RE: Load Balancing; help explain [7:74376]
lazy mentor wrote: > > I've seen where people load balanced two T1's on a per packet > basis and achieved 1.5 megs on both circuits. Which would give > them a total of 3Megs, but the provider said that they are load > balancing 1.5 megs over two T1's. I asked different person same > provider, that if I'm load balancing two T1's and utilizing > 100% on both circuits, isn't that 3Megs of data. More than 3 Megs of data (hopefully) which means 3 MBytes of data in my dictionary. ;-) To get to your real point, I agree with you that they should be able to achieve 3 Mbps when doing per-packet load balancing across 2 T1s. Actually 6 Mbps since it's full duplex (assuming symmetic upload and download requirements). Gotta run. Priscilla > They stuck to > their guns and yelled 1.5. They couldn't prove it other than > the fact that it came down from a higher source. I tried to > google my questions for answers but no luck.If load balancing > two circuits on the same router you can go with per packet. But > it isn't recommended because it can be CPU intensive. But as > for load balancing for servers, it is recommended to go with > per destination. This will achieve better data transfer and > once the connection is established to a server is will use only > that T1 until the data transfer is complete so using a per > destination you will never achieve more than 1.5. > Some ISP's will strongly recommend per destination. I knew of > one that would configure customers on a per packet, but is now > only doing per destination. > Muxing two T1's together with an ATM IMA, I know will give you > a 3M circuit. Maybe the provider is right but I was just > looking for some facts. I usually do research before I spead > gossip. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=74421&t=74376 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
RE: Load Balancing; help explain [7:74376]
I've seen where people load balanced two T1's on a per packet basis and achieved 1.5 megs on both circuits. Which would give them a total of 3Megs, but the provider said that they are load balancing 1.5 megs over two T1's. I asked different person same provider, that if I'm load balancing two T1's and utilizing 100% on both circuits, isn't that 3Megs of data. They stuck to their guns and yelled 1.5. They couldn't prove it other than the fact that it came down from a higher source. I tried to google my questions for answers but no luck.If load balancing two circuits on the same router you can go with per packet. But it isn't recommended because it can be CPU intensive. But as for load balancing for servers, it is recommended to go with per destination. This will achieve better data transfer and once the connection is established to a server is will use only that T1 until the data transfer is complete so using a per destination you will never achieve more than 1.5. Some ISP's will strongly recommend per destination. I knew of one that would configure customers on a per packet, but is now only doing per destination. Muxing two T1's together with an ATM IMA, I know will give you a 3M circuit. Maybe the provider is right but I was just looking for some facts. I usually do research before I spead gossip. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=74418&t=74376 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
RE: Load Balancing; help explain [7:74376]
What kind of process do you want to balance, ie what layer? Fail-over or load-balance defined on source/destination/traffic or true server cpu load? Sometimes you want do watch a quorum process (or critical application) and monitor that from a serverfarm instead of doing a layer 2 (nic) or layer 3 (routers or w2k NLB). Define your critical service (availability), go from there to capacity(load). This is the real stuff. Martijn -Oorspronkelijk bericht- Van: Aspiring Cisco Gurl [mailto:[EMAIL PROTECTED] Verzonden: dinsdag 26 augustus 2003 5:01 Aan: [EMAIL PROTECTED] Onderwerp: Load Balancing; help explain [7:74376] I was asked a question about load balancing on routers and servers. Ive looked it up on the websites but can someone give me their 2 cents about it? **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=74395&t=74376 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Load Balancing; help explain [7:74376]
I was asked a question about load balancing on routers and servers. Ive looked it up on the websites but can someone give me their 2 cents about it? Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=74376&t=74376 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Re: RADIUS load-balancing [7:73138] LONG [7:73138]
Hi Martijn, Many tks for your comments. The problem is that we have a production network and we are using a RADIUS service with a huge DB (no chance to change it). Actually, this is an ISP service (server authenticating Internet users), so all users asks for authentication to the same Virtual IP (many servers behind with distributed DB) One solution we had in mind was to change the source-port portion of every packet, so the Content Switch would correctly perform the SLB... As we did not find any feature to perform this job, we are thinking in changing boxes to Radware. =) Best regards, Rodrigo Kazuo Yamamoto escreveu na mensagem news:[EMAIL PROTECTED] No radius load-balancing here, just sysadmin handy. Maybe you should check Steel-Belted or something for scalability. My experience is that Radiusserver load is VERY low due to little amount of packets (small DB ofcourse). Loadbalancing VPN client scenario: Imagine 2 windows 2000 boxes (sorry) with ias installed and configured (MS Radius=works ok) Then based on for example 2 different VPN-groups (say in PIX) the PIX is configured to contact Radiusserver1 or for the other group Radiusserver2. So preferred for 50% of the users (different vpn-group) 1st server, other 50 % second server. http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_62/cmdref/ab.h tm#1070086 For pix: AAA server group tag (max 14 server groups) (max 14 servers per group , so fail-over) For hardware boxes IOS 12.2 SAYS: You can put multiple hosts in a server group. Just do Radiusserver1 1st in servergroup in 50% of the routers, say westcoast, south of state, and 50% Radiusserver 2 1st in servergroup. http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/fsec ur_c/fsecsp/scfrad.htm#1001000 If two different host entries on the same RADIUS server are configured for the same service-for example, accounting-the second host entry configured acts as failover backup to the first one. Using this example, if the first host entry fails to provide accounting services, the network access server will try the second host entry configured on the same device for accounting services. (The RADIUS host entries will be tried in the order in which they are configured.) Martijn -Oorspronkelijk bericht- Van: Rodrigo Kazuo Yamamoto [mailto:[EMAIL PROTECTED] Verzonden: dinsdag 29 juli 2003 5:17 Aan: [EMAIL PROTECTED] Onderwerp: RADIUS load-balancing [7:73138] Hi list, Does anyone have experience with CSS' server load-balancing, specifically RADIUS load-balancing? We got the following situation: LAC is generating all user authentication packets using an unique source port / source address pair. What happens: CSS treats all packets as an unique flow (as they seems to come from the same IP+port pair), so we got a problem with the server load-balancing... This behavior does make sense in almost all IP transactions, but not with RADIUS (as there is no need for flow persistence) so we'd like to overcome this limitation, due to our specific situation... Anyone has some idea to change this behavior on CSS boxes? * By the way, any thoughts in Alteon or Radware boxes? We have heard we can change this behavior on an Alteon box (with some limitations) and that the Radware box has an specific feature called RADIUS load-balancing, that solves this problem... is that right? Best regards. Rodrigo Kazuo Yamamoto Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=73163&t=73138 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: RADIUS load-balancing [7:73138] LONG [7:73146]
No radius load-balancing here, just sysadmin handy. Maybe you should check Steel-Belted or something for scalability. My experience is that Radiusserver load is VERY low due to little amount of packets (small DB ofcourse). Loadbalancing VPN client scenario: Imagine 2 windows 2000 boxes (sorry) with ias installed and configured (MS Radius=works ok) Then based on for example 2 different VPN-groups (say in PIX) the PIX is configured to contact Radiusserver1 or for the other group Radiusserver2. So preferred for 50% of the users (different vpn-group) 1st server, other 50 % second server. http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_62/cmdref/ab.h tm#1070086 For pix: AAA server group tag (max 14 server groups) (max 14 servers per group , so fail-over) For hardware boxes IOS 12.2 SAYS: You can put multiple hosts in a server group. Just do Radiusserver1 1st in servergroup in 50% of the routers, say westcoast, south of state, and 50% Radiusserver 2 1st in servergroup. http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/fsec ur_c/fsecsp/scfrad.htm#1001000 If two different host entries on the same RADIUS server are configured for the same service-for example, accounting-the second host entry configured acts as failover backup to the first one. Using this example, if the first host entry fails to provide accounting services, the network access server will try the second host entry configured on the same device for accounting services. (The RADIUS host entries will be tried in the order in which they are configured.) Martijn -Oorspronkelijk bericht- Van: Rodrigo Kazuo Yamamoto [mailto:[EMAIL PROTECTED] Verzonden: dinsdag 29 juli 2003 5:17 Aan: [EMAIL PROTECTED] Onderwerp: RADIUS load-balancing [7:73138] Hi list, Does anyone have experience with CSS' server load-balancing, specifically RADIUS load-balancing? We got the following situation: LAC is generating all user authentication packets using an unique source port / source address pair. What happens: CSS treats all packets as an unique flow (as they seems to come from the same IP+port pair), so we got a problem with the server load-balancing... This behavior does make sense in almost all IP transactions, but not with RADIUS (as there is no need for flow persistence) so we'd like to overcome this limitation, due to our specific situation... Anyone has some idea to change this behavior on CSS boxes? * By the way, any thoughts in Alteon or Radware boxes? We have heard we can change this behavior on an Alteon box (with some limitations) and that the Radware box has an specific feature called RADIUS load-balancing, that solves this problem... is that right? Best regards. Rodrigo Kazuo Yamamoto Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=73146&t=73146 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RADIUS load-balancing [7:73138]
Hi list, Does anyone have experience with CSS' server load-balancing, specifically RADIUS load-balancing? We got the following situation: LAC is generating all user authentication packets using an unique source port / source address pair. What happens: CSS treats all packets as an unique flow (as they seems to come from the same IP+port pair), so we got a problem with the server load-balancing... This behavior does make sense in almost all IP transactions, but not with RADIUS (as there is no need for flow persistence) so we'd like to overcome this limitation, due to our specific situation... Anyone has some idea to change this behavior on CSS boxes? * By the way, any thoughts in Alteon or Radware boxes? We have heard we can change this behavior on an Alteon box (with some limitations) and that the Radware box has an specific feature called RADIUS load-balancing, that solves this problem... is that right? Best regards. Rodrigo Kazuo Yamamoto Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=73138&t=73138 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Per-destination load balancing [7:72944]
At 2:34 PM + 7/25/03, p b wrote: >Here's some text from CCO regarding CEF and using source >and destination IPs to map a packet to one of a set of >load sharing links: > >Configuring Per-Destination Load Balancing > >Per-destination load balancing is enabled by default when you enable CEF. To >use per-destination load balancing, you do not perform any additional tasks >once you enable CEF. > >Per-destination load balancing allows the router to use multiple paths to >achieve load sharing. Packets for a given source-destination host pair are >guaranteed to take the same path, even if multiple paths are available. >Traffic destined for different pairs tend to take different paths. >Per-destination load balancing is enabled by default when you enable CEF, >and is the load balancing method of choice for most situations. > >The URL for the above is (watch wrap): > >http://www.cisco.com/en/US/products/sw/iosswrel/ps1831/products_configuration_guide_chapter09186a00800ca6ca.html#1000956 I think the problem here is the documentation author, not IOS. It seems fairly clear to me that said author doesn't understand the difference between traditional destination cache and source-destination hash. This hasn't been the first time strange things have happened. I remember that I looked at the original description of OSPF demand circuits and just blinked. First, I knew from the OSPF Working Group how they were supposed to work. Second, I knew the developer who wrote the code, and also wrote English very well. I sent him an email, and he responded he had absolutely no idea, either, what the documentation was trying to say. He observed his C code, even uncommented, was more readable. > > > >John Neiberger wrote: >> >> Priscilla Oppenheimer wrote: >> > >> > John Neiberger wrote: >> > > >> > > Tim Champion wrote: >> > > > >> > > > Could someone please confirm the following to be true >> (taken >> > > > from CCO): >> > > > >> > > > "Per-destination load balancing allows the router to >> > > distribute >> > > > packets >> > > > based on the destination address, and uses multiple paths >> to >> > > > achieve load >> > > > sharing. Packets for a given source-destination host pair >> > are >> > > > guaranteed to >> > > > take the same path, even if multiple paths are available. >> > For >> > > > example, given >> > > > two paths to the same network, all packets for >> destination1 >> > on >> > > > that network >> > > > go over the first path, all packets for destination2 on >> that >> > > > network go over >> > > > the second path, and so on. Per-destination load balancing >> > is >> > > > enabled by >> > > > default when you start the router, and is the preferred >> load >> > > > balancing for >> > > > most situations." >> > > > >> > > > It was my understanding that per-destination load >> balancing >> > > was >> > > > based on the >> > > > destination address only and not on the source/destination >> > > pair. >> > > > >> > > > If someone could clarify it would be much appreciated. >> > > > >> > > > Cheers >> > > > Tim >> > > >> > > This probably depends on the switching mechanism in place. >> > Fast >> > > switching, as I recall, simply caches the outgoing interface >> > > for any given destination so it's relying on the destination >> > > information only. >> > >> > Yes, fast-switching caches the outgoing interface for a >> > destination. All packets to a particular destination go out >> the >> > same interface. CEF works that way too if you use the default. >> > >> > > CEF uses both the source and destination. >> > >> > I don't think that is true? CEF doesn't look at source >> > addresses. >> >> I just checked this on our 7513 running 12.2(17a). If you use >> the command "show ip cef exact-route sourceip destinationip" >> you'll see the cached exit interface. If you do this with >> several source addresses going to the same destination when >> there are multiple paths you'll see that they use different >> exit interfaces. >> >> I wonder if the default behavior has changed as CEF has evolved? > > >> John Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=73031&t=72944 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Per-destination load balancing [7:72944]
Here's some text from CCO regarding CEF and using source and destination IPs to map a packet to one of a set of load sharing links: Configuring Per-Destination Load Balancing Per-destination load balancing is enabled by default when you enable CEF. To use per-destination load balancing, you do not perform any additional tasks once you enable CEF. Per-destination load balancing allows the router to use multiple paths to achieve load sharing. Packets for a given source-destination host pair are guaranteed to take the same path, even if multiple paths are available. Traffic destined for different pairs tend to take different paths. Per-destination load balancing is enabled by default when you enable CEF, and is the load balancing method of choice for most situations. The URL for the above is (watch wrap): http://www.cisco.com/en/US/products/sw/iosswrel/ps1831/products_configuration_guide_chapter09186a00800ca6ca.html#1000956 John Neiberger wrote: > > Priscilla Oppenheimer wrote: > > > > John Neiberger wrote: > > > > > > Tim Champion wrote: > > > > > > > > Could someone please confirm the following to be true > (taken > > > > from CCO): > > > > > > > > "Per-destination load balancing allows the router to > > > distribute > > > > packets > > > > based on the destination address, and uses multiple paths > to > > > > achieve load > > > > sharing. Packets for a given source-destination host pair > > are > > > > guaranteed to > > > > take the same path, even if multiple paths are available. > > For > > > > example, given > > > > two paths to the same network, all packets for > destination1 > > on > > > > that network > > > > go over the first path, all packets for destination2 on > that > > > > network go over > > > > the second path, and so on. Per-destination load balancing > > is > > > > enabled by > > > > default when you start the router, and is the preferred > load > > > > balancing for > > > > most situations." > > > > > > > > It was my understanding that per-destination load > balancing > > > was > > > > based on the > > > > destination address only and not on the source/destination > > > pair. > > > > > > > > If someone could clarify it would be much appreciated. > > > > > > > > Cheers > > > > Tim > > > > > > This probably depends on the switching mechanism in place. > > Fast > > > switching, as I recall, simply caches the outgoing interface > > > for any given destination so it's relying on the destination > > > information only. > > > > Yes, fast-switching caches the outgoing interface for a > > destination. All packets to a particular destination go out > the > > same interface. CEF works that way too if you use the default. > > > > > CEF uses both the source and destination. > > > > I don't think that is true? CEF doesn't look at source > > addresses. > > I just checked this on our 7513 running 12.2(17a). If you use > the command "show ip cef exact-route sourceip destinationip" > you'll see the cached exit interface. If you do this with > several source addresses going to the same destination when > there are multiple paths you'll see that they use different > exit interfaces. > > I wonder if the default behavior has changed as CEF has evolved? > > John > > Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=73026&t=72944 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Per-destination load balancing [7:72944]
Thank you for your replies, think I've got it now. ""Tim Champion"" wrote in message news:[EMAIL PROTECTED] > Could someone please confirm the following to be true (taken from CCO): > > "Per-destination load balancing allows the router to distribute packets > based on the destination address, and uses multiple paths to achieve load > sharing. Packets for a given source-destination host pair are guaranteed to > take the same path, even if multiple paths are available. For example, given > two paths to the same network, all packets for destination1 on that network > go over the first path, all packets for destination2 on that network go over > the second path, and so on. Per-destination load balancing is enabled by > default when you start the router, and is the preferred load balancing for > most situations." > > It was my understanding that per-destination load balancing was based on the > destination address only and not on the source/destination pair. > > > > If someone could clarify it would be much appreciated. > > > > Cheers > > > > Tim Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=73009&t=72944 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Per-destination load balancing [7:72944]
At 4:01 PM + 7/24/03, Tim Champion wrote: >Could someone please confirm the following to be true (taken from CCO): > >"Per-destination load balancing allows the router to distribute packets >based on the destination address, and uses multiple paths to achieve load >sharing. Packets for a given source-destination host pair are guaranteed to >take the same path, even if multiple paths are available. For example, given >two paths to the same network, all packets for destination1 on that network >go over the first path, all packets for destination2 on that network go over >the second path, and so on. Per-destination load balancing is enabled by >default when you start the router, and is the preferred load balancing for >most situations." > >It was my understanding that per-destination load balancing was based on the >destination address only and not on the source/destination pair. There are two distinct modes. Fast, silicon, autonomous and optimum switching are destination only. CEF is source/destination pair. I would consider CEF superior in just about any case I can think of, as long as the platform and IOS supports it. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=72996&t=72944 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Per-destination load balancing [7:72944]
If there are multiple levels of Heaven and our final destination has been predetermined in order to equalize the number of people in each level, would this be considered pre-destination load-balancing? >>> Priscilla Oppenheimer 7/24/03 1:24:34 PM >>> Packets for a given source-destination pair are a subset of packets for a given destination. It's true that with per-destination load balancing, all packets for a destination go out the same interface. Thus, it is true that all packets for a given source-destination pair go out the same interface. But I doubt the router acutally looks at the source address with basic packet forwarding, so the tech writer who wrote the paragraph below probably should not have embellished it with that addition, unless it was somehow relevant to some other part of the discussion. It's hard to tell without seeing the entire context. Hope that makes sense. Priscilla Tim Champion wrote: > > Could someone please confirm the following to be true (taken > from CCO): > > "Per-destination load balancing allows the router to distribute > packets > based on the destination address, and uses multiple paths to > achieve load > sharing. Packets for a given source-destination host pair are > guaranteed to > take the same path, even if multiple paths are available. For > example, given > two paths to the same network, all packets for destination1 on > that network > go over the first path, all packets for destination2 on that > network go over > the second path, and so on. Per-destination load balancing is > enabled by > default when you start the router, and is the preferred load > balancing for > most situations." > > It was my understanding that per-destination load balancing was > based on the > destination address only and not on the source/destination pair. > > > > If someone could clarify it would be much appreciated. > > > > Cheers > > > > Tim Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=72970&t=72944 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Per-destination load balancing [7:72944]
