Mar 23, 2013

Cisco Load Balancing Scenario


Objective
  •  Maipu 1800 CPE router need to perform load balancing in between two outgoing interfaces F0 and F1
  •  If one WAN link is down, then another wan link will be primary, vice versa.
  • As the faulty link is restored, Both WAN link should do load balancing for LAN traffic.


Topology 


Description 
Load Balancing
Load balancing is based on a combination of source and destination packet information; it allows you to optimize resources by distributing traffic over multiple paths for transferring data to a destination. You configure load balancing on outbound interfaces on a per-destination or per-packet basis.

Types Load balancing – Per destination load balancing and Per packet load balancing.

   Per-Destination and Per-Packet

Per-destination load balancing allows the router to distribute packets based on the destination address, and uses multiple paths to achieve load sharing. Packets for a given source-destination host pair are guaranteed to take the same path, even if multiple paths are available. For example, given two paths to the same network, all packets for destination1 on that network go over the first path, all packets for destination2 on that network go over the second path, and so on. Per-destination load balancing is enabled by default when you start the router, and is the preferred load balancing for most situations.
Per-packet load balancing allows the router to send successive data packets over paths without regard to individual hosts or user sessions. It uses the round-robin method to determine which path each packet takes to the destination. With per-packet load balancing enabled, the router sends one packet for destination1 over the first path, the second packet for (the same) destination1 over the second path, and so on. Per-packet load balancing ensures balancing over multiple links.
Although path utilization with per-packet load balancing is beneficial, packets for a given pair of source-destination hosts might take different paths. This means that per-packet load balancing can introduce reordering of packets. This load balancing method would be inappropriate for certain types of data traffic (such as voice traffic over IP) that depend on packets arriving at the destination in sequence.
Use per-packet load balancing to ensure that a path for a single source-destination pair does not get overloaded. If the bulk of data passing through parallel links is for a single pair, per-destination load balancing overloads a single link while other links have very little traffic. Enabling per-packet load balancing allows you to use alternate paths to the same busy destination.

Devices used in Testing 
Maipu 1800-22-AC

IOS Details 

Main Configuration:

interface fastethernet0
 description ### ISP1 ###
 ip address 100.1.1.1 255.255.255.252
 keepalive gateway 100.1.1.2
 exit

interface fastethernet0
 description ### ISP2 ###
 ip address 200.1.1.1 255.255.255.252
 keepalive gateway 200.1.1.2
 exit



interface vlan1
 description ### LOCAL LAN ###
 ip address 201.1.1.1 255.255.255.0
 exit

ip route 0.0.0.0 0.0.0.0 100.1.1.2
ip route 0.0.0.0 0.0.0.0 200.1.1.2


Output 
Show ip route
router#sh ip route
S   0.0.0.0/0 [1/100] via 100.1.1.2, 0:01:10, fastethernet0
S   0.0.0.0/0 [1/100] via 200.1.1.2, 0:01:04, fastethernet1

Notes 
  • By default per destination load balancing will work.
  • To configure per packet load balancing
    • router(config)#ip load-sharing per-packet
  • After above configuration, load balancing will work per packet basis.
  • As F0 (ISP-1) link is down, all LAN traffic will take F1 as primary path, vice versa.
  • After faulty link restored, Traffic will be again go with configured load balancing algorithm. 
d    Hope this testing report will help you in live network implementations. 

Read more »

How to Time-based, Inbound Rate Limiting


Slaptijack reader Raj is looking for a way to limit inbound traffic on his switch ports based on the time of day. Specifically, he wants to restrict speed to 256 Kbps between 9 AM and 9 PM, and allow up to 1 Mbps the rest of the day. I've done something similar to this in the past, but with only one restriction, not two. Hopefully, this configuration will work!
Note: This post is based on the work of a previous post on Cisco Catalyst rate limiting. Although I know that this will work in some cases, it may not work in yours. In other words, your mileage may vary.

