[c-nsp] etherchannel load-balancing and unpredictability

Steven Pfister SPfister at dps.k12.oh.us
Tue Jul 19 16:49:58 EDT 2011


I think I kind of see what you mean. For a given source/destination ip
address pair. Switch A might always select path 1 every time going to
switch B, but on the return trip, switch B might select path 2 every
time going back to switch A. Something like that?
 
But if that were the case, would that happen with all connections? The
behavior we were seeing (one content filter has been removed from the
network) is that some people were getting blocked correctly and some
weren't, which is what I would expect if one filter were working
correctly and the other wasn't.
 
Steve Pfister
Network Engineer
Office of Information Technology
Dayton Public Schools
115 S Ludlow St
Dayton, OH 45402-1812
Phone: 937-542-3149
Cell: 937-673-6779
spfister at dps.k12.oh.us ( mailto:spfister at dps.k12.oh.us )


>>> John Gill <johgill at cisco.com> 7/19/2011 4:30 PM >>>
Hello Steve,
The port selection function is based on a hash of the inputs, in this 
case the source and destination IP address, and the output is a value 
that chooses a member interface.

These functions between the input and output vary by platform, but for
a 
given platform you can expect with the same flow, and even the reverse

of that flow, you will get the same selection.

Because the platforms implement this selection logic in hardware, they

can and *do* vary between one model and another.  As a matter of fact,

the new Nexus 5500 has the ability to choose between various
polynomials 
used in this function.  You might find one gives you a better 
distribution over another.  In your case, it sounds like you need some

state on both sides of the content filter to be in tact.  In this 
scenario, you would need the same platform on both sides to guarantee 
this kind of behavior.

Regards,
John Gill
cisco


On 7/19/11 4:11 PM, Steven Pfister wrote:
> I have a question regarding etherchannel load balancing. I've got a
> 4507R switch connected to a 3560 switch by means of two content
filters
> which are acting as transparent bridges. The two ports on each side
that
> the content filters are connected to are set up as access ports and
are
> in an etherchannel. The load balancing method on each switch is set
to
> src-dst-ip. I was under the impression that each pair of source and
> destination ip address would select exactly one content filter no
matter
> which direction.
>
> I've been told that this can be 'unpredictable' and may cause
> assymetric flows. The algorithm seems fairly straightforward to me.
I
> don't see where the unpredictability can come in. Can someone explain
to
> me what I'm missing?
>
>
> Steve Pfister
> Network Engineer
> Office of Information Technology
> Dayton Public Schools
> 115 S Ludlow St
> Dayton, OH 45402-1812
> Phone: 937-542-3149
> Cell: 937-673-6779
> spfister at dps.k12.oh.us ( mailto:spfister at dps.k12.oh.us )
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net 
> https://puck.nether.net/mailman/listinfo/cisco-nsp 
> archive at http://puck.nether.net/pipermail/cisco-nsp/ 
>


More information about the cisco-nsp mailing list