Packets for a given source-destination pair are a subset of packets for a given destination. It's true that with per-destination load balancing, all packets for a destination go out the same interface. Thus, it is true that all packets for a given source-destination pair go out the same interface. But I doubt the router acutally looks at the source address with basic packet forwarding, so the tech writer who wrote the paragraph below probably should not have embellished it with that addition, unless it was somehow relevant to some other part of the discussion. It's hard to tell without seeing the entire context. Hope that makes sense. Priscilla Tim Champion wrote: > > Could someone please confirm the following to be true (taken > from CCO): > > "Per-destination load balancing allows the router to distribute > packets > based on the destination address, and uses multiple paths to > achieve load > sharing. Packets for a given source-destination host pair are > guaranteed to > take the same path, even if multiple paths are available. For > example, given > two paths to the same network, all packets for destination1 on > that network > go over the first path, all packets for destination2 on that > network go over > the second path, and so on. Per-destination load balancing is > enabled by > default when you start the router, and is the preferred load > balancing for > most situations." > > It was my understanding that per-destination load balancing was > based on the > destination address only and not on the source/destination pair. > > > > If someone could clarify it would be much appreciated. > > > > Cheers > > > > Tim > > Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=72954&t=72944 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Per-destination load balancing [7:72944]
Tim Champion wrote: > > Could someone please confirm the following to be true (taken > from CCO): > > "Per-destination load balancing allows the router to distribute > packets > based on the destination address, and uses multiple paths to > achieve load > sharing. Packets for a given source-destination host pair are > guaranteed to > take the same path, even if multiple paths are available. For > example, given > two paths to the same network, all packets for destination1 on > that network > go over the first path, all packets for destination2 on that > network go over > the second path, and so on. Per-destination load balancing is > enabled by > default when you start the router, and is the preferred load > balancing for > most situations." > > It was my understanding that per-destination load balancing was > based on the > destination address only and not on the source/destination pair. > > If someone could clarify it would be much appreciated. > > Cheers > Tim This probably depends on the switching mechanism in place. Fast switching, as I recall, simply caches the outgoing interface for any given destination so it's relying on the destination information only. CEF uses both the source and destination. Multiple sources trying to reach the same destination might not use the same outgoing interface. John Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=72962&t=72944 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Per-destination load balancing [7:72944]
Could someone please confirm the following to be true (taken from CCO): "Per-destination load balancing allows the router to distribute packets based on the destination address, and uses multiple paths to achieve load sharing. Packets for a given source-destination host pair are guaranteed to take the same path, even if multiple paths are available. For example, given two paths to the same network, all packets for destination1 on that network go over the first path, all packets for destination2 on that network go over the second path, and so on. Per-destination load balancing is enabled by default when you start the router, and is the preferred load balancing for most situations." It was my understanding that per-destination load balancing was based on the destination address only and not on the source/destination pair. If someone could clarify it would be much appreciated. Cheers Tim Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=72944&t=72944 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: How do I check if load balancing works ? Catalyst 2900 and [7:72700]
Chris, Since you are choosing the link based on MAC addresses and only one switch LED is blinking, is your test traffic to stations located across a router? The router will obviously have a single MAC address, so EtherChannel based on MACs will use only a single link. Perhaps you should change to IP balancing. Regarless of whether you use MAC or IP balancing, make sure that your test includes multiple destinations or you will only ever use one link! - Tom Chris wrote: > Hi everybody > > > I have a Compaq server with 2 NC3121 cards. According with the docs, the > card supports Fast Etherchannel > static configuration (ON). > I couldn't find a procedure to set up Fast Etherchannel for the network card > so I did what I thought it was better. > > I selected the following : > Teaming control =Load balancing > Load balancing options: > --- > [x]Switch assisted load balancing > [ ]Transmit load balancing > --- > [x ]Balance with MAC addresses > [ ]Balance with IP addresses > --- > > On the switch side I set up the following: > > interface Port-channel > no ip address > flowcontrol send off > ! > interface FastEthernet0/1 > no ip address > channel-group 1 mode on > ! > interface FastEthernet0/2 > no ip address > channel-group 1 mode on > > Everything looks fine, the redundancy works but how can I see if it works ? > I mean the load balancing. > I don't know the SNMP OID to monitor that interface. Judging by the blinking > lights it works only on one interface. > I made the tests selecting different classes of IPs (10 mod 2 and 10 mod 5) > for transmission on the server side > I set up the switch on source balancing. Not very sure that both MAC aren't > in the same class (MAC) mod 2. > The 'show int' command shows me load only on the first interface of the > channel. > The 'debug etherchanel' shows that the switch senses the disconnecting of > the interfaces (if I test this). > > Any clue ? > Thank you > Chris Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=72700&t=72700 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: How do I check if load balancing works ? (silly [7:72635]
I do have this horrible mental image of Blind Justice standing there with a packet stream going into each pan of the balance. Of course, one needs to decide on the weight of a packet... Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=72635&t=72635 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: How do I check if load balancing works ? Catalyst 2900 and [7:72605]
Look at the switch counters for the interfaces, they should Both be counting up bits and frames when the port channel Is moving data... Larry Letterman Cisco Systems -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Chris Sent: Friday, July 18, 2003 2:45 PM To: [EMAIL PROTECTED] Subject: How do I check if load balancing works ? Catalyst 2900 and [7:72601] Hi everybody I have a Compaq server with 2 NC3121 cards. According with the docs, the card supports Fast Etherchannel static configuration (ON). I couldn't find a procedure to set up Fast Etherchannel for the network card so I did what I thought it was better. I selected the following : Teaming control =Load balancing Load balancing options: --- [x]Switch assisted load balancing [ ]Transmit load balancing --- [x ]Balance with MAC addresses [ ]Balance with IP addresses --- On the switch side I set up the following: interface Port-channel no ip address flowcontrol send off ! interface FastEthernet0/1 no ip address channel-group 1 mode on ! interface FastEthernet0/2 no ip address channel-group 1 mode on Everything looks fine, the redundancy works but how can I see if it works ? I mean the load balancing. I don't know the SNMP OID to monitor that interface. Judging by the blinking lights it works only on one interface. I made the tests selecting different classes of IPs (10 mod 2 and 10 mod 5) for transmission on the server side I set up the switch on source balancing. Not very sure that both MAC aren't in the same class (MAC) mod 2. The 'show int' command shows me load only on the first interface of the channel. The 'debug etherchanel' shows that the switch senses the disconnecting of the interfaces (if I test this). Any clue ? Thank you Chris Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=72605&t=72605 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
How do I check if load balancing works ? Catalyst 2900 and [7:72601]
Hi everybody I have a Compaq server with 2 NC3121 cards. According with the docs, the card supports Fast Etherchannel static configuration (ON). I couldn't find a procedure to set up Fast Etherchannel for the network card so I did what I thought it was better. I selected the following : Teaming control =Load balancing Load balancing options: --- [x]Switch assisted load balancing [ ]Transmit load balancing --- [x ]Balance with MAC addresses [ ]Balance with IP addresses --- On the switch side I set up the following: interface Port-channel no ip address flowcontrol send off ! interface FastEthernet0/1 no ip address channel-group 1 mode on ! interface FastEthernet0/2 no ip address channel-group 1 mode on Everything looks fine, the redundancy works but how can I see if it works ? I mean the load balancing. I don't know the SNMP OID to monitor that interface. Judging by the blinking lights it works only on one interface. I made the tests selecting different classes of IPs (10 mod 2 and 10 mod 5) for transmission on the server side I set up the switch on source balancing. Not very sure that both MAC aren't in the same class (MAC) mod 2. The 'show int' command shows me load only on the first interface of the channel. The 'debug etherchanel' shows that the switch senses the disconnecting of the interfaces (if I test this). Any clue ? Thank you Chris Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=72601&t=72601 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: load balancing switch? [7:72295]
equipment... 6 network segments, 2 switches and 2 firewalls in a clustered environment. have networks 1; 2; 3; 4;5 and 6 going into 2 switches (1;2;3 into A and 4;5;6 into B) A connects to both Firewall C and D which belongs to a clustered firewall environment. B connects to both Firewall C and D which belongs to a clustered firewall environment. need to load balance the data between switches and the firewalls... need to find out whether this is possible.. and possible desing thereoff... but not sure what switches / catalysts i'll need.. hope this helps. cheers ""lat tos"" wrote in message news:[EMAIL PROTECTED] > load balancing? could u give more details Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=72320&t=72295 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: load balancing switch? [7:72295]
load balancing? could u give more details Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=72307&t=72295 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
load balancing switch? [7:72295]
Hi, Anyone knows what model (entry level) cisco switch/catalyst I'll need that can do load balancing? cheers Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=72295&t=72295 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: EIGRP Load Balancing ??'s [7:71607]
Hi, if you are running CEF (generally a good idea), then per-packet load balancing can be turned on with the command 'ip load-sharing per-packet'. You have to configure this on the outgoing interfaces (if I remember correctly). Note however that per-destination load balancing means only that packets for a given source-destination host pair take the same path, so if you have more than one host on any side of the network and traffic is more or less evenly distributed among them, then it should work even with per-destination load balancing (which is the default setting if you use CEF). The command 'no ip route-cache' turns off fast switching, which would also result in per-packet load balancing but also in a performance hit. I think this is what you have heard about. I don't think per-packet load balancing with CEF will decrease performance. Thanks, Zsombor At 11:58 PM 6/28/2003 +, Stephen Manuel wrote: >Group, > > > >I have a customer that has two locations connected via 2-Full >point-to-point T1's. > > > >The customer has a 1720 at each location. > > > >The customer is using EIGRP to load balance the two locations. > > > >The networks at each location show in the routing tables with the same >administrative distance. > > > >Everything is fine up to this point. > > > >However, when I look at the traffic statistics for each of the T1's, the >first T1 has significantly higher utilization. > > > >My research has led me to believe the reason that traffic isn't spread >more evenly over the T1's is due to the way the 1720's switch the >traffic. > > > >It's my understanding that by default the 1720's use per-destination >load balancing in the type of scenario my customer has. > > > >Since only one network is at each location this would explain the >utilization issues. > > > >The solution appears to be for the customer to implement per packet load >balancing. > > > >Am I correct on my points so far ?? > > > >If I implement per packet load-balancing for the customer, is the >command to do this no ip route-cache ?? > > > >If yes, on what interface do I place the command, if not what are the >command or commands and how are they implemented ?? > > > >One of the warnings I've read about concerning per packet load-balancing >is that low end routers like the 1720 may not be able to handle, should >I be concerned about the 1720's ?? > >The customer has a pair of 2621's we could use in place of the 1720's. > > > >Bottomline, the customer would like to load balance the two locations >via the two T1's move evenly, am I proceeding the right direction ?? > > > >If not, what recommendations would others offer. > > > >Thanks in advance. > > > >Stephen Manuel Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=71610&t=71607 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
EIGRP Load Balancing ??'s [7:71607]
Group, I have a customer that has two locations connected via 2-Full point-to-point T1's. The customer has a 1720 at each location. The customer is using EIGRP to load balance the two locations. The networks at each location show in the routing tables with the same administrative distance. Everything is fine up to this point. However, when I look at the traffic statistics for each of the T1's, the first T1 has significantly higher utilization. My research has led me to believe the reason that traffic isn't spread more evenly over the T1's is due to the way the 1720's switch the traffic. It's my understanding that by default the 1720's use per-destination load balancing in the type of scenario my customer has. Since only one network is at each location this would explain the utilization issues. The solution appears to be for the customer to implement per packet load balancing. Am I correct on my points so far ?? If I implement per packet load-balancing for the customer, is the command to do this no ip route-cache ?? If yes, on what interface do I place the command, if not what are the command or commands and how are they implemented ?? One of the warnings I've read about concerning per packet load-balancing is that low end routers like the 1720 may not be able to handle, should I be concerned about the 1720's ?? The customer has a pair of 2621's we could use in place of the 1720's. Bottomline, the customer would like to load balance the two locations via the two T1's move evenly, am I proceeding the right direction ?? If not, what recommendations would others offer. Thanks in advance. Stephen Manuel Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=71607&t=71607 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: one 1720 with 2 ADSL load balancing or bounding 2 adsl [7:70966]
He, I would like to ask if somebody tried balance the traffic over 2 adsl (internet) in one router ( or bound them) to increase the bandwidth using only one ISP. ? Thanks for your help. Amalker ""Tim Champion"" escribis en el mensaje news:[EMAIL PROTECTED] > I have a situation whereby I want to perform load balancing across 2 links. > The problem is that the router which will have to perform the load balancing > learns one route via EIGRP and the other from a static route. I know how to > alter the administrative distance of the static route but I'm not sure on > how to tweak the metric. I guess I need to either increase the metric of the > static route of reduce the metric of the EIGRP route. > > Any suggestions would be appreciated. > > > Tim Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=70966&t=70966 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: so how does IGRP unequal load-balancing work anywa [7:66795]
your example is fair. I haven't seen many real example of load balancing. in the case you're describing you can simply change the metrics on one of the routers 'secondary' link to the other router. this would prevent it from passing anything it received from the one router back to itself. yes the way you've created the example things would 'loop' between them, but as an experienced cisco person, you've recognized the misconfiguration and have avoid the conflict in this setup. I can come up with dozens of normal operation scenarios where if put together in such a manner (which taken alone work fine), would fall apart because they were assembled without a perspective on the greater network. its like me wondering about the validity of marriage if the possibility exists that could marry my own sister. its a possibilty if I can think of the right scenario, but with this knowledge in mind, I can be on the lookout for anyone that resembles me a bit too closely. scott ""nwo"" wrote in message news:[EMAIL PROTECTED] > OK, consider this scenario. > > You have a large network of IGRP routers. You have routers A and B who each > have a metric of, say, 10 to a given destination (I am going to use simple > values for the metrics of IGRP to make things easy). Routers A and B are > also directly connected, and the link between them has a metric of 1. > Router A sends an update to B that the destination has a metric of 10, and > router B adds the value of the link to arrive at a total metric of 11. > Therefore, router B has 2 ways to get to the destination, the first would be > through the normal way (through the path that has a metric of 10) and the > other through router A (which has a metric of 11). Vice versa is also true > with respect to router A. When you configure variance of larger than 1, > then both paths will be entered into the route table. > > If this is the case, then you can see that some packets can bounce around. > For example, router A may, through unequal load-balancing, send some of the > dest packets to B, and then B will, again through unequal balancing, send > some of those packets back to A, etc. Yes, the number of packets sent the > 'wrong way' decreases exponentially but the point is that there is still > some bouncing around. > > The only way I can see that this would not happen is if a router would > compare the metric of a received route (before the cost of the link is > added) to the metric that the router is currently holding for that route, > and if it is equal to or greater than that value, the route is rejected > unconditionally for unequal balancing. This would be something similar to > what the whole EIGRP successor algorithm accomplishes. Does anybody know > for a fact whether this is in the IGRP algorithm? > > > ""Priscilla Oppenheimer"" wrote in message > news:[EMAIL PROTECTED] > > nwo wrote: > > > > > > It occurs to me that I do not understand how IGRP unequal load > > > balancing > > > works. > > > > > > Yes, I understand what the commands are, and I am well aware of > > > the > > > intricacies involved in fast-switching and CEF. So please > > > don't respond by > > > telling me to configure 'variance' or stuff like that. I > > > already know all > > > that. > > > > > > What I don't understand is this. A fundamental part of EIGRP > > > unequal load > > > balancing is the concept of the feasible successor, where > > > routes of unequal > > > metric to a particular destination will be considered only if > > > the > > > corresponding neighbor is a feasible successor for the > > > destination in > > > question. This is in order to prevent the problem of packets > > > being sent to > > > to a router that is actually further away from the destination > > > than the > > > sending router is to that destination. > > > > > > Yet, I am aware of no such safeguards in IGRP. IGRP has no > > > such concept of > > > > I don't think such a safeguard is necessary. A router running even a > simple > > distance-vector protocol like IGRP knows the metric of its neighbors > because > > the neighbors report it in update packets. The router can add routes to > the > > routing table based on this information alone and knowledge of the > variance > > and maximum-paths values. It would be a broken protocol indeed if it added > > routes that included a next-hop neighbor that was farther away. > > > > The business of feasible successors, unique to EIGRP,
Re: so how does IGRP unequal load-balancing work anywa [7:66727]
