Cisco WAN :: Load Balancing Over L3 Etherchannel With 3750G
May 18, 2011
Here's the proposed network I have to work with: LAN A >> ASA Cluster >> 2x3750G Stack >> Cross-stack L3 Etherchannel (2x100Mb Circuits) >> 2x3750G Stack >> ASA Cluster >> LAN B Company policy governs that traffic between LAN A and LAN B must now be encrypted. ASA Firewalls have been purchased in advance and will be place into the network as above. Src-dst-ip load-balancing is currently in place on the Layer-3 Eherchannel. How can I encrypt the traffic using the ASAs and still ensure proper load-balancing over the circuits? I was about to configure a IPSec/GRE Tunnel between the ASA Clusters but I'm concerned that the tunnel will not be load-balanced over the ether channel based on the single source and destination IPs I will need to configure.
View 6 Replies
ADVERTISEMENT
Dec 18, 2012
We have to cisco WS-C4900M with Cisco IOS Software, Catalyst 4500 L3 Switch Software (cat4500e-IPBASE-M), Version 12.2(53)SG5, RELEASE SOFTWARE (fc1).We have four gigabit link connected between those two switches.We have create a LACP port channel with those four ports on both switches. Ether-channel is up and running and defined with a load-balancing method of src-dst-ip.But when we test the load-balancing, it's not using the src-dst-ip rule with the XOR: [code]
View 5 Replies
View Related
Sep 8, 2012
I need to build a layer 2 etherchannel on a Cisco 3560X. Now the question:
¿ May I instruct the switch to inspect the outgoing ethernet packets for IP information and therefore execute Layer 3 load balancing on this portchannel regardless of the fact that this will be a plain Layer 2 etherchannel? (for example: port-channel load-balance src-dst-ip)
The documentation does not say that this is not allowed, so in principle it seems to be that it would be feasible.
View 1 Replies
View Related
May 8, 2013
I have probem with symmetric load balancig, in case when both ends of ether channel are on the sam switch (we are using VLAN translation).We need to create L2 port channel with both ends on same switch (Cisco WS-C4500X-24X-ES), for example:Po1 – Gi0/1, Gi0/3 (one end of port channel )Po2 – Gi0/2, Gi0/4 (other end of port channel)On ports in Po2 we will configure VLAN mapping.My question is what is the best ether-channel load-balancing scheme with wich we can accomplish full symmetry in both directions? For example, if traffic in one direction goes through Gi0/1 (member of Po1), in other direction also must go through Gi0/1. This is required because we need to connect four appliances for DPI (they are full L2 transparent) and traffic through each appliance need to be symmetric.
I can set-up src-ip, dst-ip, src-dst-ip etc. load balancing, but, actually I need src-ip on Po1 and dst-ip on Po2. Is there any way to set up different load balancing mechanism for different ether channel on same switch (4500X).
View 4 Replies
View Related
Mar 5, 2012
Is it possible to use two different load balancing methods at each end of a port-channel between two switches?
We have a Cisco 6509 at one end of the port-channel and a Cisco blade switch 3020 at the other end. Right now, we are using "src-dst-ip" at both end of the port-channel. We would like to change this. That is, we would like the #3020 switch to use "src-dst-ip" while the 6509 switch should use the "src-dst-port".
Why we want to do this, the reason is that we have FWSMs on the 6509. I've read that by configuring "src-dst-port" on the 6509, one can get a better performance of traffic going through the FWSM. However, the issue is that the 3020 switch does not support "src-dst-port".
View 4 Replies
View Related
Mar 25, 2012
Will there be some pause in traffic on formed ether channel interfaces (4500E switch), when i will change the default ether channel load balancing method to src-dst-port (or any other non-default method)?
View 1 Replies
View Related
Oct 23, 2012
I am running out of ports on a 4507R and would like to use a 3750G-24TS stack that I already have to expand capacity. Is it possible to configure EtherChannel between the 4507R and the 3750G stack and if so what is the best way to do it? without LACP, with active-active mode LACP or passive-active mode LACP...
