etherchannel load-balancing and unpredictability

Discussion in 'Cisco' started by pfisterfarm, Jul 19, 2011.

  pfisterfarm

    pfisterfarm Guest

    I have a question regarding etherchannel load balancing. I've got a
    4507R switch connected to a 3560 switch by means of two content
    filters which are acting as transparent bridges. The two ports on each
    side that the content filters are connected to are set up as access
    ports and are in an etherchannel. The load balancing method on each
    switch is set to src-dst-ip. I was under the impression that each pair
    of source and destination ip address would select exactly one content
    filter no matter which direction.

    I've been told that this can be 'unpredictable' and may cause
    assymetric flows. The algorithm seems fairly straightforward to me. I
    don't see where the unpredictability can come in. Can someone explain
    to me what I'm missing?
    pfisterfarm, Jul 19, 2011
  Scott Lowe

    Scott Lowe Guest

    First the disclaimer: I'm no expert.

    Now, having said that, I can see where the flows could end up
    asymmetric; the hash in one direction might select Content Filter A
    while the hash in the opposite direction could select Content Filter B.
    However, I can't see where the behavior wouldn't be deterministic,
    meaning that for any given source-destination IP address the same path
    would be chosen every single time. Even if the path selection is
    deterministic, that still doesn't rule out asymmetric behaviors.
    Scott Lowe, Jul 23, 2011
  Stephen

    Stephen Guest

    the way the hash works on different cisco devices varies by pl;atform.

    the hardware dictates exactly what happens - for example Cat 6500s
    hash the XOR of dest + source IP value into 8 buckets, then map those
    buckets onto the active set of links.

    since the mapping is not visible, and may use the line ID or other
    inivisble values, 1 stream will use the same port, so maintaining FIFO
    for the stream.

    but - it isnt necessarily predictable which port, and if links bounce
    etc, it may not stay as the same port.......

    since this happens independently at each switch, you have around 50%
    chance any 1 conversation will have both directions of flow over the
    same pipe - which will upset a firewall and possibly your content

    Of course if your content filters are "1 directional", so just care
    that a stream of packets has certain values, and doesnt need to see
    any return traffic, then that doesnt matter.

    the load balance gospel according to cisco, (but not necessarily up to
    date, since it goes on about Fast Eth ports)
    Stephen, Jul 24, 2011
