I think I kind of see what you mean. For a given source/destination ip address pair. Switch A might always select path 1 every time going to switch B, but on the return trip, switch B might select path 2 every time going back to switch A. Something like that? But if that were the case, would that happen with all connections? The behavior we were seeing (one content filter has been removed from the network) is that some people were getting blocked correctly and some weren't, which is what I would expect if one filter were working correctly and the other wasn't. Steve Pfister Network Engineer Office of Information Technology Dayton Public Schools 115 S Ludlow St Dayton, OH 45402-1812 Phone: 937-542-3149 Cell: 937-673-6779 spfis...@dps.k12.oh.us ( mailto:spfis...@dps.k12.oh.us )
>>> John Gill <johg...@cisco.com> 7/19/2011 4:30 PM >>> Hello Steve, The port selection function is based on a hash of the inputs, in this case the source and destination IP address, and the output is a value that chooses a member interface. These functions between the input and output vary by platform, but for a given platform you can expect with the same flow, and even the reverse of that flow, you will get the same selection. Because the platforms implement this selection logic in hardware, they can and *do* vary between one model and another. As a matter of fact, the new Nexus 5500 has the ability to choose between various polynomials used in this function. You might find one gives you a better distribution over another. In your case, it sounds like you need some state on both sides of the content filter to be in tact. In this scenario, you would need the same platform on both sides to guarantee this kind of behavior. Regards, John Gill cisco On 7/19/11 4:11 PM, Steven Pfister wrote: > I have a question regarding etherchannel load balancing. I've got a > 4507R switch connected to a 3560 switch by means of two content filters > which are acting as transparent bridges. The two ports on each side that > the content filters are connected to are set up as access ports and are > in an etherchannel. The load balancing method on each switch is set to > src-dst-ip. I was under the impression that each pair of source and > destination ip address would select exactly one content filter no matter > which direction. > > I've been told that this can be 'unpredictable' and may cause > assymetric flows. The algorithm seems fairly straightforward to me. I > don't see where the unpredictability can come in. Can someone explain to > me what I'm missing? > > > Steve Pfister > Network Engineer > Office of Information Technology > Dayton Public Schools > 115 S Ludlow St > Dayton, OH 45402-1812 > Phone: 937-542-3149 > Cell: 937-673-6779 > spfis...@dps.k12.oh.us ( mailto:spfis...@dps.k12.oh.us ) > _______________________________________________ > cisco-nsp mailing list cisco-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/cisco-nsp > archive at http://puck.nether.net/pipermail/cisco-nsp/ > _______________________________________________ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/