Raj, the key to time-based rate limiting is to use the time range command built into IOS. In your case, we want to define the time range from 9 AM to 9 PM:
time-range DAILY-0900-2100
 periodic daily 7:00 to 21:00
Next, we need our access lists:
ip access-list extended ACL-0900-2100
 permit ip any any time-range DAILY-0900-2100
ip access-list extended ACL_ALL_HOURS
 permit ip any any
And now our class maps to define which traffic to match:
class-map match-all 256K
 match access-group name ACL-0900-2100
class-map match-all 1M
 match access-group name ACL_ALL_HOURS
And finally, our policy map:
policy-map POLICY-IN
 class 256K
  police 256000 8000 exceed-action drop
 class 1M
  police 1000000 12500 exceed-action drop
Put it all together, and it looks like this:
time-range DAILY-0900-2100
 periodic daily 7:00 to 21:00
!
ip access-list extended ACL-0900-2100
 permit ip any any time-range DAILY-0900-2100
ip access-list extended ACL_ALL_HOURS
 permit ip any any
!
class-map match-all 256K
 match access-group name ACL-0900-2100
class-map match-all 1M
 match access-group name ACL_ALL_HOURS
!
policy-map POLICY-IN
 class 256K
  police 256000 8000 exceed-action drop
 class 1M
  police 1000000 12500 exceed-action drop

Read more »

How to Inbound Rate Limiting on Cisco Catalyst Switches

If you need to limit the inbound bandwidth of a switch port on a Cisco Catalyst, the key is in the QoS configuration.
This particular configuration was done on a Cisco Catalyst 2960.

As I mentioned, the key is QoS. The first thing you need to do is globally enable QoS with the mls qos configuration command. Once this command is enabled, QoS is enabled on all ports with default settings.
Next, we'll need an access-list to match traffic on. In this example, we are going to police all traffic coming through the switch port, so our access-list will match all IP addresses.
ip access-list extended ACL_SLAP
 permit ip any any

A class map is necessary to classify our traffic. 
class-map match-all CLASS_SLAP
  match access-group name ACL_SLAP

The policy map dictates what we want done to the traffic class previously defined. The police configuration command sets our rate limit in this example to 8 Mbps the a burst size of 100 KB. The burst size is the trickiest part of this command. If the burst is set too low, your traffic will not be able to approach the maximum allowed throughput do to packet drops.
Because TCP window scaling halves the window size for each dropped packet, it's important to set the burst size at a level that doesn't impact performance. The rule of thumb is that the burst size should be double the amount of traffic sent at the maximum rate at a given round-trip time. In this example, I assumed a round-trip time of 50 ms which results in a burst size of 100 KB.
policy-map POLICY_SLAP
  class CLASS_SLAP
    police 8000000 100000 exceed-action drop

Finally, apply the policy-map to the switch port with the service-policy configuration command.
interface GigabitEthernet0/2
 service-policy input POLICY_SLAP

And now you're done. In our example, we configured a switch port to only allow inbound traffic at 8 Mbps. We won't be able to truly max the 8 Mbps, but we should come close.

This is the full text rate limiting example
mls qos

ip access-list extended ACL_SLAP
 permit ip any any
 
class-map match-all CLASS_SLAP
  match access-group name ACL_SLAP

policy-map POLICY_SLAP
  class CLASS_SLAP
    police 8000000 100000 exceed-action drop

interface GigabitEthernet0/2 
 service-policy input POLICY_SLAP 

Read more »

Mar 17, 2013

How to enable routing on a 2960 series?

Your 2960 need to run IOS Version 12.2.55 or higher to enable lanbase-routing
To enable routing we need two things. Firstly activate the functionality sdm prefer lanbase-routing and subsequently enable ip routing.


You need to reload for the change to take place.
After the system reload, you can use the show sdm prefer command to verify the change.


An example of routing between vlan.


Now if you ping from the vlan 1 to the vlan 2 it should work. 

Read more »

Subscribe to: Posts (Atom)