Etherchannel with 2 different switches

Unanswered Question
May 14th, 2008
User Badges:


We have the following situation.

2 2950 switche connected to 2 Microsoft ISA servers with network load balancing on the isa servers. Between the 2 2950 i'm planning to create an etherchannel. But to support the 2 isa servers in active active configuration I think i need to create an etherchannel of 2 ports on 2 different 2950 switches.

Can this be created? i'm not sure but i don't think so.

thanks Jorg

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (3 ratings)
Kevin Dorrell Wed, 05/14/2008 - 04:53
User Badges:
  • Green, 3000 points or more

No, that is not possible with 2950s. Cisco have just introduced that feature on the very high end switches, Catalyst 6500, but I don't think it will ever filter down to the lower-end switches.

Your better bet would be to use 3750s in your top-of-rack. These can be stacked to look like one switch, and I believe you can run an EtherChannel across the stack. (Although I have never used them myself.)

Kevin Dorrell


jorg.ramakers Wed, 05/14/2008 - 05:05
User Badges:


I thought so, but now i'm doubting if it is necessary to use the etherchannel.

NLB uses 1 ip adres with 2 different mac-addresses. Is it necessary to use etherchannel.

I think so, as 1 of the 2 2950 switches will see 1 packet for ip on port x and the other packet on port y. this can give any error.

Kevin Dorrell Wed, 05/14/2008 - 05:18
User Badges:
  • Green, 3000 points or more

OK, it depends on what sort of load-balancing you are doing.

Withe the 1 IP address, 2-MAC address system, you should have no problem. The 2950s are layer-2 switches, so they no nothing about IP addresses. As far as they are concerned, there is no conflict.

The way this type of load-balancing works is a bit like GLBP. When the clients do an ARP request for the server address, they get a reply that contains one MAC address or the other. So some clients will go into the server on one interface, and some on the other. There is no problem or conflict there.

That scheme works quite well when you have your clients on the same VLAN as your server. It works rather less well when you have your clients on a different VLAN. Consider the extreme case where the server is on one VLAN and all the clients are on another. The first time a client accesses the server, the router will ARP for the server. Once it has a response, it will use that and only that. So, if you are going through a router (or routing function of a switch), you might end up using only one server NIC anyway.

Kevin Dorrell


jorg.ramakers Wed, 05/14/2008 - 05:35
User Badges:


I think we will end up with the worst case. The situation is. We have 2 cisco asa which are configured as active / standby. After the asa's there will be 2 2950 switches between them a etherchannel configured. Then the 2 microsoft isa servers with nlb. 1 interface of isa number 1 connected to switch 1, interface of isa 2 connected to switch 2.

So if there is incomming internet traffic, the asa will arp the isa and receives the ip address of the nlb with one of the mac-addresses. It will use then only 1 mac address incoming in our site. After the isa servers there will be an 3750 stack. Here i can configure an etherchannel over the 3750 stack. I think there will be a problem with incomming internet traffic.

Best regards


w.siewert Wed, 05/14/2008 - 05:20
User Badges:

If you use MS network load balancing ? be careful. MS uses Multicast MAC-Addresses to reach the Servers, therefore you don't need etherchannel, the packets are flooded over the network... this will cause problems if you have a bigger layer 2 network.

Kevin Dorrell Wed, 05/14/2008 - 05:30
User Badges:
  • Green, 3000 points or more

That's a third type of load balancing I forget to mention!

Yes, it is true there is a load-balancing scheme that uses multicast. But it is not as dire as it sounds, as long as you use IGMP snooping and your switch supports IGMP snooping in hardware. Unfortunately, the 2950 does it in software, so the IGMP snooping can kill the switch.

Even with IGMP snooping on the switch, there is still some residual multicast traffic flooded to all ports. That is because IGMP snooping will only filter traffic that is strictly IP, i.e. Ethertype 0x0800. So the normal client server traffic will only go to the two server NIC ports. However, there is a control protocol between them that produces one mulitcastpacket per second from each physical server, as a keepalive. Those packets have a different Ethertype, 0x886F, and that is not filtered by IGMP snooping.

It still does not load balance correctly if your clients are on the other side of router. Furthermore, all the traffic goes to both server ports, so it is not cure for congestion. Also, when a router gets a multicast MAC as an ARP resonse, it does not believe it, so it drops it. If you want this scheme to work through a router, you have to put a static ARP entry in the router for the server IP.

Kevin Dorrell



This Discussion