OK, consider this scenario. You have a large network of IGRP routers. You have routers A and B who each have a metric of, say, 10 to a given destination (I am going to use simple values for the metrics of IGRP to make things easy). Routers A and B are also directly connected, and the link between them has a metric of 1. Router A sends an update to B that the destination has a metric of 10, and router B adds the value of the link to arrive at a total metric of 11. Therefore, router B has 2 ways to get to the destination, the first would be through the normal way (through the path that has a metric of 10) and the other through router A (which has a metric of 11). Vice versa is also true with respect to router A. When you configure variance of larger than 1, then both paths will be entered into the route table. If this is the case, then you can see that some packets can bounce around. For example, router A may, through unequal load-balancing, send some of the dest packets to B, and then B will, again through unequal balancing, send some of those packets back to A, etc. Yes, the number of packets sent the 'wrong way' decreases exponentially but the point is that there is still some bouncing around. The only way I can see that this would not happen is if a router would compare the metric of a received route (before the cost of the link is added) to the metric that the router is currently holding for that route, and if it is equal to or greater than that value, the route is rejected unconditionally for unequal balancing. This would be something similar to what the whole EIGRP successor algorithm accomplishes. Does anybody know for a fact whether this is in the IGRP algorithm? ""Priscilla Oppenheimer"" wrote in message news:[EMAIL PROTECTED] > nwo wrote: > > > > It occurs to me that I do not understand how IGRP unequal load > > balancing > > works. > > > > Yes, I understand what the commands are, and I am well aware of > > the > > intricacies involved in fast-switching and CEF. So please > > don't respond by > > telling me to configure 'variance' or stuff like that. I > > already know all > > that. > > > > What I don't understand is this. A fundamental part of EIGRP > > unequal load > > balancing is the concept of the feasible successor, where > > routes of unequal > > metric to a particular destination will be considered only if > > the > > corresponding neighbor is a feasible successor for the > > destination in > > question. This is in order to prevent the problem of packets > > being sent to > > to a router that is actually further away from the destination > > than the > > sending router is to that destination. > > > > Yet, I am aware of no such safeguards in IGRP. IGRP has no > > such concept of > > I don't think such a safeguard is necessary. A router running even a simple > distance-vector protocol like IGRP knows the metric of its neighbors because > the neighbors report it in update packets. The router can add routes to the > routing table based on this information alone and knowledge of the variance > and maximum-paths values. It would be a broken protocol indeed if it added > routes that included a next-hop neighbor that was farther away. > > The business of feasible successors, unique to EIGRP, helps maintain the > routing table when changes happen, such as when a directly connected link > fails or when update or queries arrive. I don't know if it's used for load > balancing though. It wouldn't need to be. > > If you have a URL that explains what feasible successor has to do with load > balancing, please send it. Thanks. But I would probably still say that it's > not necessary for load balancing to work. > > > a topology table with neighbor's advertised distances and > > whatnot. > > Therefore it seems that packets could easily be forwarded away > > from the > > destination. > > Not if the distance-vector protocol is working correctly. > > > Furthermore, it would seem to me that packets > > could actually > > bounce back and forth between 2 routers for awhile. > > Once again, not if the distance-vector protocol is working correctly, unless > I'm missing something. > > Priscilla > > > > > > Please say it ain't so. Yet I am unaware of any construct > > within IGRP that > > would prevent it from being so. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=66727&t=66727 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: so how does IGRP unequal load-balancing work anyway? [7:66722]
considering hold-down times and split horison, why do you think that packets would bounces in a loop under normal conditions? I think under normal conditions if a route is considered valid enough to be included in a routing table, its not going to be a loop. I think EIGRP only looked for alternate successors when the feasible successor was a really bad cost, was because of an optimization standpoint and not a loop issue. I agree that there can be some issues with classful protocols and routing, but I think the issue of load balancing legitimately discovered routes isn't worrisome. you'll pretty much have an eye on your network and know if something isn't right, but it seems like you're worried that if you setup a network and leave it for a few years unattended there might be problems, well what network won't under those circumstances? scott ""nwo"" wrote in message news:[EMAIL PROTECTED] > It occurs to me that I do not understand how IGRP unequal load balancing > works. > > Yes, I understand what the commands are, and I am well aware of the > intricacies involved in fast-switching and CEF. So please don't respond by > telling me to configure 'variance' or stuff like that. I already know all > that. > > What I don't understand is this. A fundamental part of EIGRP unequal load > balancing is the concept of the feasible successor, where routes of unequal > metric to a particular destination will be considered only if the > corresponding neighbor is a feasible successor for the destination in > question. This is in order to prevent the problem of packets being sent to > to a router that is actually further away from the destination than the > sending router is to that destination. > > Yet, I am aware of no such safeguards in IGRP. IGRP has no such concept of > a topology table with neighbor's advertised distances and whatnot. > Therefore it seems that packets could easily be forwarded away from the > destination. Furthermore, it would seem to me that packets could actually > bounce back and forth between 2 routers for awhile. > > Please say it ain't so. Yet I am unaware of any construct within IGRP that > would prevent it from being so. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=66722&t=66722 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: so how does IGRP unequal load-balancing work anywa [7:66665]
nwo wrote: > > It occurs to me that I do not understand how IGRP unequal load > balancing > works. > > Yes, I understand what the commands are, and I am well aware of > the > intricacies involved in fast-switching and CEF. So please > don't respond by > telling me to configure 'variance' or stuff like that. I > already know all > that. > > What I don't understand is this. A fundamental part of EIGRP > unequal load > balancing is the concept of the feasible successor, where > routes of unequal > metric to a particular destination will be considered only if > the > corresponding neighbor is a feasible successor for the > destination in > question. This is in order to prevent the problem of packets > being sent to > to a router that is actually further away from the destination > than the > sending router is to that destination. > > Yet, I am aware of no such safeguards in IGRP. IGRP has no > such concept of I don't think such a safeguard is necessary. A router running even a simple distance-vector protocol like IGRP knows the metric of its neighbors because the neighbors report it in update packets. The router can add routes to the routing table based on this information alone and knowledge of the variance and maximum-paths values. It would be a broken protocol indeed if it added routes that included a next-hop neighbor that was farther away. The business of feasible successors, unique to EIGRP, helps maintain the routing table when changes happen, such as when a directly connected link fails or when update or queries arrive. I don't know if it's used for load balancing though. It wouldn't need to be. If you have a URL that explains what feasible successor has to do with load balancing, please send it. Thanks. But I would probably still say that it's not necessary for load balancing to work. > a topology table with neighbor's advertised distances and > whatnot. > Therefore it seems that packets could easily be forwarded away > from the > destination. Not if the distance-vector protocol is working correctly. > Furthermore, it would seem to me that packets > could actually > bounce back and forth between 2 routers for awhile. Once again, not if the distance-vector protocol is working correctly, unless I'm missing something. Priscilla > > Please say it ain't so. Yet I am unaware of any construct > within IGRP that > would prevent it from being so. > > Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=66717&t=5 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: so how does IGRP unequal load-balancing work anyway? [7:66667]
I can't remember the exact terminology but an IGRP router is aware of a neighbors metric to a destination as well as its own metric to the same destination. The router will only consider routes to be valid if the upstream router's metric to the destination is lower than its own metric to the same destination. This prevents the problems you mentioned below. You may want to get a second opinion on this! Tim ""nwo"" wrote in message news:[EMAIL PROTECTED] > It occurs to me that I do not understand how IGRP unequal load balancing > works. > > Yes, I understand what the commands are, and I am well aware of the > intricacies involved in fast-switching and CEF. So please don't respond by > telling me to configure 'variance' or stuff like that. I already know all > that. > > What I don't understand is this. A fundamental part of EIGRP unequal load > balancing is the concept of the feasible successor, where routes of unequal > metric to a particular destination will be considered only if the > corresponding neighbor is a feasible successor for the destination in > question. This is in order to prevent the problem of packets being sent to > to a router that is actually further away from the destination than the > sending router is to that destination. > > Yet, I am aware of no such safeguards in IGRP. IGRP has no such concept of > a topology table with neighbor's advertised distances and whatnot. > Therefore it seems that packets could easily be forwarded away from the > destination. Furthermore, it would seem to me that packets could actually > bounce back and forth between 2 routers for awhile. > > Please say it ain't so. Yet I am unaware of any construct within IGRP that > would prevent it from being so. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=7&t=7 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
so how does IGRP unequal load-balancing work anyway? [7:66665]
It occurs to me that I do not understand how IGRP unequal load balancing works. Yes, I understand what the commands are, and I am well aware of the intricacies involved in fast-switching and CEF. So please don't respond by telling me to configure 'variance' or stuff like that. I already know all that. What I don't understand is this. A fundamental part of EIGRP unequal load balancing is the concept of the feasible successor, where routes of unequal metric to a particular destination will be considered only if the corresponding neighbor is a feasible successor for the destination in question. This is in order to prevent the problem of packets being sent to to a router that is actually further away from the destination than the sending router is to that destination. Yet, I am aware of no such safeguards in IGRP. IGRP has no such concept of a topology table with neighbor's advertised distances and whatnot. Therefore it seems that packets could easily be forwarded away from the destination. Furthermore, it would seem to me that packets could actually bounce back and forth between 2 routers for awhile. Please say it ain't so. Yet I am unaware of any construct within IGRP that would prevent it from being so. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=5&t=5 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Server Load Balancing Options [7:66272]
Hello, would someone please validate this list, and or recommend less alternatives? I would appreciate it a lot! Our requirements: 1) Server Load Balancing (IP address translation) LAYER 3 ONLY 2) Server availability monitoring (ping?) 3) Redundant Switch Capability (SLB HSRP?) 4) medium load - DNS, LDAP, mail, radius, etc.. As far as I can tell, my options are 1) 6500 SLB CSM - 40-100 grand ?? what modules are needed here? 2) 6500 cat/native OS SLB ??? what modules are needed here? 3) 4840G - 30 grand 4) 7200 Router IOS SLB CCIE #11021 Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=66272&t=66272 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Load Balancing and NAT [7:64904]
Interesting. I am looking at doing the same thing after my Sprint circuit was down three times in three business days for ~4 hours each time. Something that makes my situation difficult is I have control of the 1700 on my quest circuit but not the sprint router, it is owned by sprint. So I have to leave the sprint router in place and run its eth0 to an ethernet wic in the 1700 and let it hadle the load balancing. I'm thinking of trying to let the 1700 do NAT as well so the ip blocks of both quest and sprint circuits to appear within the same NAT'ed block inside. The other part of the design I have is a vpn established between the firewall behind the router and a firewall in my co-lo. I'm thinking of trying to establish the vpn with an ip on each isp's block for redundancy there then start settign up all traffic in and out of my site to go through the vpn so I shouldn't have to worry about the different ip blocks. ""Terry Oldham"" wrote in message news:[EMAIL PROTECTED] > Hello all, > > I am attempting to setup a Cisco 1721 Router with load balancing and > NAT so that we can provide a dual T1 connection to the network. This is the > first time I have done anything like this and I was wanting to know if > anyone had any good pointers they could give me or any commands that I > should beware of or add. > > Thanks, > > Terry O Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=65247&t=64904 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Load Balancing and NAT [7:64904]
At 5:41 PM + 3/10/03, Logan, Harold wrote: >I have a question about this setup, but it's more deisgn-oriented than >configuration. What's the benefit of having redundant ISPs if they both >connect to one router? Single router with multiple ISPs: Protects you against failure in the ISP routing system. Both ISPs still may get bad routing data. No guard against router or local loop failure. Multiple routers to different POPs of the same ISP: Protects you against local loop failure, lets you contract for physical route diversity within the ISP. No guard against ISP-wide routing failure. You may be able to negotiate multiple upstreams. Multiple routers to different ISPs: may or may not protect against local loop failure, depending on how far apart you place the routers. Potentially decent protection against routing failure. Still vulnerable if there is a common upstream. >I realize that a WAN circuit is more likely to have >problems than the router hardware is, but it seems like both the >configuration problem and the single point of failure can be addressed by >adding a second router. From there, I see two options. #1, break up the LAN >into two DHCP scopes (if DHCP is used) and assign the IP's of both routers >as the default gateway, but alternate them. Scope 1 would have R1's IP as >the primary default gateway, and R2's as the secondary, and vice versa for >scope 2. #2, Use a layer 3 switch at the core of the LAN, and configure >routed ports. Give the switch two default routes with the same AD, and it >will load balance between the two routers. > >Does either of these sound feasible? > >Hal > >> -Original Message- >> From: Terry Oldham [mailto:[EMAIL PROTECTED] >> Sent: Monday, March 10, 2003 11:07 AM >> To: [EMAIL PROTECTED] >> Subject: Re: Load Balancing and NAT [7:64904] >> >> >> The T1's are from different providers, Qwest and Sprint. And >> no we will not >> be running BGP... >> >> >> ""Troy Leliard"" wrote in message >> news:[EMAIL PROTECTED] >> > First big question, are your T1's from the same provider, or from a >> > different provider, and thus different "public" ip address >> space? If it >> is >> > from a different provider, you may well run into some >> problems with NAT. >> > >> > Say for example, client A connects to your webserver (via >> ISP A's public >> IP >> > address that is assigned to you, say x.x.x.x) which is then >> Nat'd to your >> > internal RFC1918 address That will work all fine and >> dandy, but what >> about >> > if your default gateway is ISP B's T1. Outbound packets, >> returning to >> > Client A, will be NAT'd to ISB B's outside address, say y.y.y.y. If >> Client >> > A is behind a stateful firewall, return packets will be >> dropped, as it >> will >> > have ISP B's SRC address, and it will be expecting ISP A's. >> > >> > There are a number of ways around this, but I will wait for >> more detauls >> > before going on. Presumably you are not / will not be >> running BGP, and >> have > > > your own AS? Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=64989&t=64904 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Load Balancing and NAT [7:64904]
ot;" a icrit dans le message de news: > > [EMAIL PROTECTED] > > > The T1's are from different providers, Qwest and Sprint. And no we will > > not > > > be running BGP... > > > > > > > > > ""Troy Leliard"" wrote in message > > > news:[EMAIL PROTECTED] > > > > First big question, are your T1's from the same provider, or from a > > > > different provider, and thus different "public" ip address space? If > it > > > is > > > > from a different provider, you may well run into some problems with > NAT. > > > > > > > > Say for example, client A connects to your webserver (via ISP A's > public > > > IP > > > > address that is assigned to you, say x.x.x.x) which is then Nat'd to > > your > > > > internal RFC1918 address That will work all fine and dandy, but what > > > about > > > > if your default gateway is ISP B's T1. Outbound packets, returning to > > > > Client A, will be NAT'd to ISB B's outside address, say y.y.y.y. If > > > Client > > > > A is behind a stateful firewall, return packets will be dropped, as it > > > will > > > > have ISP B's SRC address, and it will be expecting ISP A's. > > > > > > > > There are a number of ways around this, but I will wait for more > detauls > > > > before going on. Presumably you are not / will not be running BGP, > and > > > have > > > > your own AS? > > > > > > > > Terry Oldham wrote: > > > > > > > > > > Hello all, > > > > > > > > > > I am attempting to setup a Cisco 1721 Router with load > > > > > balancing and > > > > > NAT so that we can provide a dual T1 connection to the network. > > > > > This is the > > > > > first time I have done anything like this and I was wanting to > > > > > know if > > > > > anyone had any good pointers they could give me or any commands > > > > > that I > > > > > should beware of or add. > > > > > > > > > > Thanks, > > > > > > > > > > Terry O Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=64932&t=64904 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Load Balancing and NAT [7:64904]
I have a question about this setup, but it's more deisgn-oriented than configuration. What's the benefit of having redundant ISPs if they both connect to one router? I realize that a WAN circuit is more likely to have problems than the router hardware is, but it seems like both the configuration problem and the single point of failure can be addressed by adding a second router. From there, I see two options. #1, break up the LAN into two DHCP scopes (if DHCP is used) and assign the IP's of both routers as the default gateway, but alternate them. Scope 1 would have R1's IP as the primary default gateway, and R2's as the secondary, and vice versa for scope 2. #2, Use a layer 3 switch at the core of the LAN, and configure routed ports. Give the switch two default routes with the same AD, and it will load balance between the two routers. Does either of these sound feasible? Hal > -Original Message- > From: Terry Oldham [mailto:[EMAIL PROTECTED] > Sent: Monday, March 10, 2003 11:07 AM > To: [EMAIL PROTECTED] > Subject: Re: Load Balancing and NAT [7:64904] > > > The T1's are from different providers, Qwest and Sprint. And > no we will not > be running BGP... > > > ""Troy Leliard"" wrote in message > news:[EMAIL PROTECTED] > > First big question, are your T1's from the same provider, or from a > > different provider, and thus different "public" ip address > space? If it > is > > from a different provider, you may well run into some > problems with NAT. > > > > Say for example, client A connects to your webserver (via > ISP A's public > IP > > address that is assigned to you, say x.x.x.x) which is then > Nat'd to your > > internal RFC1918 address That will work all fine and > dandy, but what > about > > if your default gateway is ISP B's T1. Outbound packets, > returning to > > Client A, will be NAT'd to ISB B's outside address, say y.y.y.y. If > Client > > A is behind a stateful firewall, return packets will be > dropped, as it > will > > have ISP B's SRC address, and it will be expecting ISP A's. > > > > There are a number of ways around this, but I will wait for > more detauls > > before going on. Presumably you are not / will not be > running BGP, and > have > > your own AS? > > > > Terry Oldham wrote: > > > > > > Hello all, > > > > > > I am attempting to setup a Cisco 1721 Router with load > > > balancing and > > > NAT so that we can provide a dual T1 connection to the network. > > > This is the > > > first time I have done anything like this and I was wanting to > > > know if > > > anyone had any good pointers they could give me or any commands > > > that I > > > should beware of or add. > > > > > > Thanks, > > > > > > Terry O Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=64930&t=64904 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Load Balancing and NAT [7:64904]