This is what I have in mind:On the 4507R side I would like to use interface GigabitEthernet3/5 and interface GigabitEthernet4/5 where modules 3 and 4 on the 4507R are "6 1000BaseX (GBIC) (WS-X4306-GB)". On the 3750G side I would like to use ports 28 on both switches in the stack which are equipped with Cisco GLC-T= 1000BASE-T SFP transceiver module for Category 5 copper wire with RJ-45 connector. [URL] Cross-Stack EtherChannel Without PAgP or LACP should look like this:
3750switchstackA(config)#interface gigabitethernet 1/0/28
3750switchstackA(config-if)#channel-group 1 mode on
3750switchstackA(config-if)#switchport trunk encapsulation dot1q
3750switchstackA(config-if)#switchport mode trunk
3750switchstackA(config)#interface gigabitethernet 2/0/28
3750switchstackA(config-if)#channel-group 1 mode on
[code]....
is that what I should be doing? is there any benefit to the active-active mode LACP or passive-active mode LACP and which are applicable to the case above?
View 1 Replies
View Related
Nov 20, 2011
Any experience with bundling a 10GB interface on a 3750G-16TD-S with a WS-C3750X-48T-S with a 10GB interface. I have worked with 5 different TAC engineers and so far I have not gotten an answer on why the switch will not let me bundle the 10GB with another 10GB interface.
Same switch Stack – not a cross stack.
Tried every configuration possible with no luck. I originally thought it might be the stack-ring speed – I corrected that today and it is running at 32GB –
The only thing I can think of now is it might be a hardware limitation on the 3750G-16TD-S ?
Q. What performance of the 10 Gigabit Ethernet port on the Cisco Catalyst WS-C3750G-16TD switches?
A. The Ten Gigabit Ethernet uplink on the Cisco Catalyst WS-C3750G-16TD switches is 1.25:1 oversubscribed and provides maximum throughput of 8Gb/s. –
View 3 Replies
View Related
Nov 30, 2011
i'm trying to accomplish the following:I want to trasport a bunch of vlan layer 2 etherchannel on a pair of layer3 connections, using L3 to load balance.i was considering a pair of options:
1) bridging + gre (non applicable since i cant bridge 2 interface beloging to a etherchannel to a tunnel)
2) L2TP is it possible to accomplish this with the above tecnology? any reference, configuration example?
3) AoMLPS is it possible to accomplish this with the above tecnology ? any reference, configuration example?
I cant modify topology, the routers used are ASR1001 It is mandatory that both sites have a layer2 connection between them.
View 1 Replies
View Related
Dec 9, 2010
I have a Cisco 2811 router with two HWIC-ADSL cards configured for dsl connection. I have two lines from the same ISP and i am load balancing between them. I have created a couple of SLA's to check the state of the connections and add to the routing table the two default routes if both are up or any one of them is up.My problem is that when i try to download big files (especially antivirus updates) the download at some point stops (especially the antivirus exits with an error of unreachability). If i shut down one line everything works fine.Could i use something (configuration-wise) to prevent this problem from happening?????Is there any way i can combine the two lines? They are simple ADSL connctions with static ip's.
View 8 Replies
View Related
Jun 25, 2012
One of our customer just purchased ASR1002 router, they have three internet links from different ISPs and they dont have any remote site, they have three different public IP pool as their respective ISPs. So, is it possible to load balance the internet traffic using all three link on Cisco ASR router ( IOS - Advance Enterprise Services)
View 3 Replies
View Related
Jun 10, 2012
I need to configure DSL Load Balancing on Core Cisco Switch 4506-E. I have a Router Cisco 2811 with 2GE Ports and a Firewall Cisco ASA5505. I have 8 Physical DSL Connections with 1Mb each. I need to combine that 8 Mb on Core Switch and allow each end user to access the Internet via the available DSL connection which means that every user has 8 Mb available.
View 7 Replies
View Related
Sep 13, 2011
We have an ASA5520 pair that we will be installing to load balance SSLVPN connections. Below is a portion of our configs pertaining to the VPN load-balancing feature (configured on both ASAs):My specific question is related to routing of return traffic to load-balanced VPN sessions. Is there some kind of persistence function that tells the return traffic which ASA to route back to? For instance, if ASA1 has a VPN connection having IP address 10.211.112.1 associated to it, and ASA2 has a VPN connection having IP address 10.211.112.100, how does the return traffic for each connection know which ASA to route back to?
View 1 Replies
View Related
Sep 13, 2011
Currently we have deployed site to site vpn between 2 asa 5510 model. one is corporate site and one is remote site. now we plan to use radware load balancer in which 2 isp will terminate. now if at a remote site wecreate only 1 ipsec tunnel and mention sigle isp peering. if one isp fails at corporate how remote site will be access by site to site vpn through 2 isp vpn. what thing we need to do over asa as well as load balancer at both end.
