dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
2296
share rss forum feed


DarkLogix
Texan and Proud
Premium
join:2008-10-23
Baytown, TX
kudos:3

HSRP question

is one of the HSRP or VSRP (or such) able to do load balancing or are they only able to do failover?

also can it be done on a NME-16ES-1G-P running the EMI IOS?


tubbynet
reminds me of the danse russe
Premium,MVM
join:2008-01-16
Chandler, AZ
kudos:1

1 recommendation

said by DarkLogix:

is one of the HSRP or VSRP (or such) able to do load balancing or are they only able to do failover?

these are known as first hop redundancy protocols. a quick google with the right terms will give you a comparison.

also can it be done on a NME-16ES-1G-P running the EMI IOS?

»www.cisco.com/go/fn

q.
--
"...if I in my north room dance naked, grotesquely before my mirror waving my shirt round my head and singing softly to myself..."


RyanG1
Premium
join:2002-02-10
San Antonio, TX
kudos:1
reply to DarkLogix
the only way i see HSRP being used for load balancing is something like:

router A:
ip 192.168.1.3
VIP 192.168.1.1

router B:
ip 192.168.1.4
VIP 192.168.1.2

Half of the subunet uses the gateway of .1 and the other half uses .2.

Something like this is not really practical though... you would want to look into GLBP (gateway load balancing protocol).

Ryan
--
Human beings, who are almost unique in having the ability to learn from the experience of others, are also remarkable for their apparent disinclination to do so. -Douglas Adams


tubbynet
reminds me of the danse russe
Premium,MVM
join:2008-01-16
Chandler, AZ
kudos:1
said by RyanG1:

the only way i see HSRP being used for load balancing...

there are differences in the application around nexus.
this is due to the fact that with multipathing layer-2 technologies (fabricpath, vpc/vpc+) running over a distributed control-plane (i.e. not vss/stacking) -- you can't always guarantee that your packet will hit the "active" device when you're using layer-2 port-channeling or fabricpath (isis mac routing).

because of this -- nexus devices running layer-3 will have the hsrp v-mac set with the 'gateway' flag, regardless of whether you're 'active' or 'standby'. this devices will also forward traffic. with the use of 'peer-gateway' under the vpc domain, each switch will not only have the 'gateway' flag set for the vmac, but also for the peers phy-mac for the vlan interface (i.e. the switch will "proxy-respond" on behalf of its peer).

however -- in this regard -- hsrp isn't loadbalancing -- its simply actively forwarding all packets regardless of control-plane state. the layer-2 mechanism (vpc/vpc+ or fabricpath) is performing the layer-2 pathing so you'd need to tweak your distribution algorithm there if the "spray" was polarizing or tending towards a single link.

q.

[edited to add] just reread this -- and i noticed how bad my grammar sucks. having a head cold while working in a d/c is not conducive for proper writing.

i do english good!
--
"...if I in my north room dance naked, grotesquely before my mirror waving my shirt round my head and singing softly to myself..."


DarkLogix
Texan and Proud
Premium
join:2008-10-23
Baytown, TX
kudos:3
So I guess with what I have a round-robin type load balancing isn't possible.

aryoba
Premium,MVM
join:2002-08-22
kudos:4
reply to RyanG1
said by RyanG1:

the only way i see HSRP being used for load balancing is something like:

router A:
ip 192.168.1.3
VIP 192.168.1.1

router B:
ip 192.168.1.4
VIP 192.168.1.2

Half of the subunet uses the gateway of .1 and the other half uses .2.

Something like this is not really practical though... you would want to look into GLBP (gateway load balancing protocol).

Ryan

I have done some behavior analysis on Cisco router GLBP implementation (7200 series, 3800 series, 2800 series). What I noticed was that the Cisco router GLBP implementation was not showing different behavior than HSRP. So if one claims that GLBP was able to do load balancing while HSRP was not, I would like to see some proof


RyanG1
Premium
join:2002-02-10
San Antonio, TX
kudos:1
reply to DarkLogix
Personally ive only used GLBP in a lab, not production. However if i was approached by a member of my team at work to discuss the topic i wouldnt not suggest HSRP be used for load balancing. Can it work to that effect? yes given the correct design but i dont see it as a practical solution.