More Info: FastEthernet Int0 172.16.100.2/24 Serial0144.228.52.114 255.255.255.252 Sprint IP Block 65.160.124.193 -65.160.124.222 Serial1 65.123.132.166 255.255.255.252 Qwest IP Block 65.120.161.161 - 65.120.161.190 Honestly I have bitten off a little more than I can chew on this one, however I really need to make it work so all and any advice will be taken. I have been talking with Cisco a little and here is the example they sent me: Current configuration : 1941 bytes version 12.2 service timestamps debug uptime service timestamps log datetime msec localtime show-timezone service password-encryption hostname Inet_Router logging buffered 4096 debugging enable secret 5 $1$L3f5$owQH/giYdx/Gui/nASA9F1 enable password 7 13041200045D51 ip subnet-zero ip cef ip name-server 198.6.1.122 interface FastEthernet0/0 ip address 10.30.25.201 255.255.255.0 ip nat inside speed 100 full-duplex interface Serial0/0 description Verio ip address 165.254.203.110 255.255.255.252 ip nat outside interface Serial0/1 description Cable&Wireless ip address 166.63.156.102 255.255.255.252 ip nat outsid ip nat pool Verio 209.139.11.98 209.139.11.98 netmask 255.255.255.224 ip nat pool Cable 208.168.204.2 208.168.204.2 netmask 255.255.255.0 ip nat inside source route-map Cable1 pool Cable overload ip nat inside source route-map Verio1 pool Verio overload ip nat inside source static 10.30.25.27 209.139.11.122 ip nat inside source static 10.30.25.25 209.139.11.120 ip nat inside source static 10.30.25.63 209.139.11.111 ip nat inside source static 10.30.25.62 209.139.11.110 ip nat inside source static 10.30.25.33 208.168.204.6 ip nat inside source static 10.30.25.32 208.168.204.5 ip nat inside source static 10.30.25.31 209.139.11.101 ip nat inside source static 10.30.25.30 209.139.11.100 ip nat inside source static 10.30.25.137 209.139.11.105 ip classless ip route 0.0.0.0 0.0.0.0 165.254.203.109 ip route 0.0.0.0 0.0.0.0 166.63.156.101 ip route 10.0.0.0 255.0.0.0 FastEthernet0/0 ip http server ip pim bidir-enable access-list 10 permit 10.30.25.0 0.0.0.255 route-map Verio1 permit 10 match ip address 10 match interface Serial0/0 route-map Cable1 permit 10 match ip address 10 match interface Serial0/1 line con 0 login line aux 0 line vty 0 3 login line vty 4 login no scheduler allocate end ""Amar KHELIFI"" wrote in message news:[EMAIL PROTECTED] > could u give us more info pls, as far as the IP's that you will be using. > wasn't it u that wanted to assign 2 ip's for each server you have? > if that is so,u can do the following: > creat 2 VLAN's on ur switch. > creat 2 subinterfaces on the router(must have fast ether) for the vlans. > PBR every thing from ISP A to VLAN A, both ways. > PBR every thing from ISP B to VLAN B, both ways. > make sure the servers don't symetrically route the packets. > with the above, u will have control over traffic that crosses ur router, but > then which IP will the clients use, depends on the DNS config, wether it > will load balance on DNS queries is also another issue, so more or less u > will have no control over traffic coming to ur network. > > if you had ur own net block, it would be easy to load balance, u'd have to > call ur ISP's they will give u a community that u will joing from which they > will load balance, but you will need BGP, of courrse. > > but please give more information to further think it out. > > > ""Terry Oldham"" a icrit dans le message de news: > [EMAIL PROTECTED] > > The T1's are from different providers, Qwest and Sprint. And no we will > not > > be running BGP... > > > > > > ""Troy Leliard"" wrote in message > > news:[EMAIL PROTECTED] > > > First big question, are your T1's from the same provider, or from a > > > different provider, and thus different "public" ip address space? If it > > is > > > from a different provider, you may well run into some problems with NAT. > > > > > > Say for example, client A connects to your webserver (via ISP A's public > > IP > > > address that is assigned to you, say x.x.x.x) which is then Nat'd to > your > > > internal RFC1918 address That will work all fine and dandy, but what > > about > > > if your default gateway is ISP B's T1. Outbound packets, returning to > > > Client A, will be NAT'd to ISB B's outside address, say y.y.y.y. If > > Client > > > A is behind a stateful firewall, return packets will be dropped, as it > > will > > > have ISP B's SRC address, and it will be expecting ISP A's. > > > > > > There are a nu
Re: Load Balancing and NAT [7:64904]
Hi Terry, I think I have already responded to a similar, if not the same question. You wont be able to use NAT, as you can have a many-to-one NAT statement on your router. IE Qwest IP and Sprint IP, both NAT to the same server. The only way I can see you getting this working is if you get a /30 or use ip unumbered between yourself and the providers, and then have both public IP ranges on your insider ethernet segment. (Thus your server will have two public IP addresses configured on them). Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=64914&t=64904 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Load Balancing and NAT [7:64904]
could u give us more info pls, as far as the IP's that you will be using. wasn't it u that wanted to assign 2 ip's for each server you have? if that is so,u can do the following: creat 2 VLAN's on ur switch. creat 2 subinterfaces on the router(must have fast ether) for the vlans. PBR every thing from ISP A to VLAN A, both ways. PBR every thing from ISP B to VLAN B, both ways. make sure the servers don't symetrically route the packets. with the above, u will have control over traffic that crosses ur router, but then which IP will the clients use, depends on the DNS config, wether it will load balance on DNS queries is also another issue, so more or less u will have no control over traffic coming to ur network. if you had ur own net block, it would be easy to load balance, u'd have to call ur ISP's they will give u a community that u will joing from which they will load balance, but you will need BGP, of courrse. but please give more information to further think it out. ""Terry Oldham"" a icrit dans le message de news: [EMAIL PROTECTED] > The T1's are from different providers, Qwest and Sprint. And no we will not > be running BGP... > > > ""Troy Leliard"" wrote in message > news:[EMAIL PROTECTED] > > First big question, are your T1's from the same provider, or from a > > different provider, and thus different "public" ip address space? If it > is > > from a different provider, you may well run into some problems with NAT. > > > > Say for example, client A connects to your webserver (via ISP A's public > IP > > address that is assigned to you, say x.x.x.x) which is then Nat'd to your > > internal RFC1918 address That will work all fine and dandy, but what > about > > if your default gateway is ISP B's T1. Outbound packets, returning to > > Client A, will be NAT'd to ISB B's outside address, say y.y.y.y. If > Client > > A is behind a stateful firewall, return packets will be dropped, as it > will > > have ISP B's SRC address, and it will be expecting ISP A's. > > > > There are a number of ways around this, but I will wait for more detauls > > before going on. Presumably you are not / will not be running BGP, and > have > > your own AS? > > > > Terry Oldham wrote: > > > > > > Hello all, > > > > > > I am attempting to setup a Cisco 1721 Router with load > > > balancing and > > > NAT so that we can provide a dual T1 connection to the network. > > > This is the > > > first time I have done anything like this and I was wanting to > > > know if > > > anyone had any good pointers they could give me or any commands > > > that I > > > should beware of or add. > > > > > > Thanks, > > > > > > Terry O Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=64912&t=64904 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Load Balancing and NAT [7:64904]
The T1's are from different providers, Qwest and Sprint. And no we will not be running BGP... ""Troy Leliard"" wrote in message news:[EMAIL PROTECTED] > First big question, are your T1's from the same provider, or from a > different provider, and thus different "public" ip address space? If it is > from a different provider, you may well run into some problems with NAT. > > Say for example, client A connects to your webserver (via ISP A's public IP > address that is assigned to you, say x.x.x.x) which is then Nat'd to your > internal RFC1918 address That will work all fine and dandy, but what about > if your default gateway is ISP B's T1. Outbound packets, returning to > Client A, will be NAT'd to ISB B's outside address, say y.y.y.y. If Client > A is behind a stateful firewall, return packets will be dropped, as it will > have ISP B's SRC address, and it will be expecting ISP A's. > > There are a number of ways around this, but I will wait for more detauls > before going on. Presumably you are not / will not be running BGP, and have > your own AS? > > Terry Oldham wrote: > > > > Hello all, > > > > I am attempting to setup a Cisco 1721 Router with load > > balancing and > > NAT so that we can provide a dual T1 connection to the network. > > This is the > > first time I have done anything like this and I was wanting to > > know if > > anyone had any good pointers they could give me or any commands > > that I > > should beware of or add. > > > > Thanks, > > > > Terry O Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=64910&t=64904 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Load Balancing and NAT [7:64904]
First big question, are your T1's from the same provider, or from a different provider, and thus different "public" ip address space? If it is from a different provider, you may well run into some problems with NAT. Say for example, client A connects to your webserver (via ISP A's public IP address that is assigned to you, say x.x.x.x) which is then Nat'd to your internal RFC1918 address That will work all fine and dandy, but what about if your default gateway is ISP B's T1. Outbound packets, returning to Client A, will be NAT'd to ISB B's outside address, say y.y.y.y. If Client A is behind a stateful firewall, return packets will be dropped, as it will have ISP B's SRC address, and it will be expecting ISP A's. There are a number of ways around this, but I will wait for more detauls before going on. Presumably you are not / will not be running BGP, and have your own AS? Terry Oldham wrote: > > Hello all, > > I am attempting to setup a Cisco 1721 Router with load > balancing and > NAT so that we can provide a dual T1 connection to the network. > This is the > first time I have done anything like this and I was wanting to > know if > anyone had any good pointers they could give me or any commands > that I > should beware of or add. > > Thanks, > > Terry O > > Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=64906&t=64904 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Load Balancing and NAT [7:64904]
Hello all, I am attempting to setup a Cisco 1721 Router with load balancing and NAT so that we can provide a dual T1 connection to the network. This is the first time I have done anything like this and I was wanting to know if anyone had any good pointers they could give me or any commands that I should beware of or add. Thanks, Terry O Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=64904&t=64904 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: EIGRP & load balancing between ISDN & leased line [7:24630]
Sounds like you need to look into the varience command. Variance is how you tell eigrp to load ballance across unequal bandwidth links. Keep in mind that when both ISDN ports fire up you are talking about a link that is twice as fast as the 64 Kbps Leased Line. Here is a link to the cisco documentation on variance and traffic sharing. http://www.cisco.com/en/US/tech/tk648/tk365/technologies_tech_note09186a008009437d.shtm Hope this helps.. Geoff Kuchera ashish verma wrote: > A branch is connected to two hub locations, one with 64 Kbps Leased line > other with ISDN. Server is at hub location connected by 64Kbps LL. Two hub > locations are connected using multiple 2 Mbps links. EIGRP is implemented. > If ISDN is fired to 2nd location the load balancing does not happen on both > link (64Kbps & ISDN link). If both the channels of ISDN is fired, traffic > goes through ISDN, not through 64Kbps LL. > Load balancing happens if the 64Kbps Leased line & ISDN is connecting to > same hub location. > > We need to share the load when it crosses above 64 Kbps on LL..Any solution ? Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=63656&t=24630 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Load balancing / Backup Links with OSPF [7:63342]
Like you said, if both circuits are the same bandwidth then load balancing will work. If they are not the same bandwidth, you can still load balance by manipulating the cost so that it is the same for both circuits, but once you reach the maximum bandwidth on the lower bandwidth circuit, the router is still going to try to load balance accross them even though one of the circuits is at maximum utilization. If the circuits are not the same bandwidth, then the primary/backup, with the primary being the higher bandwidth circuit, is your best bet. -Original Message- From: Kerry Ogedegbe [ MTN - Portharcourt ] [mailto:[EMAIL PROTECTED]] Sent: Wednesday, February 19, 2003 7:53 AM To: [EMAIL PROTECTED] Subject: Load balancing / Backup Links with OSPF [7:63342] Hello People, We are deploying additional links as backups, and Load Balancing in my organization. One of the links is on our SDH backbone, and the second link is via Frame-Relay through a service provider We are running OSPF routing protocol. We are looking at 2 scenarios: 1 ) SDH Link as primary link, and the frame-relay link as a backup 2) Use both links for load balancing >From my investigations, in other to achieve Load balancing, with OSPF running, the bandwidth on both links has to be the same. And for Backup links, the OSPF cost has to be lower on the primary link, in order to force traffic over the primary link Any suggestions on how to solve this Cheers ___ Kerry Ogedegbe (Network Group) MTN-Nigeria Mobile: 0803 200 2399 Email: [EMAIL PROTECTED] [GroupStudy removed an attachment of type image/jpeg which had a name of Clear Day Bkgrd.JPG] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=63363&t=63342 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Load balancing / Backup Links with OSPF [7:63342]
Hi Kerry, You are right, OSPF only supports 4 equal cost paths, and doesn't support unequal load balancing. The easiest way for you to address either of your options is to manually alter the ospf interface cost. Under the interface, add ip ospf cost xxx Mkae this the same as the other interface if you want load balancing, or different (more on the FR interface) if you wanted active / backup configuration Kerry Ogedegbe [ MTN - Portharcourt ] wrote: > > Hello People, > We are deploying additional links as backups, and Load > Balancing in my > organization. > One of the links is on our SDH backbone, and the second link > is via > Frame-Relay through a service provider > We are running OSPF routing protocol. We are looking at 2 > scenarios: > 1 ) SDH Link as primary link, and the frame-relay link as a > backup > 2) Use both links for load balancing > From my investigations, in other to achieve Load balancing, > with OSPF > running, the bandwidth on both links > has to be the same. > > And for Backup links, the OSPF cost has to be lower on the > primary link, in > order to force traffic over the > primary link > > Any suggestions on how to solve this > Cheers > > ___ > > Kerry Ogedegbe "urn:schemas-microsoft-com:office:office" /> > > (Network Group) > > MTN-Nigeria > > Mobile: 0803 200 2399 > > Email: [EMAIL PROTECTED] > > [GroupStudy removed an attachment of type image/jpeg which had > a name of Clear Day Bkgrd.JPG] > > Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=63346&t=63342 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Load balancing / Backup Links with OSPF [7:63342]
Hello People, We are deploying additional links as backups, and Load Balancing in my organization. One of the links is on our SDH backbone, and the second link is via Frame-Relay through a service provider We are running OSPF routing protocol. We are looking at 2 scenarios: 1 ) SDH Link as primary link, and the frame-relay link as a backup 2) Use both links for load balancing >From my investigations, in other to achieve Load balancing, with OSPF running, the bandwidth on both links has to be the same. And for Backup links, the OSPF cost has to be lower on the primary link, in order to force traffic over the primary link Any suggestions on how to solve this Cheers ___ Kerry Ogedegbe (Network Group) MTN-Nigeria Mobile: 0803 200 2399 Email: [EMAIL PROTECTED] [GroupStudy removed an attachment of type image/jpeg which had a name of Clear Day Bkgrd.JPG] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=63342&t=63342 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Content Switch Module and Server Load Balancing [7:62443]
It is concerning if SLB can do the job, and when it is necessary the CSM module. Andrew Larkins em 05/02/2003 11:12:58 Para: [EMAIL PROTECTED], [EMAIL PROTECTED] cc: Assunto:RE: Content Switch Module and Server Load Balancing [7:62443] yes -we have done it on the 6509 and all is great. What exactly are you after?? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: 05 February 2003 15:18 To: [EMAIL PROTECTED] Subject: Content Switch Module and Server Load Balancing [7:62443] Any Thoughts? "[EMAIL PROTECTED]" @groupstudy.com em 04/02/2003 13:44:09 Favor responder a "[EMAIL PROTECTED]" Enviado Por: [EMAIL PROTECTED] Para: [EMAIL PROTECTED] cc: Assunto:Content Switch Module and Server Load Balancing [7:62443] Does anybody could share any real example of using Server Load Balancing in 6000 switches? Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=62574&t=62443 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Content Switch Module and Server Load Balancing [7:62443]
In mail.net.groupstudy.pro, you wrote: > Any Thoughts? Does anybody could share any real example of using Server > Load Balancing in 6000 switches? Never had the opportunity to play around with the CSM. Is there a specific need to use the CSM? IOS SLB works well on 7200/6000/6500s with MSFCs. Basic config to load-balance all traffic destined to 80/tcp on 10.0.0.1 on two servers (192.168.0.1, 192.168.0.2) could be as follows: ip slb serverfarm myfarm1 real 192.168.0.1 inservice real 192.168.0.2 inservice ip slb vserver mypr0n virtual 10.0.0.1 tcp www serverfarm myfarm1 inservice The default balancing method is weighted round robin. Use sticky in vserver if you want the clients to always return (within a timeframe) to the same server. It's a good way of ensuring application state would be kept on one server instead of 10 or so (this really depends on what your application needs are.) Do "sh ip slb vs" to check the state of your virtual server(s), "sh ip slb se de" to check the state of your farm(s) and "sh ip slb st" would show generic SLB stats. // kaj Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=62505&t=62443 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Content Switch Module and Server Load Balancing [7:62443]
yes -we have done it on the 6509 and all is great. What exactly are you after?? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: 05 February 2003 15:18 To: [EMAIL PROTECTED] Subject: Content Switch Module and Server Load Balancing [7:62443] Any Thoughts? "[EMAIL PROTECTED]" @groupstudy.com em 04/02/2003 13:44:09 Favor responder a "[EMAIL PROTECTED]" Enviado Por: [EMAIL PROTECTED] Para: [EMAIL PROTECTED] cc: Assunto:Content Switch Module and Server Load Balancing [7:62443] Does anybody could share any real example of using Server Load Balancing in 6000 switches? Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=62503&t=62443 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Content Switch Module and Server Load Balancing [7:62443]
Any Thoughts? "[EMAIL PROTECTED]" @groupstudy.com em 04/02/2003 13:44:09 Favor responder a "[EMAIL PROTECTED]" Enviado Por: [EMAIL PROTECTED] Para: [EMAIL PROTECTED] cc: Assunto:Content Switch Module and Server Load Balancing [7:62443] Does anybody could share any real example of using Server Load Balancing in 6000 switches? Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=62498&t=62443 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Content Switch Module and Server Load Balancing [7:62443]
Does anybody could share any real example of using Server Load Balancing in 6000 switches? Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=62443&t=62443 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: BGP load balancing questions [7:61095]
Well I have a solution, thanks to the many responses here. I sent a trouble ticket in to ISP1 and they called me back, and said I needed to join a specific community. I did that and they updated their end also. Then I checked the looking glass, and there was also a route through ISP 1's AS number(which wasn't there previously). And sure enough incoming traffic started leveling out between the two ISPs. Thanks for all the responses! Robert -Original Message- From: Captain Lance [mailto:[EMAIL PROTECTED]] Sent: Wednesday, January 15, 2003 2:59 PM To: [EMAIL PROTECTED] Subject: Re: BGP load balancing questions [7:61095] I am very interested in how Radware and FatPipe solve this issue, can anyone explain? Lance ""John Neiberger"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Oh, that's right. I always forget about that solution. :-) Radware > and FatPipe have nice solutions to this, as well. We almost bought a > box from FatPipe at one point but we decided we had better ways of > accomplishing our goals without their hardware. > > On a side note, they also have one of the most outrageous vendor gift > items I've ever seen: boxer shorts that say "FatPipe Inside". Good > grief If I worked for them I'd never mention that item to a > client, especially in mixed company! > > John > > >>> "Greg Owens" 1/15/03 9:06:28 AM >>> > can buy and hardware loadbalancer from f5. > > > > From: "Robert Fowler" > > Date: 2003/01/15 Wed AM 09:31:49 EST > > To: [EMAIL PROTECTED] > > Subject: BGP load balancing questions [7:61095] > > > > Hello groupstudy, > > > > I've been banging my head against the wall and figured I would defer > this > > question to those of you more learned and experienced. Here is the > the > > scenario: > > > > 2 routers running BGP > > Router 1 has a connection to ISP 1 and router 2 has a connection to > ISP 2 > > Each receives full routes. > > Each provider has given us a class C address > > Only the class C from provider 1 is actively used, because provider > > 2 > will > > probably be dropped eventually(ssshhh don't tell ARIN) > > > > > > The class C is advertised to both ISPs, however ISP 1 aggregates > this > > address space so instead of being 1.1.1.x /24 it's 1.1.x.x /16 This > > was checked using various looking glasses. > > > > What that means is that traffic to my Class C will arrive primarily > via ISP > > 2 because it will see the /24 I advertise though it. That is bad, > for > > various reasons. Mainly because we are charged by usage from ISP2, > but also > > because we are going to upgrade ISP1 to a fractional t3 and use ISP > 2 > > primarily as a backup eventually. Also the traffic coming in is 90% > via ISP > > 2 and 10% via ISP 1. > > > > If I remember from my studying so long ago, even prepending my AS > number to > > ISP 2 will not work, becuase it doesn't even make it to that > criteria, but > > rather see the /24 and chooses that route. > > > > I searched some newsgroups, but amazingly enough nobody seemed to > have this > > issue. I saw someone who had a larger block than /24 and some > suggestions > > there but that would not work in this case. > > > > > > Options not available: > > Using the Class C from Carrier 2 to load balance using IP space and > traffic > > types > > Getting a class C independant of a provider from ARIN. (That costs > money > :)) > > > > > > Robert > Greg Owens > 202-398-2552 Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=61141&t=61095 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: BGP load balancing questions [7:61095]