View 6 Replies
View Related
May 23, 2011
I have 2 rservers 10.30.1.73, 10.30.1.76,I have 3 URLs in both
[URL]
I want to have only one link for two same link in both servers with this ip address 10.30.1.172 so I will have 3 link and will load balance to 6 links
[URL]
View 4 Replies
View Related
Apr 18, 2012
i have a one 2811 router with 2 nos of HWIC-1FE card, and also i have two mpls connection [code] how can i configure it with mpls load balancing ?
View 10 Replies
View Related
Apr 8, 2011
How is the best and easiest way to check kind of load balancing on the routers using BGP (Border Gateway Protocol)?
View 6 Replies
View Related
Mar 1, 2011
We have Cisco CSS 11501 and connected in One-Arm way.Currently there are 4 source sending traffic and 3 server to receive the request. We are using Advance-balancing with Source IP. So the ratio become 2:1:1 or 1:2:1 or 1:1:2.But our target is to do the load balancing in equal ratio.
View 1 Replies
View Related
Feb 22, 2012
this router (RV016v3, Firmware: v4.1.1.01-sp (Dec 6 2011 20:03:18)) in regards to it not properly directing UDP packets out of the right WAN, as per the settings stored in Protocol Binding section of [System Management, Multi-WAN].I use the section to direct all traffic from desktop computers (192.168.5.100 ~ 192.168.5.199) through WAN4, and all VoIP related traffic (192.168.5.200 ~ 192.168.5.239) through WAN2(PPPoE).Everything seems to be working well except for some of the UDP traffic from 192.168.5.200 which is seen in the log going out of WAN4 instead of WAN2.I have even created a new entry for [UDP/5060~5060]->192.168.5.200~192.168.5.200(0.0.0.0~255.255.255.255)WAN2, and placed it at the very top of the list.Here are a few lines that I've observed in the log: (Refreshed the registration of two SIP Trunks configured in our PBX)
Feb 23 18:11:47 2012 Connection Accepted UDP 192.168.5.200:5060->184.72.227.214:5060 on eth4
Feb 23 18:11:46 2012 Connection Accepted UDP 192.168.5.200:5060->50.56.59.168:5060 on ppp2
Feb 23 18:11:46 2012 Connection Accepted UDP 192.168.5.200:5060->184.72.227.214:5060 on eth4
Feb 23 18:11:46 2012 Connection Accepted UDP 192.168.5.200:5060->50.56.59.168:5060 on ppp2
There are no static routes configured, so i'm baffled by what could cause some of the UDP packets to go through the wrong WAN.All TCP Traffic from 192.168.5.200 is seen going though WAN2 as it should.
View 2 Replies
View Related
Feb 3, 2013
I want to load balance my Internet traffic between two ASR 1001 routers that are connected to our core switches. Both routers are connected to the same ISP (Comcast) going to the same BGP AS on different /30 subnets. Is there a way for me to load balance my Internet traffic using both connections with BGP rather than having one of these connections sitting idle? If not, the only solution I see is to configure my layer 3 devices to split internet traffic between both routers (i.e. default routes with same AD).
View 6 Replies
View Related
Feb 24, 2011
We have a network topology like 2821 router with MPLS link and 881 Router with DSL Connection(DMVPN).
MPLS Link runs in BGP
DSL Connection runs in EIGRP.
So the existing scenario is like When ever MPLS link goes down Traffic will be moved to DSL connection. and once it come again it will be moved back to DSL using HSRP we are doing this. in this case most of the times my DSL connection will be in standby mode.Now my management decided to use both the links in active state and want to do some load balance between the links for some specific traffic like Internet, WSUS Updates, Antivirus updates need to go through the DSL connection even the MPLS is up and running.
View 2 Replies
View Related
Apr 6, 2012
I have a rv042 router with two internet connections. I have setp the WAN1 and WAN2 and set the load balance mode. Surfing on internet is then not a problem and I checked that I was using the two internet connection.However if I try to connect to my corporate (OWA) outlook web access i am looping on the first page where I should provide my credentials.I know that most of the load balancer could be set up with a sticky bit to keep the session on the same WAN connection.
View 4 Replies
View Related
Dec 5, 2011
Does loadbalancing ldap services in ACE? Both port 389 and 636.
View 4 Replies
View Related
Mar 2, 2013
I have two Internet connections which are connected to two ISR 2951s. Also I have two ASAs 5545-Xs, which I want to use in Active/Active failover mode with multicontext. The question is: how can I configure ASAs to perform ISP load-balancing as well?
View 4 Replies
View Related
Jul 5, 2011
confirm is Per packet load balancing is supported in the 3560's ?
I am going around in circles, and can't find a definate Y or N answer.