Just my thoughts though =)

Ryan
--
Human beings, who are almost unique in having the ability to learn from the experience of others, are also remarkable for their apparent disinclination to do so. -Douglas Adams


DarkLogix
Texan and Proud
Premium
join:2008-10-23
Baytown, TX
kudos:3
Oh well
for now I just have 2 default routers set in the DHCP settings
this works for windows computers but other devices only use the 1st

(seen by looking at PRTG bandwidth monitor when streaming HBO go on the 360 and while downloading some big files on my computer.)

The 360 only used the 1st gateway
the computer put both links to 16mbit
--
»www.change.org/petitions/create-···imcity-4


tubbynet
reminds me of the danse russe
Premium,MVM
join:2008-01-16
Chandler, AZ
kudos:1
reply to aryoba
said by aryoba:

I have done some behavior analysis on Cisco router GLBP implementation (7200 series, 3800 series, 2800 series). What I noticed was that the Cisco router GLBP implementation was not showing different behavior than HSRP. So if one claims that GLBP was able to do load balancing while HSRP was not, I would like to see some proof

i'd like to see your proof, configs, and topology.
i've done glbp -- and i've seen the exact opposite. it has worked as i've needed it to. its not been anything special -- but it has worked for what i've needed it for. there are caveats(tm) -- which i'm sure you know.

honestly -- as "cool" as round-robin routing sounds for link utilization -- the more crap i've had to deal with -- the more i like stable and deterministic traffic patterns. i like knowing where my traffic is coming and going -- especially at 3am -- or any day with a headcold.

q.
--
"...if I in my north room dance naked, grotesquely before my mirror waving my shirt round my head and singing softly to myself..."

HELLFIRE
Premium
join:2009-11-25
kudos:18
reply to DarkLogix
As others have said, HSRP isn't a load-balacing algorthm per se but you could use it in conjunction
with other protocols to loadbalance traffic in your enivronment -- the one I'm most familiar with is
like RyanG1 laid out -- two default gateways pointing out two different ISPs, and HSRP tracking the
interface state and/or peer reachability of the ISP default gateway, or do it via a BGP setup.

I'm guessing you have dual ISP links running through a Cisco device, and are looking to optimize utilization
on both links, DarkLogix See Profile ?

IIRC, a) PFR / OER may be a better option for doing this rather than HSRP, and b) for a round-robin setup, watch
out if you have a stateful firewall setup as asymmetric routing and/or an out-of-state packet's a killer with that.

My 00000010bits.

Regards


DarkLogix
Texan and Proud
Premium
join:2008-10-23
Baytown, TX
kudos:3
No its a single ISP, and the two gateways are on the lan.

my home network is as follows
3745 with 2x NME-16ES-1G-P's
and a 2960G 24port gig switch (or rather 20port + 4 combo ports)

the etherswitches are running the EMI ios
are configured as follows

etherswitch to router internal interface is in vlan 254 on one and 253 on the other, then both have vlan interfaces 1, 2, 3, 4, and 5 and their external gig port is a trunk to the 2960g

then they're both running OSPF as is the router, so it sees that it has redundant paths from the access vlans to the router.

in the vlan interfaces they have the IP's (1 on the 1st etherswitch and 254 on the 2nd)

ether one is then able to route to the internal vlan that links it to the router and the router handles the NAT, acl's and IPv6 tunnel

I was thinking of moving the 1st etherswitch from .1 to .253 and doing .1 as a virtual IP (though I admit I doubt the 3745 would really be able to do anything more with more lan to router bandwidth)

then the router has a NM-1GE that links it to the Comcast SMC gateway. (which is D3) so a gig link to the comcast device.
--
»www.change.org/petitions/create-···imcity-4

HELLFIRE
Premium
join:2009-11-25
kudos:18
reply to DarkLogix
Okay, that gives us alittle more background on the setup -- can you also diagram that out?

What I'm visualizing is the 3745 has the two etherswitches with the HSRP VIP and config, which then
connects to the 2960, and your endhosts hang off the 2960, or are they dualhomed to the two etherswitches?

