as well.

Result is, given one PE with parallel links
towards a customer's site, by combining other
VRFs in the same PE with VRFs from remote PEs
to build the customer's VPN, we break output
per-packet load-sharing.

Cisco is telling us the solution is MLPPP.
Unfortunately, the MLPPP option clearly won't
address our MPLS VPN load-balance problem
much longer.

Has anyone tackled similar MPLS VPN
load-sharing issues?

Regards,
Everton


More information about the cisco-nsp mailing list