Is this "your" address space or is it sprint/global crossings address space? ""John Neiberger"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > I'm currently advertising a /24 to Sprint and Global Crossing and > neither provider aggregates or filters it. Unless, that is, they've > been sneaking around changing things behind my back. > > >>> "Clay Auch" 1/15/03 9:49:30 AM >>> > Alex, > > Not at all true ... Sprint (unless this has changed) will filter at the > /22 > and will make no exceptions. Other providers such as UUNET/WCOM filter > at > the /24 ... so traffic will prefer UUNET if in the scenario ISP 1 = > Sprint > and ISP 2 = UUNET. I have first hand experience with this ... > > clay > > - Original Message - > From: "Alex Muhin" > To: > Sent: Wednesday, January 15, 2003 10:07 AM > Subject: RE: BGP load balancing questions [7:61095] > > > > ISP1 should advertise 1.1.1.x/16 AND 1.1.1.x/24 ? > > > > alex Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=61133&t=61095 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: BGP load balancing questions [7:61095]
I am very interested in how Radware and FatPipe solve this issue, can anyone explain? Lance ""John Neiberger"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Oh, that's right. I always forget about that solution. :-) Radware > and FatPipe have nice solutions to this, as well. We almost bought a > box from FatPipe at one point but we decided we had better ways of > accomplishing our goals without their hardware. > > On a side note, they also have one of the most outrageous vendor gift > items I've ever seen: boxer shorts that say "FatPipe Inside". Good > grief If I worked for them I'd never mention that item to a client, > especially in mixed company! > > John > > >>> "Greg Owens" 1/15/03 9:06:28 AM >>> > can buy and hardware loadbalancer from f5. > > > > From: "Robert Fowler" > > Date: 2003/01/15 Wed AM 09:31:49 EST > > To: [EMAIL PROTECTED] > > Subject: BGP load balancing questions [7:61095] > > > > Hello groupstudy, > > > > I've been banging my head against the wall and figured I would defer > this > > question to those of you more learned and experienced. Here is the > the > > scenario: > > > > 2 routers running BGP > > Router 1 has a connection to ISP 1 and router 2 has a connection to > ISP 2 > > Each receives full routes. > > Each provider has given us a class C address > > Only the class C from provider 1 is actively used, because provider 2 > will > > probably be dropped eventually(ssshhh don't tell ARIN) > > > > > > The class C is advertised to both ISPs, however ISP 1 aggregates > this > > address space so instead of being 1.1.1.x /24 it's 1.1.x.x /16 > > This was checked using various looking glasses. > > > > What that means is that traffic to my Class C will arrive primarily > via ISP > > 2 because it will see the /24 I advertise though it. That is bad, > for > > various reasons. Mainly because we are charged by usage from ISP2, > but also > > because we are going to upgrade ISP1 to a fractional t3 and use ISP > 2 > > primarily as a backup eventually. Also the traffic coming in is 90% > via ISP > > 2 and 10% via ISP 1. > > > > If I remember from my studying so long ago, even prepending my AS > number to > > ISP 2 will not work, becuase it doesn't even make it to that > criteria, but > > rather see the /24 and chooses that route. > > > > I searched some newsgroups, but amazingly enough nobody seemed to > have this > > issue. I saw someone who had a larger block than /24 and some > suggestions > > there but that would not work in this case. > > > > > > Options not available: > > Using the Class C from Carrier 2 to load balance using IP space and > traffic > > types > > Getting a class C independant of a provider from ARIN. (That costs > money > :)) > > > > > > Robert > Greg Owens > 202-398-2552 Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=61135&t=61095 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: BGP load balancing questions [7:61095]
I'm currently advertising a /24 to Sprint and Global Crossing and neither provider aggregates or filters it. Unless, that is, they've been sneaking around changing things behind my back. >>> "Clay Auch" 1/15/03 9:49:30 AM >>> Alex, Not at all true ... Sprint (unless this has changed) will filter at the /22 and will make no exceptions. Other providers such as UUNET/WCOM filter at the /24 ... so traffic will prefer UUNET if in the scenario ISP 1 = Sprint and ISP 2 = UUNET. I have first hand experience with this ... clay - Original Message - From: "Alex Muhin" To: Sent: Wednesday, January 15, 2003 10:07 AM Subject: RE: BGP load balancing questions [7:61095] > ISP1 should advertise 1.1.1.x/16 AND 1.1.1.x/24 ? > > alex Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=61119&t=61095 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: BGP load balancing questions [7:61095]
Oh, that's right. I always forget about that solution. :-) Radware and FatPipe have nice solutions to this, as well. We almost bought a box from FatPipe at one point but we decided we had better ways of accomplishing our goals without their hardware. On a side note, they also have one of the most outrageous vendor gift items I've ever seen: boxer shorts that say "FatPipe Inside". Good grief If I worked for them I'd never mention that item to a client, especially in mixed company! John >>> "Greg Owens" 1/15/03 9:06:28 AM >>> can buy and hardware loadbalancer from f5. > > From: "Robert Fowler" > Date: 2003/01/15 Wed AM 09:31:49 EST > To: [EMAIL PROTECTED] > Subject: BGP load balancing questions [7:61095] > > Hello groupstudy, > > I've been banging my head against the wall and figured I would defer this > question to those of you more learned and experienced. Here is the the > scenario: > > 2 routers running BGP > Router 1 has a connection to ISP 1 and router 2 has a connection to ISP 2 > Each receives full routes. > Each provider has given us a class C address > Only the class C from provider 1 is actively used, because provider 2 will > probably be dropped eventually(ssshhh don't tell ARIN) > > > The class C is advertised to both ISPs, however ISP 1 aggregates this > address space so instead of being 1.1.1.x /24 it's 1.1.x.x /16 > This was checked using various looking glasses. > > What that means is that traffic to my Class C will arrive primarily via ISP > 2 because it will see the /24 I advertise though it. That is bad, for > various reasons. Mainly because we are charged by usage from ISP2, but also > because we are going to upgrade ISP1 to a fractional t3 and use ISP 2 > primarily as a backup eventually. Also the traffic coming in is 90% via ISP > 2 and 10% via ISP 1. > > If I remember from my studying so long ago, even prepending my AS number to > ISP 2 will not work, becuase it doesn't even make it to that criteria, but > rather see the /24 and chooses that route. > > I searched some newsgroups, but amazingly enough nobody seemed to have this > issue. I saw someone who had a larger block than /24 and some suggestions > there but that would not work in this case. > > > Options not available: > Using the Class C from Carrier 2 to load balance using IP space and traffic > types > Getting a class C independant of a provider from ARIN. (That costs money :)) > > > Robert Greg Owens 202-398-2552 Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=61117&t=61095 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: BGP load balancing questions [7:61095]
>ISP1 should advertise 1.1.1.x/16 AND 1.1.1.x/24 ? > >alex > Yes, that's correct. If they don't advertise the more-specific prefix along with their aggregate you'll have problems in a multihomed situation such as that described earlier. John Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=61116&t=61095 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: BGP load balancing questions [7:61095]
Alex, Not at all true ... Sprint (unless this has changed) will filter at the /22 and will make no exceptions. Other providers such as UUNET/WCOM filter at the /24 ... so traffic will prefer UUNET if in the scenario ISP 1 = Sprint and ISP 2 = UUNET. I have first hand experience with this ... clay - Original Message - From: "Alex Muhin" To: Sent: Wednesday, January 15, 2003 10:07 AM Subject: RE: BGP load balancing questions [7:61095] > ISP1 should advertise 1.1.1.x/16 AND 1.1.1.x/24 ? > > alex Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=6&t=61095 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: BGP load balancing questions [7:61095]
Robert, I believe that you are kind of stuck with having ISP1 who filters everything of a /22 and below and ISP 2 filters at the /24. The first criteria is reachability (over all other algorithm criteria ... which are all just tie breakers as far as BGP is concerned). The reachability to your network behind both links is naturally always going to want to traverse ISP 2's link due to the uneven prefix filtering. What we would suggest to customers who had a similar problem is ask ISP 1 to get you a block (justified through ARIN of course) of a /22 (or whatever they will pass through) so that you can load balance traffic over both pipes using that one block. Then, in your justification to ARIN, make sure you detail the fact that you are handing back a /24 from ISP 2 due to the technical pitfall you have encountered and due to the nature of your traffic and business plan. Emphasize that you want to "load share" (not load balance)traffic over both links. Don't mention anything about ISP 2 going away ... need to know basis ... they don't need to know. Now ... if you get that /22 (or whatever size block) from ISP 1, you can announce the block in halves to both ISPs (eg. /23 to ISP 1 and /23 to ISP 2). Make sure that you know which traffic is most important and have that traverse your most reliable pipe ... then have the rest of the traffic traverse the to be backup pipe (aka ISP 2). Hope any of this helps at all ... Please feel free to e-mail me if you have any other questions. Clay - Original Message - From: "Robert Fowler" To: Sent: Wednesday, January 15, 2003 9:31 AM Subject: BGP load balancing questions [7:61095] > Hello groupstudy, > > I've been banging my head against the wall and figured I would defer this > question to those of you more learned and experienced. Here is the the > scenario: > > 2 routers running BGP > Router 1 has a connection to ISP 1 and router 2 has a connection to ISP 2 > Each receives full routes. > Each provider has given us a class C address > Only the class C from provider 1 is actively used, because provider 2 will > probably be dropped eventually(ssshhh don't tell ARIN) > > > The class C is advertised to both ISPs, however ISP 1 aggregates this > address space so instead of being 1.1.1.x /24 it's 1.1.x.x /16 > This was checked using various looking glasses. > > What that means is that traffic to my Class C will arrive primarily via ISP > 2 because it will see the /24 I advertise though it. That is bad, for > various reasons. Mainly because we are charged by usage from ISP2, but also > because we are going to upgrade ISP1 to a fractional t3 and use ISP 2 > primarily as a backup eventually. Also the traffic coming in is 90% via ISP > 2 and 10% via ISP 1. > > If I remember from my studying so long ago, even prepending my AS number to > ISP 2 will not work, becuase it doesn't even make it to that criteria, but > rather see the /24 and chooses that route. > > I searched some newsgroups, but amazingly enough nobody seemed to have this > issue. I saw someone who had a larger block than /24 and some suggestions > there but that would not work in this case. > > > Options not available: > Using the Class C from Carrier 2 to load balance using IP space and traffic > types > Getting a class C independant of a provider from ARIN. (That costs money :)) > > > Robert Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=61107&t=61095 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: BGP load balancing questions [7:61095]
can buy and hardware loadbalancer from f5. > > From: "Robert Fowler" > Date: 2003/01/15 Wed AM 09:31:49 EST > To: [EMAIL PROTECTED] > Subject: BGP load balancing questions [7:61095] > > Hello groupstudy, > > I've been banging my head against the wall and figured I would defer this > question to those of you more learned and experienced. Here is the the > scenario: > > 2 routers running BGP > Router 1 has a connection to ISP 1 and router 2 has a connection to ISP 2 > Each receives full routes. > Each provider has given us a class C address > Only the class C from provider 1 is actively used, because provider 2 will > probably be dropped eventually(ssshhh don't tell ARIN) > > > The class C is advertised to both ISPs, however ISP 1 aggregates this > address space so instead of being 1.1.1.x /24 it's 1.1.x.x /16 > This was checked using various looking glasses. > > What that means is that traffic to my Class C will arrive primarily via ISP > 2 because it will see the /24 I advertise though it. That is bad, for > various reasons. Mainly because we are charged by usage from ISP2, but also > because we are going to upgrade ISP1 to a fractional t3 and use ISP 2 > primarily as a backup eventually. Also the traffic coming in is 90% via ISP > 2 and 10% via ISP 1. > > If I remember from my studying so long ago, even prepending my AS number to > ISP 2 will not work, becuase it doesn't even make it to that criteria, but > rather see the /24 and chooses that route. > > I searched some newsgroups, but amazingly enough nobody seemed to have this > issue. I saw someone who had a larger block than /24 and some suggestions > there but that would not work in this case. > > > Options not available: > Using the Class C from Carrier 2 to load balance using IP space and traffic > types > Getting a class C independant of a provider from ARIN. (That costs money :)) > > > Robert Greg Owens 202-398-2552 Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=61106&t=61095 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: BGP load balancing questions [7:61095]
>Hello groupstudy, > >I've been banging my head against the wall and figured I would defer this >question to those of you more learned and experienced. Here is the the >scenario: > >2 routers running BGP >Router 1 has a connection to ISP 1 and router 2 has a connection to ISP 2 >Each receives full routes. >Each provider has given us a class C address >Only the class C from provider 1 is actively used, because provider 2 will >probably be dropped eventually(ssshhh don't tell ARIN) > > >The class C is advertised to both ISPs, however ISP 1 aggregates this >address space so instead of being 1.1.1.x /24 it's 1.1.x.x /16 >This was checked using various looking glasses. > >What that means is that traffic to my Class C will arrive primarily via ISP >2 because it will see the /24 I advertise though it. That is bad, for >various reasons. Mainly because we are charged by usage from ISP2, but also >because we are going to upgrade ISP1 to a fractional t3 and use ISP 2 >primarily as a backup eventually. Also the traffic coming in is 90% via ISP >2 and 10% via ISP 1. > >If I remember from my studying so long ago, even prepending my AS number to >ISP 2 will not work, becuase it doesn't even make it to that criteria, but >rather see the /24 and chooses that route. > >I searched some newsgroups, but amazingly enough nobody seemed to have this >issue. I saw someone who had a larger block than /24 and some suggestions >there but that would not work in this case. > > >Options not available: >Using the Class C from Carrier 2 to load balance using IP space and traffic >types >Getting a class C independant of a provider from ARIN. (That costs money :)) > > >Robert This is actually a very common issue that people don't think about until it happens to them. :-) The first thing I'd do would be to contact ISP 1 and see if they can provide any options. They should have the ability to advertise your more-specific route along with their aggregate. The next thing I'd do ishmmm...umm... not sure. If ISP 1 refuses to advertise your /24 I'm not sure I see a great solution to your problem. Perhaps the real-world BGP gurus might have a suggestion. It's too late for you but I have one other suggestion. This is the sort of policy that needs to be researched before you even order a circuit with a provider. They usually state their aggregation policy in their BGP documentation and you should take a look at that before deciding on an ISP. As you can see, their aggregation can cause issues and you need to know up front how flexible they can be. Regards, John Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=61103&t=61095 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: BGP load balancing questions [7:61095]
If Provider 1 is large enough, they should be able to assign you a class C that they do not aggregate when they make their announcements to other providers. I would suggest asking them for one of these, if they want to keep your business they will get it to you one way or the other. Another option would be to ask Provider 2 for a class C out of address space that they DO announce as an aggregate, and announce this class C to Provider 1. In this situation your announcement to Provider 1 would always be more specific and most of your traffic would come through them. ~-Original Message- ~From: Robert Fowler [mailto:[EMAIL PROTECTED]] ~Sent: Wednesday, January 15, 2003 9:32 AM ~To: [EMAIL PROTECTED] ~Subject: BGP load balancing questions [7:61095] ~ ~ ~Hello groupstudy, ~ ~I've been banging my head against the wall and figured I would ~defer this ~question to those of you more learned and experienced. Here is the the ~scenario: ~ ~2 routers running BGP ~Router 1 has a connection to ISP 1 and router 2 has a ~connection to ISP 2 ~Each receives full routes. ~Each provider has given us a class C address ~Only the class C from provider 1 is actively used, because ~provider 2 will ~probably be dropped eventually(ssshhh don't tell ARIN) ~ ~ ~The class C is advertised to both ISPs, however ISP 1 aggregates this ~address space so instead of being 1.1.1.x /24 it's 1.1.x.x /16 ~This was checked using various looking glasses. ~ ~What that means is that traffic to my Class C will arrive ~primarily via ISP ~2 because it will see the /24 I advertise though it. That is bad, for ~various reasons. Mainly because we are charged by usage from ~ISP2, but also ~because we are going to upgrade ISP1 to a fractional t3 and use ISP 2 ~primarily as a backup eventually. Also the traffic coming in ~is 90% via ISP ~2 and 10% via ISP 1. ~ ~If I remember from my studying so long ago, even prepending my ~AS number to ~ISP 2 will not work, becuase it doesn't even make it to that ~criteria, but ~rather see the /24 and chooses that route. ~ ~I searched some newsgroups, but amazingly enough nobody seemed ~to have this ~issue. I saw someone who had a larger block than /24 and some ~suggestions ~there but that would not work in this case. ~ ~ ~Options not available: ~Using the Class C from Carrier 2 to load balance using IP ~space and traffic ~types ~Getting a class C independant of a provider from ARIN. (That ~costs money :)) ~ ~ ~Robert ~ ~ ~ ~ Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=61099&t=61095 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: BGP load balancing questions [7:61095]
ISP1 should advertise 1.1.1.x/16 AND 1.1.1.x/24 ? alex Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=61096&t=61095 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
BGP load balancing questions [7:61095]
Hello groupstudy, I've been banging my head against the wall and figured I would defer this question to those of you more learned and experienced. Here is the the scenario: 2 routers running BGP Router 1 has a connection to ISP 1 and router 2 has a connection to ISP 2 Each receives full routes. Each provider has given us a class C address Only the class C from provider 1 is actively used, because provider 2 will probably be dropped eventually(ssshhh don't tell ARIN) The class C is advertised to both ISPs, however ISP 1 aggregates this address space so instead of being 1.1.1.x /24 it's 1.1.x.x /16 This was checked using various looking glasses. What that means is that traffic to my Class C will arrive primarily via ISP 2 because it will see the /24 I advertise though it. That is bad, for various reasons. Mainly because we are charged by usage from ISP2, but also because we are going to upgrade ISP1 to a fractional t3 and use ISP 2 primarily as a backup eventually. Also the traffic coming in is 90% via ISP 2 and 10% via ISP 1. If I remember from my studying so long ago, even prepending my AS number to ISP 2 will not work, becuase it doesn't even make it to that criteria, but rather see the /24 and chooses that route. I searched some newsgroups, but amazingly enough nobody seemed to have this issue. I saw someone who had a larger block than /24 and some suggestions there but that would not work in this case. Options not available: Using the Class C from Carrier 2 to load balance using IP space and traffic types Getting a class C independant of a provider from ARIN. (That costs money :)) Robert Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=61095&t=61095 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Load balancing & NAT [7:60663]
At 11:36 PM + 1/12/03, Emilia Lambros wrote: >Basically any changes to the sticky/persistent part are not options :( the >hardware that's in and performing the load balancing won't be changed >because it works - the NAT portion just needs some ... horrible kludges? :) But isn't NAT itself, independent of vendor and implementation, a kludge? Sometimes it's a good kludge, considering the circumstances. I have long proclaimed that Australians should be the best at networking. Anyone who grows up thinking a platypus, that ultimate biological kludge of multispecies spare parts moving in close coordination, shouldn't be fazed by any of this. :-) Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=60928&t=60663 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Load balancing & NAT [7:60663]