Either case, using HSRP would give you gateway redundancy between the two etherswitches.

Regards


DarkLogix
Texan and Proud
Premium
join:2008-10-23
Baytown, TX
kudos:3

2 edits
Click for full size
I'll try drawing up the logical layout in visio in a bit

currently I've just put a 2nd default gateway in the dhcp server settings, and that works for windows computers but it seems other devices just use the 1st gateway in the list (IE when my xbox360 is streaming I can tell there's a bout 8mbit on one of the etherswitches but next to nothing on the other, via PRTG snmp interface monitoring)

What you're visualizing is right (though HSRP is not yet added)

my 3745 has an NME-16ES-1G-P in slots 2 and 4 (I think I got the numbering right, the 2 slots on the right) and an NM-1GE in slot 1

I'm thinking set the vlan IP's to 10.x.x.254 and 253 and a VIP ip of 10.x.x.1 (then if I were to add a third it could be 252 and a forth of 251)(prices on ebay seem to be dropping though unless I upgrade to a 3845 I wouldn't be going past 3, as I want a gig port to connect to the cable modem)

Oh btw I also have IPv6 routing enabled with a /48 so I have a similar numbering scheme for that (IE inserting the vlan number in the 16bits between the /64 and the other part.)
--
»www.change.org/petitions/create-···imcity-4

HELLFIRE
Premium
join:2009-11-25
kudos:18
reply to DarkLogix
said by DarkLogix:

What you're visualizing is right (though HSRP is not yet added)

Whups... got ahead of myself

said by DarkLogix:

(then if I were to add a third it could be 252 and a forth of 251)

That's something I've been meaning to lab up / search for, is how many HSRP members can be in a "group"

Regards


DarkLogix
Texan and Proud
Premium
join:2008-10-23
Baytown, TX
kudos:3
Though from whats said it'd give gateway redundancy but not a theoretical performance increase.

Still might do it, I could set the dhcp scope to x.1, x.253, x.254 then atleast the non-windows devices would benefit in some way.
--
»www.change.org/petitions/create-···imcity-4


DarkLogix
Texan and Proud
Premium
join:2008-10-23
Baytown, TX
kudos:3
I've thought about it some more

I think the best way to gain redundancy here would be the following

add a L3 Switch to replace the 2960g
then make an "Inbetween" Vlan (say 255)
have vlan 255's VLSM set for 6 usable IP's
remove the access vlan interfaces from the etherswitches and have each with just 2 vlan interfaces (vlan 25x 1-4) and 255

then put the access vlan interfaces and the 5th ip from the 6 usable on the L3 switch

then use OSPF to do L3 load balancing over the 2 (to maybe 4 down the road) etherswitches

sure if the L3 switch goes down then intervlan routing would too but if its a new enough switch then down the road I might be able to stack it with a 2nd and split the etherswitches links between them, and as it is if my L2 switch goes down I'm SOL anyway.

I think this would give me far more intervlan routing capacity and better supported fault tolerance.

So I made a low ball offer on a switch on ebay, if I get it then woot, if not oh well
--
»www.change.org/petitions/create-···imcity-4


TomS_
Git-r-done
Premium,MVM
join:2002-07-19
London, UK
kudos:5
reply to DarkLogix
Isnt GLBP supposed to support active-active virtual gateways, thus solving your problem with nothing more than a couple of lines of configuration?


DarkLogix
Texan and Proud
Premium
join:2008-10-23
Baytown, TX
kudos:3
Not sure I'm not so familiar with GLBP

markysharkey
Premium
join:2012-12-20
united kingd
HSRP and GLBP are almost identical. It's about 2 pages in the CCNP Switch book. Just use GLBP in place of HSRP in the commands, when called for.
--
Binary is as easy as 01 10 11

HELLFIRE
Premium
join:2009-11-25
kudos:18
reply to DarkLogix
GLBP is documented as well in Network Warrior 2nd Ed. Config-wise, nearly identical to what
you do with HSRP, just replace the keyword 'standby' with 'glbp,' and add your weighting factor
and 'glbp load-balancing weighted' and you're off to the races.

