Per-Packet Load Balancing over VPN

Discussion in 'Cisco' started by derSchweiz, Nov 12, 2006.

  1. derSchweiz

    derSchweiz Guest

    I am wondering if it would be possible to have one router at each site and
    connect them to two modems each and establish IPSEC tunnel interfaces
    through each of the modems to the other site and do equal cost per-packet
    load balancing i.e. the "no ip route cache" command through the tunnel
    interfaces to get higher bandwidth between the two sites.

    LAN---[Cisco Router]---Modem1A=======Tunnel0=========Modem1B---[Cisco

    derSchweiz, Nov 12, 2006
    1. Advertisements

  2. derSchweiz

    Charlie Root Guest

    If you decide for per-packet load-balancing, then it's still better to do it
    with CEF. Instead of 'no ip route-cache' use 'ip load-sharing per-packet'
    and be sure to enable CEF.
    It should be enough to ensure per packet load-sharing is done for tunnel
    itself - everything what's inside tunnel will inherit load-sharing. So all
    you need is to specify two equal cost routes for tunnel destination at each

    Charlie Root, Nov 12, 2006
    1. Advertisements

  3. I'm not sure that's a good idea. IPSec traffic is fairly order
    sensitive because of the anti-replay features, so unless the paths
    are the same length to within a very small tolerance, you would end
    up with the routers seeing the packets out of order, which would
    not be good for performance.
    Walter Roberson, Nov 12, 2006
  4. derSchweiz

    Bod43 Guest

    My understanding is that the "no ip route-cache" has no influence on
    load balancing occurs or not.

    My model is:-

    ip route-cache

    Enable fast switching which occurs as long as no other enabled features
    or circumstances prevant the router doing fast switching.

    ip route-cache cef simililarly enables cef fast switching as long as
    <repeats above> no other enabled features
    or circumstances prevant the router doing cef switching

    Depending I suspect very much on feature set and version
    for example I seem to recall that certain policy routing disabled
    fast switching.

    For me this has always been one of the scary bits with Cisco.
    My idea was that it was almost impossible to be sure in a
    complex configuration whether fast switching would work or
    not without testing. Now I think that it is quite hard to
    end up process switching but I am still wary of this issue.
    Bod43, Nov 12, 2006
  5. derSchweiz

    Charlie Root Guest

    It does - with route-cache disabled, the router will perform process
    switching using route lookup for every single packet. Internally Cisco
    routers keep track of last_route_used/next_route_to_use, so route lookup
    will every time return next route to use. If there is only one route, then
    there's nothing to choose from, but with multiple routes effectively it
    results in per-packet load sharing. This is however expensive route, so
    performance is penalized. Since cef supports both per-destination and
    per-packet load sharing, there is no reason to disable route cache.

    Charlie Root, Nov 12, 2006
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.