Basically any changes to the sticky/persistent part are not options :( the hardware that's in and performing the load balancing won't be changed because it works - the NAT portion just needs some ... horrible kludges? :) -Original Message- From: Clayton Price [mailto:[EMAIL PROTECTED]] Sent: Sunday, 12 January 2003 10:35 AM To: [EMAIL PROTECTED] Subject: Re: Load balancing & NAT [7:60663] Could you change the persistence to use cookies instead of source IP address (assuming it is a browser based connection)? That would allow you to still load balance across the multiple app servers. Clayton ""Emilia Lambros"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > I'm looking more for a way to play with how the nat pool I have behaves with > IP address use. The NAT config and translations are all working, however I > can't find a situation online that shows me how I can force translations to > not overload quite so much, or how I can make more IP addresses be used so > my load balancing works with sticky sessions set. > > For as long as only 1 IP is being used, all connections to the application > servers go to one application server. Even with 2 IPs being used, I would > have more of a chance of connections going to the 2nd application server to > create some load balancing but as I said, I'm sitting on 8500 connections > and 1 IP being used. I know in theory I can go up to 65K+ connections on > that 1 IP, but I would prefer more like a couple of hundred per IP. > > The majority of articles I've read show how to configure, say rotary pools > or tcp load distribution but not examples of how you can use it another way > that I could perhaps, adapt. As I said though, I can't play with the config > because its a live environment so its a little harder to play and test with, > without a guarantee that it will work :) > > > > -Original Message- > From: The Long and Winding Road > [mailto:[EMAIL PROTECTED]] > Sent: Thursday, 9 January 2003 11:24 AM > To: [EMAIL PROTECTED] > Subject: Re: Load balancing & NAT [7:60663] > > > if you have a CCO customer account, there are a lot of articles in the TAC > database > > this one is a good start, I believe. > > http://www.cisco.com/en/US/customer/tech/tk648/tk361/technologies_tech_note0 > 9186a0080093fca.shtml > watch the wrap. > > HTH > > -- > TANSTAAFL > "there ain't no such thing as a free lunch" > > > > > ""Emilia Lambros"" wrote in message > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > Hi all, > > > > I have an application being load balanced at one site (sticky sessions set > > such that each connection from 1 IP will continue its transactions to the > > same server it started on) and at another site, the users accessing the > load > > balanced application. > > > > The users come in from different office locations across private WAN > links, > > nat inside is on each of their interfaces and on each interface out of the > > router those WAN links connect to, is nat outside. > > > > I have changed their initial configuration based on NAT overload to an > > interface IP address to be a pool of addresses overloaded. I was hoping > > that the connections would spill over to the second IP in the pool at some > > stage sooner than the 8500 NAT connections I have currently, but no go. I > > may as well have NAT'd to 1 IP again :) > > > > Is there a way to overload NAT, but have it using more than 1 IP in the > > pool? e.g. a pool of 30 IPs, its currently using 1.. I'd love the router > to > > even round robin the use of IPs out of the pool but I can't play with the > > config to try it (live environment) and can't find any documentation > online > > explaining exactly what I need NAT to do/not do :( > > > > Thanks, > > > > Em :) Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=60922&t=60663 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Load balancing & NAT [7:60663]
Could you change the persistence to use cookies instead of source IP address (assuming it is a browser based connection)? That would allow you to still load balance across the multiple app servers. Clayton ""Emilia Lambros"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > I'm looking more for a way to play with how the nat pool I have behaves with > IP address use. The NAT config and translations are all working, however I > can't find a situation online that shows me how I can force translations to > not overload quite so much, or how I can make more IP addresses be used so > my load balancing works with sticky sessions set. > > For as long as only 1 IP is being used, all connections to the application > servers go to one application server. Even with 2 IPs being used, I would > have more of a chance of connections going to the 2nd application server to > create some load balancing but as I said, I'm sitting on 8500 connections > and 1 IP being used. I know in theory I can go up to 65K+ connections on > that 1 IP, but I would prefer more like a couple of hundred per IP. > > The majority of articles I've read show how to configure, say rotary pools > or tcp load distribution but not examples of how you can use it another way > that I could perhaps, adapt. As I said though, I can't play with the config > because its a live environment so its a little harder to play and test with, > without a guarantee that it will work :) > > > > -Original Message- > From: The Long and Winding Road > [mailto:[EMAIL PROTECTED]] > Sent: Thursday, 9 January 2003 11:24 AM > To: [EMAIL PROTECTED] > Subject: Re: Load balancing & NAT [7:60663] > > > if you have a CCO customer account, there are a lot of articles in the TAC > database > > this one is a good start, I believe. > > http://www.cisco.com/en/US/customer/tech/tk648/tk361/technologies_tech_note0 > 9186a0080093fca.shtml > watch the wrap. > > HTH > > -- > TANSTAAFL > "there ain't no such thing as a free lunch" > > > > > ""Emilia Lambros"" wrote in message > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > Hi all, > > > > I have an application being load balanced at one site (sticky sessions set > > such that each connection from 1 IP will continue its transactions to the > > same server it started on) and at another site, the users accessing the > load > > balanced application. > > > > The users come in from different office locations across private WAN > links, > > nat inside is on each of their interfaces and on each interface out of the > > router those WAN links connect to, is nat outside. > > > > I have changed their initial configuration based on NAT overload to an > > interface IP address to be a pool of addresses overloaded. I was hoping > > that the connections would spill over to the second IP in the pool at some > > stage sooner than the 8500 NAT connections I have currently, but no go. I > > may as well have NAT'd to 1 IP again :) > > > > Is there a way to overload NAT, but have it using more than 1 IP in the > > pool? e.g. a pool of 30 IPs, its currently using 1.. I'd love the router > to > > even round robin the use of IPs out of the pool but I can't play with the > > config to try it (live environment) and can't find any documentation > online > > explaining exactly what I need NAT to do/not do :( > > > > Thanks, > > > > Em :) Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=60887&t=60663 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Load balancing & NAT [7:60663]
Doug, I used the term "horrible kludge" several hours before I saw your post. The multiple NAT pool kludge is horrible because it is neither scalable nor maintenance-free, nor does it include any dynamic distribution of load across the resultant multiple (outside local) addresses in use. It almost removes the requirement for the load-balancing part of the load-balancers, leaving them with server failover tasks only. As I stated in my post, I'd be looking for a different form of sticky (or a different NAT device). rgds Marc Doug S wrote: > > I liked the comment and definitely agree that some of the authors of Cisco > training material should be named and publicly humiliated, although the > sheer volume of mistakes could make this a somewhat overwhelming task for > the public doing the humiliating. Still, I want to add my opinion that Cisco > documentation and training material is of a lot higher quality a lot of > what's out there, not to name names like MS Press or anything. > > The reason I blindly accepted and posted that particular quote is because it > DOES match my personal experience, which, I admit is considerably less than > the other posters in this thread. The only experience I have is in a lab on > 2500's and 2600's running something around IOS 12.1(T). > > I also want to point of that this behavior of only overloading the first > address in the pool sounds like exactly what the original poster is > experiencing. The fact that Emilia's and my experience contradicts Peter's > and TLaWR makes me think that there are differences in how this works on > different platforms, as TJ suggests. > > I'd also like to hear people's opinions on why my solution is a "horrible" > kludge, as opposed to just a plain old vanilla kludge. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=60858&t=60663 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Load balancing & NAT [7:60663]
At 10:12 PM + 1/10/03, Doug S wrote: >I liked the comment and definitely agree that some of the authors of Cisco >training material should be named and publicly humiliated, although the >sheer volume of mistakes could make this a somewhat overwhelming task for >the public doing the humiliating. Still, I want to add my opinion that Cisco >documentation and training material is of a lot higher quality a lot of >what's out there, not to name names like MS Press or anything. I'm the last person to be an apologist for some of the documentation, but fairness says there are a couple of things to consider. 1. Most Cisco documentation is what might be called "performance skills" based rather than "cognitive" or "design". There's very little information about alternative solutions, or other things that I think of as network architecture. Historically, CID (which originally was an internal course) was the only course that went into tradeoffs, although there are a good many more Cisco-only courses that do. 2. Since the market crash, there's been much less marketability for books that deal with design rather than cookbook or certification-cram content. It's unfortunate -- corporate "economies" are equating configuration skills with design skills. 3. It's almost impossible to keep any kind of general documentation updated on all the permutations of platforms, releases, and bugs. Conceptually, I suppose, Cisco could develop a context-sensitive living hyperdocument that links basic documentation, release notes and bug reports, etc., and have a much better support product, but that would still be support rather than tradeoff oriented. > >The reason I blindly accepted and posted that particular quote is because it >DOES match my personal experience, which, I admit is considerably less than >the other posters in this thread. The only experience I have is in a lab on >2500's and 2600's running something around IOS 12.1(T). I'm sort of laughing and crying, thinking of my most dramatic classroom bug. I was teaching a private ACRC class for MCI, with a mixture of 2500, 4000, and 4500 routers, on, IIRC, IOS 11.0 or so. I had just finished showing GRE for IP, and someone asked a question about running IPX over the same tunnel as the IP. I _know_ this works. So, I said, "no problem". I switched a router console to the projector, added an IPX network to one end of the tunnel, and it went in just fine. Next, I switched to the other router. No sooner had I finished typing IPX network , did both routers go into the most incredible crash mode I have ever seen. They dropped into ROMMON, and then kept cycling back to the start of boot, never giving me keyboard control. Powering them on and off brought back sanity, but I soon found that this crash was reproducible on 4000's and 4500's, but not 2500's. The TRULY weird thing is that when I left a router running overnight in its boot loop, it eventually stabilized and gave console control -- but still would crash if I configured IPX tunneling over GRE. > >I also want to point of that this behavior of only overloading the first >address in the pool sounds like exactly what the original poster is >experiencing. The fact that Emilia's and my experience contradicts Peter's >and TLaWR makes me think that there are differences in how this works on >different platforms, as TJ suggests. There _might_ be theoretical problems of load distribution here, depending on how the address cached in other machines. Source-destination hash is very good in most cases, but if you had this configuration on both ends, everything would go over the same link no matter how many interfaces you had. If the load balancing were destination-based, it could get awful. > >I'd also like to hear people's opinions on why my solution is a "horrible" >kludge, as opposed to just a plain old vanilla kludge. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=60857&t=60663 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Load balancing & NAT [7:60663]
And more importantly, from a semantics perspective - is a "horrible kludge" a bad thing or a good thing? Or a case of two wrongs not making a right. ... double negatives are fun. Thanks! TJ [EMAIL PROTECTED] -Original Message- From: Doug S [mailto:[EMAIL PROTECTED]] Sent: Friday, January 10, 2003 5:13 PM To: [EMAIL PROTECTED] Subject: Re: Load balancing & NAT [7:60663] I liked the comment and definitely agree that some of the authors of Cisco training material should be named and publicly humiliated, although the sheer volume of mistakes could make this a somewhat overwhelming task for the public doing the humiliating. Still, I want to add my opinion that Cisco documentation and training material is of a lot higher quality a lot of what's out there, not to name names like MS Press or anything. The reason I blindly accepted and posted that particular quote is because it DOES match my personal experience, which, I admit is considerably less than the other posters in this thread. The only experience I have is in a lab on 2500's and 2600's running something around IOS 12.1(T). I also want to point of that this behavior of only overloading the first address in the pool sounds like exactly what the original poster is experiencing. The fact that Emilia's and my experience contradicts Peter's and TLaWR makes me think that there are differences in how this works on different platforms, as TJ suggests. I'd also like to hear people's opinions on why my solution is a "horrible" kludge, as opposed to just a plain old vanilla kludge. ** The information in this email is confidential and may be legally privileged. Access to this email by anyone other than the intended addressee is unauthorized. If you are not the intended recipient of this message, any review, disclosure, copying, distribution, retention, or any action taken or omitted to be taken in reliance on it is prohibited and may be unlawful. If you are not the intended recipient, please reply to or forward a copy of this message to the sender and delete the message, any attachments, and any copies thereof from your system. ** Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=60855&t=60663 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Load balancing & NAT [7:60663]
I liked the comment and definitely agree that some of the authors of Cisco training material should be named and publicly humiliated, although the sheer volume of mistakes could make this a somewhat overwhelming task for the public doing the humiliating. Still, I want to add my opinion that Cisco documentation and training material is of a lot higher quality a lot of what's out there, not to name names like MS Press or anything. The reason I blindly accepted and posted that particular quote is because it DOES match my personal experience, which, I admit is considerably less than the other posters in this thread. The only experience I have is in a lab on 2500's and 2600's running something around IOS 12.1(T). I also want to point of that this behavior of only overloading the first address in the pool sounds like exactly what the original poster is experiencing. The fact that Emilia's and my experience contradicts Peter's and TLaWR makes me think that there are differences in how this works on different platforms, as TJ suggests. I'd also like to hear people's opinions on why my solution is a "horrible" kludge, as opposed to just a plain old vanilla kludge. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=60853&t=60663 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Load balancing & NAT [7:60663]
I wonder - is this a situation where specific code level, or the family of products in question, etc., is causing a discrepancy? I know the PIX (currently), for example, works as TLaWR states below ... However, perhaps in IOS when you specify ip nat pool overload (start) (finish) netmask (mask) it treats it differently since you are explicitly saying to 'overload' ? ... just curious ... Thanks! TJ [EMAIL PROTECTED] -Original Message- From: The Long and Winding Road [mailto:[EMAIL PROTECTED]] Sent: Friday, January 10, 2003 11:12 AM To: [EMAIL PROTECTED] Subject: Re: Load balancing & NAT [7:60663] ""Doug S"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > The way PAT works when overloading multiple addresses is to overload the > first address in the pool until ALL port numbers are used up. I can't point > you to any publicly available documentation on this, but cut and pasted from > Network Academy curriculum: > > "However, on a Cisco IOS router, NAT will > overload the first address in the pool until > it's maxed out, and then move on to the > second address, and so on." I don't think so. I think whoever put this into Cisco training materials ought to be named and publicly humiliated. I know from cold hard experience that if you have a pool with several addresses and overload configured, each addres in the pool is translated one to one, and then the last number is shared among all comers after that. isn't there any real technical review of the training materials? > > I've seen people wanting to get around this behavior for a variety of > reasons and I haven't seen anyone post a good reply. I've come up with a a > workaround that I beleive should work for you, although you'll have to take > a good look at your inside local addresses and figure out how to best define > those in to two equal groups. Each group could then be separately > translated to a different address. > > For instance, if you are now transating 8000 inside addresses all in the > range of 10.0.32.0/19 to one overloaded pool, you could configure it to > translate 10.0.32.0/20 to one overloaded pool and 10.0.48.0/20 to a separate > overloaded pool something like > > #access-list 1 permit 10.0.32.0 0.0.15.255 > #access-list 2 permit 10.0.48.0 0.0.15.255 > #ip nat pool LOWER_ADDRESSES_TRANSLATE_TO 209.211.100.1 209.211.100.5 pre 24 > #ip nat pool HIGHER_ADDRESSES_TRANSLATE_TO 209.211.100.6 209.211.100.10 pre > 24 > #ip nat inside source list 1 pool LOWER_ADDRESSES_TRANSLATE_TO overload > #ip nat inside source list 2 pool HIGHER_ADDRESSES_TRANSLATE_TO overload > > Forgive me if I've screwed up the syntax somewhere, but the idea is there. > As I said, you'll have to put some thought into what best works in your > addressing scheme to best separate translated addresses in to two roughly > equal groups. You might even find it helpful to partition them in to more > than two groups. > > Hope it helps. ** The information in this email is confidential and may be legally privileged. Access to this email by anyone other than the intended addressee is unauthorized. If you are not the intended recipient of this message, any review, disclosure, copying, distribution, retention, or any action taken or omitted to be taken in reliance on it is prohibited and may be unlawful. If you are not the intended recipient, please reply to or forward a copy of this message to the sender and delete the message, any attachments, and any copies thereof from your system. ** Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=60825&t=60663 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Load balancing & NAT [7:60663]
""Peter Walker"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > This does NOT match my previous experience. My experience has been that > IOS seems to use NAT (not overloaded) until all pool addresses are used > then start overloading the last one. I dont know what happens once all > when this address gets maxed out. when doing PAT ( NAT overload ) there is a theoretical possibility of 65000 connections ( i.e. the number of TCP ports ) obviously, this would not be practical because of the numbers of well known ports in use. The NAT engine would add the dimension of TCP source port to the state table. So if I am at address 111.111.111.111 and my source port is , the NAT engine might translate this to public IP 222.222.222.222 with a source port of The next guy out, source address 111.111.111.112 with a source port of ( same app ) might be translated ast public IP 222.222.222.222 with a source port of 8881 Etc. The destination application doesn't care what the source port is ( in theory ) although in this particular case, I wonder if the destination host might have a problem. I suppose a well behaved application would not, but you never can tell. > > The only reason we noticed this was due to the fact that we were running > port sentry on a number of unix hosts and noticed that periodically random > machines were being port scanned from outside our net (something that > should not be able to occur if PAT is being used). We finally tracked it > down to NAT (single outside IP to single inside IP) entries appearing in > our NAT translations tables on the router. > > The only solution that we (or TAC) could come up with was to reduce the NAT > pool to a single IP. > > Peter Walker > CISSP, CCN[NID]P, CSS1, CIPPTS, etc > > > --On 09 January 2003 20:15 + Doug S wrote: > > > The way PAT works when overloading multiple addresses is to overload the > > first address in the pool until ALL port numbers are used up. I can't > > point you to any publicly available documentation on this, but cut and > > pasted from Network Academy curriculum: > > > > "However, on a Cisco IOS router, NAT will > > overload the first address in the pool until > > it's maxed out, and then move on to the > > second address, and so on." Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=60820&t=60663 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Load balancing & NAT [7:60663]
""Doug S"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > The way PAT works when overloading multiple addresses is to overload the > first address in the pool until ALL port numbers are used up. I can't point > you to any publicly available documentation on this, but cut and pasted from > Network Academy curriculum: > > "However, on a Cisco IOS router, NAT will > overload the first address in the pool until > it's maxed out, and then move on to the > second address, and so on." I don't think so. I think whoever put this into Cisco training materials ought to be named and publicly humiliated. I know from cold hard experience that if you have a pool with several addresses and overload configured, each addres in the pool is translated one to one, and then the last number is shared among all comers after that. isn't there any real technical review of the training materials? > > I've seen people wanting to get around this behavior for a variety of > reasons and I haven't seen anyone post a good reply. I've come up with a a > workaround that I beleive should work for you, although you'll have to take > a good look at your inside local addresses and figure out how to best define > those in to two equal groups. Each group could then be separately > translated to a different address. > > For instance, if you are now transating 8000 inside addresses all in the > range of 10.0.32.0/19 to one overloaded pool, you could configure it to > translate 10.0.32.0/20 to one overloaded pool and 10.0.48.0/20 to a separate > overloaded pool something like > > #access-list 1 permit 10.0.32.0 0.0.15.255 > #access-list 2 permit 10.0.48.0 0.0.15.255 > #ip nat pool LOWER_ADDRESSES_TRANSLATE_TO 209.211.100.1 209.211.100.5 pre 24 > #ip nat pool HIGHER_ADDRESSES_TRANSLATE_TO 209.211.100.6 209.211.100.10 pre > 24 > #ip nat inside source list 1 pool LOWER_ADDRESSES_TRANSLATE_TO overload > #ip nat inside source list 2 pool HIGHER_ADDRESSES_TRANSLATE_TO overload > > Forgive me if I've screwed up the syntax somewhere, but the idea is there. > As I said, you'll have to put some thought into what best works in your > addressing scheme to best separate translated addresses in to two roughly > equal groups. You might even find it helpful to partition them in to more > than two groups. > > Hope it helps. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=60819&t=60663 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Load balancing & NAT [7:60663]