I have a suspicion this CEF feature is only available on routers.
View 8 Replies
View Related
Nov 21, 2012
I came up with a few ideas to Load Balance based on multiple ISPs. In our network setup we have a distribution layer of 3750s going to an ASR 1000 Series Router, which goes out to multiple ISPs, ISP1 and ISP2.
we also have a virtual fortinet appliance behind the 3750. If I say all traffic going to 0 - 126 goto ISP1, and 128 - 254 goto ISP2,and then obviously whatever NATd IP the customer has (ISP1 or ISP2), the return traffic will have to go to that specific IP. The traffic will allgo back to the virtual fortinet on the same interface, so I would assume I would be safe with uPF.I don't know of any ways to load balance based on Link Optimization, without implementing a load balancer?
View 5 Replies
View Related
Nov 28, 2012
i have cisco 1941 router with HWIC-4EWS Card We have two ISP, how to configure the load balancing
View 3 Replies
View Related
Nov 8, 2011
SIP Load balancing Issue with ACE 4710?I have a Cisco ace 4710 with vesion Version A4(2.2). i configued simple SIP load balancing first without stickiness. without stikeiness we are having a problem because bye packet at the was not going to the same server all the time that left our port in used even though user hang up the phone. its happen randmly. i have a total 20 licenced ports and its fill out very quickly. so i dicided to use the stickiness with call-ID but still same issue. below is the config
rserver host CIN-VOX-31
ip address 172.20.130.31
inservice
rserver host CIN-VOX-32
ip address 172.20.130.32
inservice
[code].....
View 6 Replies
View Related
Mar 7, 2013
I bought one of these I am very disappointed by the management interface which is very limited/restricitve.I completely agree with Antonio here. In my case, most of my traffic is HTTPS sobinding https ports to a given WAN port makes the load balancing completely useless!!I also hope there will be a software update including the possibility to keep the session on the same WAN connection.
View 1 Replies
View Related
Jul 25, 2011
We have two asa5520 configured as primary and standby unit in fail over configuration, and all is working properly. Is it possible, with this configuration (fail over), to configure vpn load balancing/clustering?
View 7 Replies
View Related
Apr 26, 2011
I have a problem with the ACE 20 load balance
To start with following is our architectural request flow:
Load Balancer --> Webseal /(reverse proxy) --> HTTP Server --> Portal Server
We have Hardware Load Balancer Cisco ACE20. When we access our portal from Webseal server it works totally fine without any issue, but when we access the same application using ACE we face the following issues:
1) Some of the links on do not work. For eg: We have a link "subscribe" which points to [URL], whenever we click on this link, the request is directed to [URL] i.e homepage
2) URL redirection does not work We have some links which have a url forwarding or redirection for example when we open [URL] it forwards the requests to [URL] opendocument....., but this redirection fails and again the request is thrown to homepage i.e., [URL]
3) The response of the request and the overall portal when accessed via ACE is very sluggish and it takes 20 seconds for homepage to load, whereas the homepage loads in 4 secs when accessed via webseal.
Below is the ACE details.
Hardware Product Number: ACE20-MOD-K9 Card Index: 207 Hardware Rev: 2.3 Feature Bits: 0000 0002 Slot No. : 7 Type: ACE
Software loader: Version 12.2[120] system: Version A2(1.4) [build 3.0(0)A2(1.4) adbuild_11:54:12-2009/03/05_/auto/adbu-rel2/rel_a2_1_4_throttle/REL_3_0_0_A2_1_4] system image file: [LCP] disk0:c6ace-t1k9-mz.A2_1_4.bin installed license: ACE-SEC-LIC-K9
View 3 Replies
View Related
Aug 29, 2011
We have an ASA5510 with two ADSL lines connected and the auto fail-over set up - this is all tested and if the main line fails, the backup line is used in it's place - no problem there.
However, I'd like to increase our connection speed, and one way I've done this in the past is to add a couple of extra ADSL lines to a router that is capable of load balancing.
I'm aware that the ASA5510 does not load balance (seems a waste as we've got the backup line just sitting there doing nothing!), but would it be feasible to add another router in front of the ASA device to perform this load balancing function?
View 2 Replies
View Related
Oct 26, 2011
I'm running an ACE 4700 appliance, i have a 4 server serverfarm setup, non-ssl, with leastconns predictor...i have tried round robin as well, and nothing...
I've taken each rserver out of service, and placed back in, and still, the traffic is handed off only to 1 server...
I do have sticky persistence (IP subnet)...
View 8 Replies
View Related