Regards


DarkLogix
Texan and Proud
Premium
join:2008-10-23
Baytown, TX
kudos:3
cool I'll give it a go


DarkLogix
Texan and Proud
Premium
join:2008-10-23
Baytown, TX
kudos:3
Are these config examples about right?

would this be what I'd do
Ethswitch1
interface vlan2
ip address 10.0.2.251 255.255.255.0
glbp 1 ip 10.0.2.1
glbp 1 weighting 100 lower 91 upper 99
glbp 1 load-balancing round-robin
glbp 1 weighting track 1

Ethswitch2
interface vlan2
ip address 10.0.2.252 255.255.255.0
glbp 1 ip 10.0.2.1
glbp 1 weighting 100 lower 91 upper 99
glbp 1 load-balancing round-robin
glbp 1 weighting track 1

rinse and repeat for each vlan
--
»www.change.org/petitions/create-···imcity-4

HELLFIRE
Premium
join:2009-11-25
kudos:18
reply to DarkLogix
Sounds about right... just remember to adjust the weights accordingly for each VLAN as to which
one you want GLBP to "prefer" more.

here's another freebie for ya

Regards


DarkLogix
Texan and Proud
Premium
join:2008-10-23
Baytown, TX
kudos:3

1 edit
Well I want it to hop back and forth between ethsw1 and ethsw2 so I'd think I'd want the weights to be the same.

the above would be the config for 1 vlan (I'd then do roughly the same for the others just changing the 3rd octet and the vlan number)

I think I'll start with vlan 3 as thats the one I use for media systems (DVR, xbox360, deca network) so vlan 3 devices are unable to make use of the multiple default gateways given in the dhcp scope advertizement.

vlan 2 really just has my computer and iscsi array and well my server has an interface in it.

I'll toss the config change at vlan3 tonight and see if the media devices like it and if activity spans both ports like I want it to (IE both uplinks showing roughly the same throughput)
--
»www.change.org/petitions/create-···imcity-4

markysharkey
Premium
join:2012-12-20
united kingd

1 edit
Unless I'm missing something (and it wouldn't be the first time)...
Round-Robin means traffic will be forwarded out of each router in turn. The MAC address is a virtual one shared by the AVG and any AVF so the whilst the host ARP table contains the GLBP mac address as the next hop, the actual device being used to forward traffic will change.
--
Binary is as easy as 01 10 11


DarkLogix
Texan and Proud
Premium
join:2008-10-23
Baytown, TX
kudos:3
well finally got around to trying it

got the error
%GLBP is not supported by the switch stack
--
semper idem
1KTzRMxN1a2ATrtAAvbmEnMBoY3E2kHtyv

HELLFIRE
Premium
join:2009-11-25
kudos:18
reply to DarkLogix
Wrong code? Did you cross reference it with Cisco FN?

Regards


DarkLogix
Texan and Proud
Premium
join:2008-10-23
Baytown, TX
kudos:3
well some Google-ing

»www.cisco.com/en/US/solutions/co···9e6.html
table 1 at the bottom

seems GLBP isn't supported on L3 switches below the 4500 line.
--
semper idem
1KTzRMxN1a2ATrtAAvbmEnMBoY3E2kHtyv

HELLFIRE
Premium
join:2009-11-25
kudos:18
reply to DarkLogix
...and according to FN, CAT3750METRO and CAT3560C can do GLBP, as can your 3745...

Remind me again DarkLogix See Profile, are you sessioning to the NMEs individually or are they
controlled from the 3745 itself?

Regards


DarkLogix
Texan and Proud
Premium
join:2008-10-23
Baytown, TX
kudos:3
telneting to the NME's separately

that's one diff from the NM-16ESW and the NME-16ES
the ESW is managed via the router's IOS
the ES runs its own IOS (I think it has a 3750E IOS loaded on the NME's at the moment)

for all intents and purposes the NME's are separate L3 switches, with 2x gig ports (one internal linking to the router and one external for uplink) and 16 10/100 ports with POE

I don't suppose you could fine the IOS for the 3560 that supports it?
--
semper idem
1KTzRMxN1a2ATrtAAvbmEnMBoY3E2kHtyv