This does NOT match my previous experience. My experience has been that IOS seems to use NAT (not overloaded) until all pool addresses are used then start overloading the last one. I dont know what happens once all when this address gets maxed out. The only reason we noticed this was due to the fact that we were running port sentry on a number of unix hosts and noticed that periodically random machines were being port scanned from outside our net (something that should not be able to occur if PAT is being used). We finally tracked it down to NAT (single outside IP to single inside IP) entries appearing in our NAT translations tables on the router. The only solution that we (or TAC) could come up with was to reduce the NAT pool to a single IP. Peter Walker CISSP, CCN[NID]P, CSS1, CIPPTS, etc --On 09 January 2003 20:15 + Doug S wrote: > The way PAT works when overloading multiple addresses is to overload the > first address in the pool until ALL port numbers are used up. I can't > point you to any publicly available documentation on this, but cut and > pasted from Network Academy curriculum: > > "However, on a Cisco IOS router, NAT will > overload the first address in the pool until > it's maxed out, and then move on to the > second address, and so on." Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=60800&t=60663 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Load balancing & NAT [7:60663]
It all makes sense now :) As much of a kludge as it is, the individual NAT pools will be perfect. There's several offices, which means several IP addresses will be used if I make individual pools. -Original Message- From: Doug S [mailto:[EMAIL PROTECTED]] Sent: Friday, 10 January 2003 6:45 AM To: [EMAIL PROTECTED] Subject: RE: Load balancing & NAT [7:60663] The way PAT works when overloading multiple addresses is to overload the first address in the pool until ALL port numbers are used up. I can't point you to any publicly available documentation on this, but cut and pasted from Network Academy curriculum: "However, on a Cisco IOS router, NAT will overload the first address in the pool until it's maxed out, and then move on to the second address, and so on." I've seen people wanting to get around this behavior for a variety of reasons and I haven't seen anyone post a good reply. I've come up with a a workaround that I beleive should work for you, although you'll have to take a good look at your inside local addresses and figure out how to best define those in to two equal groups. Each group could then be separately translated to a different address. For instance, if you are now transating 8000 inside addresses all in the range of 10.0.32.0/19 to one overloaded pool, you could configure it to translate 10.0.32.0/20 to one overloaded pool and 10.0.48.0/20 to a separate overloaded pool something like #access-list 1 permit 10.0.32.0 0.0.15.255 #access-list 2 permit 10.0.48.0 0.0.15.255 #ip nat pool LOWER_ADDRESSES_TRANSLATE_TO 209.211.100.1 209.211.100.5 pre 24 #ip nat pool HIGHER_ADDRESSES_TRANSLATE_TO 209.211.100.6 209.211.100.10 pre 24 #ip nat inside source list 1 pool LOWER_ADDRESSES_TRANSLATE_TO overload #ip nat inside source list 2 pool HIGHER_ADDRESSES_TRANSLATE_TO overload Forgive me if I've screwed up the syntax somewhere, but the idea is there. As I said, you'll have to put some thought into what best works in your addressing scheme to best separate translated addresses in to two roughly equal groups. You might even find it helpful to partition them in to more than two groups. Hope it helps. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=60766&t=60663 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Load balancing & NAT [7:60663]
The way PAT works when overloading multiple addresses is to overload the first address in the pool until ALL port numbers are used up. I can't point you to any publicly available documentation on this, but cut and pasted from Network Academy curriculum: "However, on a Cisco IOS router, NAT will overload the first address in the pool until it's maxed out, and then move on to the second address, and so on." I've seen people wanting to get around this behavior for a variety of reasons and I haven't seen anyone post a good reply. I've come up with a a workaround that I beleive should work for you, although you'll have to take a good look at your inside local addresses and figure out how to best define those in to two equal groups. Each group could then be separately translated to a different address. For instance, if you are now transating 8000 inside addresses all in the range of 10.0.32.0/19 to one overloaded pool, you could configure it to translate 10.0.32.0/20 to one overloaded pool and 10.0.48.0/20 to a separate overloaded pool something like #access-list 1 permit 10.0.32.0 0.0.15.255 #access-list 2 permit 10.0.48.0 0.0.15.255 #ip nat pool LOWER_ADDRESSES_TRANSLATE_TO 209.211.100.1 209.211.100.5 pre 24 #ip nat pool HIGHER_ADDRESSES_TRANSLATE_TO 209.211.100.6 209.211.100.10 pre 24 #ip nat inside source list 1 pool LOWER_ADDRESSES_TRANSLATE_TO overload #ip nat inside source list 2 pool HIGHER_ADDRESSES_TRANSLATE_TO overload Forgive me if I've screwed up the syntax somewhere, but the idea is there. As I said, you'll have to put some thought into what best works in your addressing scheme to best separate translated addresses in to two roughly equal groups. You might even find it helpful to partition them in to more than two groups. Hope it helps. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=60739&t=60663 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Load balancing & NAT [7:60663]
IIRC when I last looked at this, it worked as you require, but that might have been v2 NAT rather than v3 which is current. Have you restarted the router, superstition dictates that you should. Failing this, how many app servers are there? You *could* use multiple NAT pools, which would admittedly be a horrible kludge, depends on how desperately you want this. Is there not a better way of using sticky on the load-balancers? Are you in a position to change the app to use cookies for example? or maybe persistent connections so the LBs aren't responsible for sticky? rgds Marc Emilia Lambros wrote: > > I'm looking more for a way to play with how the nat pool I have behaves with > IP address use. The NAT config and translations are all working, however I > can't find a situation online that shows me how I can force translations to > not overload quite so much, or how I can make more IP addresses be used so > my load balancing works with sticky sessions set. > > For as long as only 1 IP is being used, all connections to the application > servers go to one application server. Even with 2 IPs being used, I would > have more of a chance of connections going to the 2nd application server to > create some load balancing but as I said, I'm sitting on 8500 connections > and 1 IP being used. I know in theory I can go up to 65K+ connections on > that 1 IP, but I would prefer more like a couple of hundred per IP. > > The majority of articles I've read show how to configure, say rotary pools > or tcp load distribution but not examples of how you can use it another way > that I could perhaps, adapt. As I said though, I can't play with the config > because its a live environment so its a little harder to play and test with, > without a guarantee that it will work :) > > -Original Message- > From: The Long and Winding Road > [mailto:[EMAIL PROTECTED]] > Sent: Thursday, 9 January 2003 11:24 AM > To: [EMAIL PROTECTED] > Subject: Re: Load balancing & NAT [7:60663] > > if you have a CCO customer account, there are a lot of articles in the TAC > database > > this one is a good start, I believe. > > http://www.cisco.com/en/US/customer/tech/tk648/tk361/technologies_tech_note0 > 9186a0080093fca.shtml > watch the wrap. > > HTH > > -- > TANSTAAFL > "there ain't no such thing as a free lunch" > > ""Emilia Lambros"" wrote in message > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > Hi all, > > > > I have an application being load balanced at one site (sticky sessions set > > such that each connection from 1 IP will continue its transactions to the > > same server it started on) and at another site, the users accessing the > load > > balanced application. > > > > The users come in from different office locations across private WAN > links, > > nat inside is on each of their interfaces and on each interface out of the > > router those WAN links connect to, is nat outside. > > > > I have changed their initial configuration based on NAT overload to an > > interface IP address to be a pool of addresses overloaded. I was hoping > > that the connections would spill over to the second IP in the pool at some > > stage sooner than the 8500 NAT connections I have currently, but no go. I > > may as well have NAT'd to 1 IP again :) > > > > Is there a way to overload NAT, but have it using more than 1 IP in the > > pool? e.g. a pool of 30 IPs, its currently using 1.. I'd love the router > to > > even round robin the use of IPs out of the pool but I can't play with the > > config to try it (live environment) and can't find any documentation > online > > explaining exactly what I need NAT to do/not do :( > > > > Thanks, > > > > Em :) Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=60693&t=60663 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Load balancing & NAT [7:60663]
I'm looking more for a way to play with how the nat pool I have behaves with IP address use. The NAT config and translations are all working, however I can't find a situation online that shows me how I can force translations to not overload quite so much, or how I can make more IP addresses be used so my load balancing works with sticky sessions set. For as long as only 1 IP is being used, all connections to the application servers go to one application server. Even with 2 IPs being used, I would have more of a chance of connections going to the 2nd application server to create some load balancing but as I said, I'm sitting on 8500 connections and 1 IP being used. I know in theory I can go up to 65K+ connections on that 1 IP, but I would prefer more like a couple of hundred per IP. The majority of articles I've read show how to configure, say rotary pools or tcp load distribution but not examples of how you can use it another way that I could perhaps, adapt. As I said though, I can't play with the config because its a live environment so its a little harder to play and test with, without a guarantee that it will work :) -Original Message- From: The Long and Winding Road [mailto:[EMAIL PROTECTED]] Sent: Thursday, 9 January 2003 11:24 AM To: [EMAIL PROTECTED] Subject: Re: Load balancing & NAT [7:60663] if you have a CCO customer account, there are a lot of articles in the TAC database this one is a good start, I believe. http://www.cisco.com/en/US/customer/tech/tk648/tk361/technologies_tech_note0 9186a0080093fca.shtml watch the wrap. HTH -- TANSTAAFL "there ain't no such thing as a free lunch" ""Emilia Lambros"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Hi all, > > I have an application being load balanced at one site (sticky sessions set > such that each connection from 1 IP will continue its transactions to the > same server it started on) and at another site, the users accessing the load > balanced application. > > The users come in from different office locations across private WAN links, > nat inside is on each of their interfaces and on each interface out of the > router those WAN links connect to, is nat outside. > > I have changed their initial configuration based on NAT overload to an > interface IP address to be a pool of addresses overloaded. I was hoping > that the connections would spill over to the second IP in the pool at some > stage sooner than the 8500 NAT connections I have currently, but no go. I > may as well have NAT'd to 1 IP again :) > > Is there a way to overload NAT, but have it using more than 1 IP in the > pool? e.g. a pool of 30 IPs, its currently using 1.. I'd love the router to > even round robin the use of IPs out of the pool but I can't play with the > config to try it (live environment) and can't find any documentation online > explaining exactly what I need NAT to do/not do :( > > Thanks, > > Em :) Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=60670&t=60663 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Load balancing & NAT [7:60663]
oops - forgot where I was going here is a jump page http://www.cisco.com/cgi-bin/Support/browse/psp_view.pl?p=Internetworking:NA T requires CCO customer login. and this one for more detail in design and operation http://www.cisco.com/cgi-bin/Support/browse/psp_view.pl?p=Internetworking:NA T&s=Implementation_and_Configuration watch the wrap on this one - who knows how the groupstudy server will mangle this one. -- TANSTAAFL "there ain't no such thing as a free lunch" ""Emilia Lambros"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Hi all, > > I have an application being load balanced at one site (sticky sessions set > such that each connection from 1 IP will continue its transactions to the > same server it started on) and at another site, the users accessing the load > balanced application. > > The users come in from different office locations across private WAN links, > nat inside is on each of their interfaces and on each interface out of the > router those WAN links connect to, is nat outside. > > I have changed their initial configuration based on NAT overload to an > interface IP address to be a pool of addresses overloaded. I was hoping > that the connections would spill over to the second IP in the pool at some > stage sooner than the 8500 NAT connections I have currently, but no go. I > may as well have NAT'd to 1 IP again :) > > Is there a way to overload NAT, but have it using more than 1 IP in the > pool? e.g. a pool of 30 IPs, its currently using 1.. I'd love the router to > even round robin the use of IPs out of the pool but I can't play with the > config to try it (live environment) and can't find any documentation online > explaining exactly what I need NAT to do/not do :( > > Thanks, > > Em :) Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=60665&t=60663 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Load balancing & NAT [7:60663]
if you have a CCO customer account, there are a lot of articles in the TAC database this one is a good start, I believe. http://www.cisco.com/en/US/customer/tech/tk648/tk361/technologies_tech_note0 9186a0080093fca.shtml watch the wrap. HTH -- TANSTAAFL "there ain't no such thing as a free lunch" ""Emilia Lambros"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Hi all, > > I have an application being load balanced at one site (sticky sessions set > such that each connection from 1 IP will continue its transactions to the > same server it started on) and at another site, the users accessing the load > balanced application. > > The users come in from different office locations across private WAN links, > nat inside is on each of their interfaces and on each interface out of the > router those WAN links connect to, is nat outside. > > I have changed their initial configuration based on NAT overload to an > interface IP address to be a pool of addresses overloaded. I was hoping > that the connections would spill over to the second IP in the pool at some > stage sooner than the 8500 NAT connections I have currently, but no go. I > may as well have NAT'd to 1 IP again :) > > Is there a way to overload NAT, but have it using more than 1 IP in the > pool? e.g. a pool of 30 IPs, its currently using 1.. I'd love the router to > even round robin the use of IPs out of the pool but I can't play with the > config to try it (live environment) and can't find any documentation online > explaining exactly what I need NAT to do/not do :( > > Thanks, > > Em :) Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=60664&t=60663 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Load balancing & NAT [7:60663]
Hi all, I have an application being load balanced at one site (sticky sessions set such that each connection from 1 IP will continue its transactions to the same server it started on) and at another site, the users accessing the load balanced application. The users come in from different office locations across private WAN links, nat inside is on each of their interfaces and on each interface out of the router those WAN links connect to, is nat outside. I have changed their initial configuration based on NAT overload to an interface IP address to be a pool of addresses overloaded. I was hoping that the connections would spill over to the second IP in the pool at some stage sooner than the 8500 NAT connections I have currently, but no go. I may as well have NAT'd to 1 IP again :) Is there a way to overload NAT, but have it using more than 1 IP in the pool? e.g. a pool of 30 IPs, its currently using 1.. I'd love the router to even round robin the use of IPs out of the pool but I can't play with the config to try it (live environment) and can't find any documentation online explaining exactly what I need NAT to do/not do :( Thanks, Em :) Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=60663&t=60663 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Load Balancing Firewalls [7:59183]
On the 3600's, for ethernets connecting the PIX and the routers use HSRP. Give the Pix's the default gateway of the HSRP adress. Then use BGP on the serial interfaces of 3600's to peer with your provider. ""Brian Zeitz"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > OK I figured this one out with some help :) I just need to get the 4 > Port DMZ card and designate two of the interfaces as IN using security > levels. The failover has a DMZ card too, so I can failover all 4 > interfaces in an emergency. Plus 1 Port for the failover. > > Thanks to the people helping me offline, these scenarios are getting > really complex. My next task is figuring how to take two T1s and make > them act as a single unit while providing redundancy. > > Thanks :) > > -Original Message- > From: Brian Zeitz > Sent: Friday, December 13, 2002 2:02 PM > To: [EMAIL PROTECTED] > Subject: RE: Load Balancing Firewalls [7:59183] > > Actually, management change the diagram on me :( > > T1--->3640--->515UR with failover > T1--->3640--->^ > > Both T1s going into a single 515UR with a standby unit. > > I figured out the first scenario, I just thought of it as it as being in > different locations and use global load balancing on the LBs. > > This second scenario I don't know if it is possible, I would have 2 IPs > coming from the e0/0 on the router, into only 1 Pix interface which I > don't know if it is possible > > > -Original Message- > From: Brian Zeitz > Sent: Friday, December 13, 2002 12:03 PM > To: [EMAIL PROTECTED] > Subject: Load Balancing Firewalls [7:59183] > > I have just been given the task of setting up a website with load > balancing. > > > > > > T1 ---> 3640>Pix 515 UR+4E-->Load balancer > > T1 ---> 3640--->Pix 515 UR+4E>Load balancer > > > > The Pix 515 are separate full units, I got another on because I know you > cannot use the failover as an active unit. > > > > My load balancers are not active/active. But if I use them separately, > they can run independently. > > > > I need to run just one website like www.mydomain.com > > > > > My managers would like both T1s to be used, but can also act as a > failover. > > > > Can anyone give me any pointers or tell me of any pitfalls before I dive > into this task? > > > > I thought about HSRP, would this work if I had redundant firewalls? Can > you cluster pix firwalls? I don't think you can, I wish I could. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=59474&t=59183 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Load Balancing Firewalls [7:59183]
OK I figured this one out with some help :) I just need to get the 4 Port DMZ card and designate two of the interfaces as IN using security levels. The failover has a DMZ card too, so I can failover all 4 interfaces in an emergency. Plus 1 Port for the failover. Thanks to the people helping me offline, these scenarios are getting really complex. My next task is figuring how to take two T1s and make them act as a single unit while providing redundancy. Thanks :) -Original Message- From: Brian Zeitz Sent: Friday, December 13, 2002 2:02 PM To: [EMAIL PROTECTED] Subject: RE: Load Balancing Firewalls [7:59183] Actually, management change the diagram on me :( T1--->3640--->515UR with failover T1--->3640--->^ Both T1s going into a single 515UR with a standby unit. I figured out the first scenario, I just thought of it as it as being in different locations and use global load balancing on the LBs. This second scenario I don't know if it is possible, I would have 2 IPs coming from the e0/0 on the router, into only 1 Pix interface which I don't know if it is possible -Original Message- From: Brian Zeitz Sent: Friday, December 13, 2002 12:03 PM To: [EMAIL PROTECTED] Subject: Load Balancing Firewalls [7:59183] I have just been given the task of setting up a website with load balancing. T1 ---> 3640>Pix 515 UR+4E-->Load balancer T1 ---> 3640--->Pix 515 UR+4E>Load balancer The Pix 515 are separate full units, I got another on because I know you cannot use the failover as an active unit. My load balancers are not active/active. But if I use them separately, they can run independently. I need to run just one website like www.mydomain.com My managers would like both T1s to be used, but can also act as a failover. Can anyone give me any pointers or tell me of any pitfalls before I dive into this task? I thought about HSRP, would this work if I had redundant firewalls? Can you cluster pix firwalls? I don't think you can, I wish I could. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=59297&t=59183 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Load Balancing Firewalls [7:59183]
