[c-nsp] Load Balancing two different ISP's

chip chip.gwyn at gmail.com
Thu Sep 14 23:01:40 EDT 2006


On 9/14/06, Frances Albemuth <frances.cincinattus at gmail.com> wrote:
>   With a box that size, my best suggestion would be to peer with your
> upstreams (so you have control of your announcements), but don't take
> a full table (or perhaps even a default announcement) from your
> upstreams.  Instead, apply the round-robin method described by Chip;
> this will give you rough outbound load-balancing (per-packet load
> balancing doesn't address the size of the packets, so not perfect).
> You'll never achieve flawless load balancing on inbound traffic
> either, but between prepending and (if you're lucky) community-based
> controls of the routing policies your upstreams apply to the routes
> you announce to them, you should do alright.
>
>   -FC
>
> On 9/14/06, Paul Stewart <pstewart at nexicomgroup.net> wrote:
> > If a customer has a 1800 series router for example with two "outside"
> > ethernet ports.... And two completely different ISP's on those ports -
> > what's the best way to load balance traffic for redundancy and load
> > sharing purposes??
> >
> > We'll presume that the customer is running NAT of course....
> >
> > Thanks,
> >
> > Paul
> >
> >
> > _______________________________________________
> > cisco-nsp mailing list  cisco-nsp at puck.nether.net
> > https://puck.nether.net/mailman/listinfo/cisco-nsp
> > archive at http://puck.nether.net/pipermail/cisco-nsp/
> >

I wouldn't enable per-packet load-balancing on the interfaces, this
can sometimes foul up voip calls and video stuffs.  Especially since
your going out 2 different providers as one path will inevitably be
longer than the other and you'll get lots of of out of order packets.
With just 2 static routes it should use per-session or a hash-based
source ordering.  Where one session or source/dest pair will use one
link the next one will use the other link.  If you're just going to
nail up a single VPN session outbound you won't get any balancing but
if you have lots of destinations outbound you'll have better
balancing.

Also note that after you get things up and running for a bit, if one
circuit goes down it can take a bit to come back to a balance as your
CEF cache gets re-ordered.  But hey, auto-failover is a heckuva lot
better than doing it manually!

Also, if you do end up with a BGP peer to each provider you can then
tweak your incoming traffic a bit better, as Frances said.  If you
don't use BGP then if both providers are roughly the same Tier level
(ugh I hate to mention tiers, I don't wanna start that discussion)
your traffic should somewhat even out over time.  Day to day you may
see large differences but over time it should be somewhat close.  The
other side of that is if you peer with say AT&T on one link and a
customer of a customer of a customer of UUnet/MCI/Verizon on the other
you may see traffic heavily favoring your ATT link inbound without
some judicious use of communities and prepends.  You'll just have to
dive in and work with it until you've gotten things somewhat close.

--chip

-- 
Just my $.02, your mileage may vary,  batteries not included, etc....


More information about the cisco-nsp mailing list