[c-nsp] CEF-based per-packet load-sharing under MPLS VPN
Everton da Silva Marques
everton at lab.ipaccess.diveo.net.br
Tue Mar 29 07:58:53 EST 2005
We often sell MPLS VPNs with a single site
attached to one PE thru multiple parallel links,
hence the need to perform load sharing. We
run IOS 12.0(27)S4 on multiple 7507 routers.
We used to rely on MLPPP for load sharing,
but several problems are pushing us away from
such option: (a) low bundle/member limit per
VIP, (b) need to spare MLPPP LFI for QoS/voice,
(c) experienced IOS instabilities.
Thus we are considering CEF-based per-packet
load-sharing for VPN sites with parallel links.
Problem is, as long as Cisco-aided troubleshooting
has led us to believe, such CEF-based load-sharing
won't work properly for the general MPLS VPN case.
For one VPN site attached to one PE thru parallel
links:
1) If all parallel links attach to a single
VRF on the same PE:
(a) Packets coming from VRFs in remote PEs
are properly balanced among those multiple
parallel links.
(b) But VRFs at the same PE install only one
route pointing directly to only one of the
parallel output links, breaking the balance.
2) If each parallel link attach to a distinct
VRF on the same PE, we see the opposite:
(a) Packets coming from other VRFs of the
same PE are properly balanced among
the parallel output links.
(b) But now packets coming from VRFs of
remote PEs can't be balanced because
there's only one interface in the
destination VRF, breaking load-sharing
as well.
Result is, given one PE with parallel links
towards a customer's site, by combining other
VRFs in the same PE with VRFs from remote PEs
to build the customer's VPN, we break output
per-packet load-sharing.
Cisco is telling us the solution is MLPPP.
Unfortunately, the MLPPP option clearly won't
address our MPLS VPN load-balance problem
much longer.
Has anyone tackled similar MPLS VPN
load-sharing issues?
Regards,
Everton
More information about the cisco-nsp
mailing list