Actually, management change the diagram on me :( T1--->3640--->515UR with failover T1--->3640--->^ Both T1s going into a single 515UR with a standby unit. I figured out the first scenario, I just thought of it as it as being in different locations and use global load balancing on the LBs. This second scenario I don't know if it is possible, I would have 2 IPs coming from the e0/0 on the router, into only 1 Pix interface which I don't know if it is possible -Original Message- From: Brian Zeitz Sent: Friday, December 13, 2002 12:03 PM To: [EMAIL PROTECTED] Subject: Load Balancing Firewalls [7:59183] I have just been given the task of setting up a website with load balancing. T1 ---> 3640>Pix 515 UR+4E-->Load balancer T1 ---> 3640--->Pix 515 UR+4E>Load balancer The Pix 515 are separate full units, I got another on because I know you cannot use the failover as an active unit. My load balancers are not active/active. But if I use them separately, they can run independently. I need to run just one website like www.mydomain.com My managers would like both T1s to be used, but can also act as a failover. Can anyone give me any pointers or tell me of any pitfalls before I dive into this task? I thought about HSRP, would this work if I had redundant firewalls? Can you cluster pix firwalls? I don't think you can, I wish I could. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=59187&t=59183 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Load Balancing Firewalls [7:59183]
I have just been given the task of setting up a website with load balancing. T1 ---> 3640>Pix 515 UR+4E-->Load balancer T1 ---> 3640--->Pix 515 UR+4E>Load balancer The Pix 515 are separate full units, I got another on because I know you cannot use the failover as an active unit. My load balancers are not active/active. But if I use them separately, they can run independently. I need to run just one website like www.mydomain.com My managers would like both T1s to be used, but can also act as a failover. Can anyone give me any pointers or tell me of any pitfalls before I dive into this task? I thought about HSRP, would this work if I had redundant firewalls? Can you cluster pix firwalls? I don't think you can, I wish I could. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=59183&t=59183 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Load balancing and time out setting [7:59059]
Dear Group ,=20 Is it possible to achieve the timeout of any link outage connected = between two routers across the 2 WAN locations not to exceed more then = 200ms. (application requirement). One of my customer has a setup of 2 sites connected with 4 E1 links (2 x = routers =3D 3700 and 2 MBPS x 2 nos. terminated on Each one of them). = Can we implement some sort of load balancing which can take care of this = ?? Many thanks in advance Thanks n regds Hitesh [GroupStudy.com removed an attachment of type image/jpeg which had a name of Glacier Bkgrd.jpg] DISCLAIMER: Information contained and transmitted by this E-MAIL is proprietary to Wipro Limited and is intended for use only by the individual or entity to which it is addressed, and may contain information that is privileged, confidential or exempt from disclosure under applicable law. If this is a forwarded message, the content of this E-MAIL may not have been sent with the authority of the Company. If you are not the intended recipient, an agent of the intended recipient or a person responsible for delivering the information to the named recipient, you are notified that any use, distribution, transmission, printing, copying or dissemination of this information in any way or in any manner is strictly prohibited. If you have received this communication in error, please delete this mail & notify us immediately at [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=59059&t=59059 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: HSRP VLAN Load Balancing [7:56689]
Dale Kling wrote: > Is there another way to do this? Don't know about easier, (haven't had a chance to play with this in the lab yet) but Cisco has recently announced Gateway Load Balancing Protocol, (GLBP) for balancing first-hop gateways. I found a quick white-paper on the topic. Hope it helps give you a quick idea about whether it will fill you needs. http://www.cisco.com/warp/public/cc/pd/iosw/prodlit/glbpd_ds.htm --Wes Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=56808&t=56689 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: HSRP VLAN Load Balancing [7:56689]
Do not add the preempt command to the standby device that you want to loose the election because they will force an election that they will eventually loose. Second add a preempt delay to the device that you want to win the election after a reload. This will allow them an opportunity to build there routing tables and initialize any other services before they take over the active role. I also set the device I want to be in standby to a priority of 150 and the device I want to be active to 200. This give me more room to make changes the the roles at a later date with more range to work in. I also chose numbers above the default priority of 100 on purpose. Cat1: Interface Vlan 5 ip address 150.50.5.5 255.255.255.0 standby 1 ip 150.50.5.100 standby 1 priority 150 standby 2 ip 150.50.5.200 standby 2 priority 200 preempt delay 90 Cat2: Interface Vlan 5 ip addres 150.50.5.10 255.255.255.0 standby 1 ip 150.50.5.100 standby 1 priority 200 preempt delay 90 standby 2 ip 150.50.5.200 standby 2 priority 150 Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=56704&t=56689 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: HSRP VLAN Load Balancing [7:56689]
That is the way I used to do it at the ISP I used to work at...before the layoffs...We had two 6509's linked together in a full-mesh and used a cfg similar to what you have. If there is another way. I'd be interested in finding out about it. HTH's Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=56691&t=56689 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
HSRP VLAN Load Balancing [7:56689]
Here's a scenario I've been faced with recently and have a solution, but wanted to get any other ideas somebody might have. The question calls for this: - Configure cat1 and cat2 for layer 3 redundancy with HSRP for Vlan 5 - Configure HSRP such that when both cat switches are available, traffic is load balanced across both cat switches and when one is unavailable, the other cat should take over all traffic from Vlan 5. Here's my configuration idea: Cat1: Interface Vlan 5 ip address 150.50.5.5 255.255.255.0 standby 1 ip 150.50.5.100 standby 1 priority 150 preempt standby 2 ip 150.50.5.200 standby 2 priority 155 preempt Cat2: Interface Vlan 5 ip addres 150.50.5.10 255.255.255.0 standby 1 ip 150.50.5.100 standby 1 priority 155 preempt standby 2 ip 150.50.5.200 standby 2 priority 150 preempt Cat1 will assume the role of the virtual IP 150.50.5.100 and Cat2 will assume the role of virtual IP 150.50.5.200. One would then configure the default gateways on the hosts. Half the hosts have 150.50.5.100 listed first as the D.G. and the other half would have 150.50.5.200 listed first as the D.G. Is there another way to do this? Thanks, Dale Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=56689&t=56689 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Windows Load balancing [7:56244]
Duncan Wallace wrote: > > Has anyone had any experience in implementing Windows load > balancing a > server cluster ? I have always used hardware based load > balancers so I > am somewhat new to the MS flavor. I have a 2621 router and I am > wondering if it is capable of the following. The text that you copied and pasted says what you'll have to do, which is create a static ARP that points to a multicast address. Cisco does support this, by the way. See here: charlotte(config)#arp ? A.B.C.D IP address of ARP entry charlotte(config)#arp 10.10.0.3 ? H.H.H 48-bit hardware address of ARP entry charlotte(config)#arp 10.10.0.3 0101.0101.0101 ? arpa ARP type ARPA sap ARP type SAP (HP's ARP type) smds ARP type SMDS snap ARP type SNAP (FDDI and TokenRing) charlotte(config)#arp 10.10.0.3 0101.0101.0101 arpa charlotte(config)#end charlotte# %SYS-5-CONFIG_I: Configured from console by console charlotte#show run Building configuration... Current configuration: ! version 11.0 service udp-small-servers service tcp-small-servers ! hostname charlotte ! interface Ethernet0 ip address 10.10.0.2 255.255.255.0 ! interface Serial0 ip address 192.168.40.2 255.255.255.0 encapsulation frame-relay ! arp 10.10.0.3 0101.0101.0101 ARPA ! line con 0 line aux 0 transport input all line vty 0 4 password cisco login ! end It does seem like a strange solution though, and strange solutions often mean you'll encounter bugs or other problems, so do keep us posted on how it goes. Thanks. ___ Priscilla Oppenheimer www.troubleshootingnetworks.com www.priscilla.com > This is just some > preliminary information gathering, so I thought I would throw > it out to > the group while I do my own research. > What Windows 2000 Advanced Server says: > If Network Load Balancing clients are accessing a cluster > through a > router when the cluster has been configured to operate in > multicast > mode, be sure that the router meets the following requirements: > * Accepts an ARP > P> reply that has one MAC address > C_address> in the payload of the ARP structure but appears to > arrive > from a station with another MAC address, as judged by the > Ethernet > header > * In multicast mode, accepts an ARP reply that has a multicast > MAC > address in the payload of the ARP structure > This allows the router to map the cluster's > r's_primary_IP_address> primary IP address and other > ltihomed_computer> multihomed addresses to the corresponding MAC > address. If your router does not meet these requirements, you > can also > create a static ARP entry in the router. Cisco routers require > a static > ARP entry because they do not support the resolution of unicast > IP > addresses to multicast MAC addresses > lticast_MAC_address> . > > > Thanks in advance, > > Duncan Wallace > [EMAIL PROTECTED] > > Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=56328&t=56244 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Windows Load balancing [7:56244]
I have been playing with them all for awhile now (F5, Alteon, Local Director, Etc.). I finally settled on Alteons products (I like the hardware based products). Unfortunately, I have a side contract, and they are concrete on using Windows Load balancing...Wait 'til they see the licensing on multiple Adv. Servers. I'll let you know how it turns out. As for the Alteon, Easy to setup and use and monitor. Good tech support too. Thanks, Duncan Wallace 12835 SW Thunderhead Way Beaverton, Or. 97008 503-646-5707 [EMAIL PROTECTED] -Original Message- From: John Chang [mailto:johnec@;umich.edu] Sent: Thursday, October 24, 2002 3:50 PM To: Duncan Wallace Subject: Re: Windows Load balancing [7:56244] I read through MS's info on it and I thought it was chatty and wouldn't want to put it on a separate network. Use 2 nics, 1 for load balancing chatter. What hardware load balancing device have you used and how well did it work and how much approximately? Any I should stay away from? Thanks! At 08:48 PM 10/24/2002 +, Duncan Wallace wrote: >Has anyone had any experience in implementing Windows load balancing a >server cluster ? I have always used hardware based load balancers so I >am somewhat new to the MS flavor. I have a 2621 router and I am >wondering if it is capable of the following. This is just some >preliminary information gathering, so I thought I would throw it out to >the group while I do my own research. >What Windows 2000 Advanced Server says: >If Network Load Balancing clients are accessing a cluster through a >router when the cluster has been configured to operate in multicast >mode, be sure that the router meets the following requirements: >* Accepts an ARP > reply that has one MAC address > in the payload of the ARP structure but appears to arrive >from a station with another MAC address, as judged by the Ethernet >header >* In multicast mode, accepts an ARP reply that has a multicast MAC >address in the payload of the ARP structure >This allows the router to map the cluster's > primary IP address and other > multihomed addresses to the corresponding MAC >address. If your router does not meet these requirements, you can also >create a static ARP entry in the router. Cisco routers require a static >ARP entry because they do not support the resolution of unicast IP >addresses to multicast MAC addresses > . > > >Thanks in advance, > >Duncan Wallace >[EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=56253&t=56244 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Windows Load balancing [7:56244]
Has anyone had any experience in implementing Windows load balancing a server cluster ? I have always used hardware based load balancers so I am somewhat new to the MS flavor. I have a 2621 router and I am wondering if it is capable of the following. This is just some preliminary information gathering, so I thought I would throw it out to the group while I do my own research. What Windows 2000 Advanced Server says: If Network Load Balancing clients are accessing a cluster through a router when the cluster has been configured to operate in multicast mode, be sure that the router meets the following requirements: * Accepts an ARP reply that has one MAC address in the payload of the ARP structure but appears to arrive from a station with another MAC address, as judged by the Ethernet header * In multicast mode, accepts an ARP reply that has a multicast MAC address in the payload of the ARP structure This allows the router to map the cluster's primary IP address and other multihomed addresses to the corresponding MAC address. If your router does not meet these requirements, you can also create a static ARP entry in the router. Cisco routers require a static ARP entry because they do not support the resolution of unicast IP addresses to multicast MAC addresses . Thanks in advance, Duncan Wallace [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=56244&t=56244 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Right apporach for HSRP with spantree load balancing [7:55579]
Is it the right approach to do spantree-load balancing with HSRP redundancy I have 4 users Vlans tied to subnets, vlan 10 172.16.10.0 vlan 11 172.16.11.0vlan 20 172.16.20.0 vlan 21 172.16.21.0 Server Farm Vlans vlan 101 172.16.101.0vlan 102 172.16.102.0 users vlans are connected back to (2) 6509 switches as well as server farms vlans. All of the ports between the switches will be trunk ports USER'S VLANS (1) 6509 (2) 6509set spantree root 10 20 set spantree root 11 21 set spantree root 11 21 secondary set spantree root 10 20 secondary int vlan 10 int vlan 10ip address 172.16.10.2 255.255.255.0 ip address 172.16.10.3 255.255.255.0 standby 1 ip 172.16.10.1 preempt standby 1 ip 172.16.10.1standby 1 priority 110 standby 1 priority 100 int vlan 20 int vlan 20ip address 172.16.20.2 255.255.255.0 ip address 172.16.20.3 255.255.255.0stand! by 2 ip 172.16.20.1 preemptstandby 2 ip 172.16.20.1standby 2 priority 110 standby 2 priority 100 int vlan 11 int vlan 11ip address 172.16.11.2 255.255.255.0 ip address 172.16.11.3 255.255.255.0standby 3 ip 172.16.11.1standby 3 ip 172.16.11.1 preempt standby 3 priority 100 standby 3 priorty 110 int vlan 21 int vlan 21ip address 172.16.21.2 255.255.255.0 ip address 172.16.21.3 255.255.255.0standby 4 ip 172.16.21.1 standby 4 ip 172.16.21.1 preempt standby 4 priority 100 ! standby 4 priority 110 For the server farm vlans: (1) 6509 (2) 6509set spantree root 101 set spantree root 102set spantree root 102 secondary set spantree root 101 secondary int vlan 101 int vlan 101 ip address 172.16.101.2 255.255.255.0ip address 172.16.101.3 255.255.255.0standby 5 ip 172.16.101.1 preempt standby 5 ip 172.16.101.1standby 5 priority 110 standby 5 priority 100 int vlan 102 int vlan 102 ip address 172.16.102.1 255.255.255.0! ip address 172.16.102.3 255.255.255.0standby 6 ip 172.16.102.1 standby ip address 172.16.102.1 preemptstandby 6 priority 100 standby 6 priority 110 I will also connect 6509 switches together as trunk ports. Any thoughts? Teza Join Excite! - http://www.excite.com The most personalized portal on the Web! Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=55579&t=55579 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
HSRP with Spanning Tree Load Balancing [7:55428]
Is it possible to do HSRP, not MHSRP with VLAN-Spanning Tree Load balancing. I have multiple VLANS, each Vlan/Subnet assigned to the IDF. IDF switches then connect to (2) 6500 backbone switches that is also performing routing/layer 3. I know I can do vlan load balancing by making odd vlans to take (1) 6509 route and even vlans to take (2) 6509 path to reach the server farms. On top of it, I also want to implement HSRP just for the redundancy purpose. If one of the back bone switches goes down, layer 2 will not be affected, but users default gateway will have to be changed to point to the other backbone switch. HSRP is the only option to avoid that. Someone said HSRP can't run in parallel with vlan-spanning tree load balancing. Thanks Az Join Excite! - http://www.excite.com The most personalized portal on the Web! Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=55428&t=55428 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: VLAN Load Balancing [7:55411]
issue the command ..set spantree root vlan x,x,x set spantree root sec vlan x,x,x you dont need to adjust the priorities.. I had that in my data center until recently when I went to layer 3 design only...I got tired of spantree issues taking down servers... Good luck with it.. Larry Letterman Network Engineer Cisco Systems Inc. -Original Message- From: [EMAIL PROTECTED] [mailto:nobody@;groupstudy.com]On Behalf Of Azhar Teza Sent: Friday, October 11, 2002 12:53 PM To: [EMAIL PROTECTED] Subject: VLAN Load Balancing [7:55411] If I have multiple VLANS for example 10,20,30 on 1st, 2nd, and 3rd floors respectivley and VLANS 11,21,31 on 4th, 5th, 6th floors. All of the floor switches are connected to (2) 6509 switches. The server farms have vlans 40 and 50 and hanging off on two seperate switches 3548. Each has its own VLANS. They are also connected to (2) 6509 swithes. 6509s are doing all the routing. Each Vlan is tied to a unique subnet. In order for me to do VLAN Load balancing: I could make (1) 6509 as root bridge for vlans 10, 20, and 30 and secondary root bridge for VLANS 11,21,31 and vice versa for(2) 6509 as a root bridge for vlans 11,21,31 and secondary root bridge for vlans 10,20, and 30. When I do the set commands, for example on (1) 6509, I would do "SET SPANTREE PRIORITY 100 10 20 30""SET SPANTREE PRIORITY 200 11,21, 31" On (2) 6509, "SET SPANTREE PRIORITY 100 11,21, 31""SET SPANTREE PRIORITY 200 10,20,30" The question was do I also need to include VLANS 40 and 50 (The server farm VLANS) in those above commands. Regards, Teza Join Excite! - http://www.excite.com The most personalized portal on the Web! Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=55415&t=55411 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
VLAN Load Balancing [7:55411]
If I have multiple VLANS for example 10,20,30 on 1st, 2nd, and 3rd floors respectivley and VLANS 11,21,31 on 4th, 5th, 6th floors. All of the floor switches are connected to (2) 6509 switches. The server farms have vlans 40 and 50 and hanging off on two seperate switches 3548. Each has its own VLANS. They are also connected to (2) 6509 swithes. 6509s are doing all the routing. Each Vlan is tied to a unique subnet. In order for me to do VLAN Load balancing: I could make (1) 6509 as root bridge for vlans 10, 20, and 30 and secondary root bridge for VLANS 11,21,31 and vice versa for(2) 6509 as a root bridge for vlans 11,21,31 and secondary root bridge for vlans 10,20, and 30. When I do the set commands, for example on (1) 6509, I would do "SET SPANTREE PRIORITY 100 10 20 30""SET SPANTREE PRIORITY 200 11,21, 31" On (2) 6509, "SET SPANTREE PRIORITY 100 11,21, 31""SET SPANTREE PRIORITY 200 10,20,30" The question was do I also need to include VLANS 40 and 50 (The server farm VLANS) in those above commands. Regards, Teza Join Excite! - http://www.excite.com The most personalized portal on the Web! Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=55411&t=55411 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: BGP and Load Balancing [7:54297]
Yes, BGP selects only one best bath. The default for BGP is one path, the default for other routing protocols is four paths. However, in some cases you would like to change this for BGP and this can be acheived using " maximum-paths" command. The BGP selection process is a series of qualifing steps and if still two routes were equal then as I recall in step 9( Not sure of the step number) if you are enabling the maximum-paths command both routes will be accepted in the routing table. BTW: This is very unlikely used and most of those using BGP prefer using other methods to acheive load-balancing rather than using the "maximum-paths" command. Regarding static routes, they don't have the wealth of attributes that BGP has, so if more than one static route is configured to reach a destination (for example two default routes to different interfaces )they will be used on a round-robin basis if process switching is enabled. If fast-switching is used (default) then load-balancing over these equal static routes will be per destination not per packet like process switching. Keep in mind that this load-balancing done using via static-routes only concerns upstream traffic and has nothing to do with downstream traffic. HTH, Yasser >From: "Abu Mwalie" > >Hi All, > >It is not very clear to me still regarding BGP, Static Routes and Load >Balancing!! > >Can any one out there shed some light!! BGP selects only one path, is it >not? But that load-balancing can be achieved through static routes?? > >Thanks!! > > misconduct and Nondisclosure violations to [EMAIL PROTECTED] Join the worlds largest e-mail service with MSN Hotmail. Click Here Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=54304&t=54297 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: BGP and Load Balancing [7:54297]
BGP has the option max-paths which allows to have multiple paths. If it is ebgp we can also achieve this with ebgp multi-hop.wheather it is max-paths or multi-hop or static routes most of the time CEF is the ultimate that influence the interface switching. CEF FIB table will be calculated based on the routing table.CEF has limitation of 8 paths so one can have only maximum 8 paths at any given time. BGP is preferred when there is a need for dynamic routing updates and policy changes. If the situation is in small environment and static, there are the cases where static routes are preferred considering the systems rources and router configuration complexties. HTH J. Abu Mwalie wrote:Hi All, It is not very clear to me still regarding BGP, Static Routes and Load Balancing!! Can any one out there shed some light!! BGP selects only one path, is it not? But that load-balancing can be achieved through static routes?? Thanks!! Do you Yahoo!? New DSL Internet Access from SBC & Yahoo! Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=54303&t=54297 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]