OSPF Load balancing

Answered Question
Mar 27th, 2009
User Badges:

I have two routers connected point-to-point by two serial links. i want to load balance with OSPF so that i can run PBR and classify a certain type of traffic to use a single serial and another type to use another serial based on destination ip address. is this possible with OSPF, how can I configure that?

Correct Answer by rpfinneran about 7 years 11 months ago

Also, it is important to note that in my above example there is no verify-availability on the route map's next hop. This means that if a T1 goes down, the router would still be trying to route over it based on the route map. OSPF wouldn't, but the route map would not detect that the T1 is down and therefore would still be setting next hop.


So, if you provide specifics on exactly what you want to do, I can help with configs. Mainly, tell me what traffic you want to use which T1's.


For example, lets say you have voice, web, and ftp traffic. You want to use one T1 for only voice traffic. However, if that T1 goes down, you want the voice to be able to failover to the other T1.


Or, another example. Lets say you have voice, web, and ftp traffic. You want FTP and web to use both T1's, however, you only want voice to be able to use the first T1.


Try to be specific as possible. Obviously, you can replace your real subnets with bogus private IP's if you would like.

Correct Answer by rpfinneran about 7 years 11 months ago

Okay, take a look at the attached drawing, it is a very basic configuration of how PBR works. Effectively, when traffic comes into interface Gi0/1, if it matches some condition (could be route-source, subnet, DSCP values, or a bunch of other various things). So, if it matches the first condition in sequence number 10 of the route-map, then it goes across the 1st T1. If not, it would check the traffic to see if it matches sequence number 20 of the route map. If it does, then it would go across the 2nd T1. If it didn't match either, then normal routing would occur. In other words, a routing table lookup would happen. OSPF may have 2 equal cost routes (one over each T1) in which case it would load balance the traffic. However, don't be confused on how the load balancing occurs. It is not per packet (i.e. its not like the first packet uses the 1st T1 and the 2nd uses the 2nd). I believe, by default, that a computation occurs based on source and destination IP addresses. If the result is "even" it would use the 1st T1. If the result is "odd" it would use the 2nd. Does that make more sense?



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
CriscoSystems Fri, 03/27/2009 - 15:23
User Badges:
  • Bronze, 100 points or more

Is destination IP address the only criterion for being selected for a particular interface? If so then routing itself should handle that for you; unless these destinations are all on the same subnet (which then kinda arches eyebrows about why you want them split over different WAN links).


Is all of the traffic (whose serial exits you want to control) entering the router via the same interface?


We need to know more about exactly what you're trying to accomplish before we can determine which access lists and route maps to construct and where to configure them.


mailaglady2 Fri, 03/27/2009 - 16:07
User Badges:

I want to prove PBR on the router so now I thought of it this way, I created the GRE tunneling and have one serial in operation. I generated traffic from one side to the other side and check the interface (sh int s0/1/0 and sh int t0) I can see traffic on the s0/1/0 instead of the tunnel interface. i am under the impression my PBR is not functional.


!

interface Tunnel0

ip address 10.1.1.1 255.255.255.252

ip policy route-map Mpho_Tunnel

tunnel source 2.2.2.2

tunnel destination 1.1.1.1

!

interface GigabitEthernet0/0

ip address 192.2.1.1 255.255.255.0

duplex full

speed 100

!

interface Serial0/1/0

ip address 165.148.120.2 255.255.255.252

!

ip access-list extended GRE_Traffic

permit ip any host 192.4.1.2

!

route-map Mpho_Tunnel permit 10

match ip address GRE_Traffic

set ip next-hop 10.1.1.2

!

rpfinneran Sun, 03/29/2009 - 03:35
User Badges:
  • Bronze, 100 points or more

You have the route-map applied in the wrong place. Currently, your configuration reads...


As traffic enters Tunnel0 (from remote GRE peer) and the destination is 192.4.1.2 then set the next hop to 10.1.1.2 (which is back accross the tunnel). I believe you should see a routing loop.


Paste configs from both sides and attach a quick drawing show what you are trying to do. Someone earlier asked if all traffic is coming from one interface...


For what you are trying to do, that is, send some traffic across one serial for certain match condition, and other traffic across the other serial interface for a different match condition, then OSPF wouldn't be used at all. This would just be a function of the route map...


route-map Mpho permit 10

remark Stuff for S0/0/0

match ip address FirstT1

set ip next-hop

route-map Mpho permit 20

remark Stuff for S0/1/0

match ip address SecondT1

set ip next-hop


Note: The whole concept behind PBR is to be able to override dynamic routing protocols based on some conditions. OSPF wouldn't be used at all in this situation. You would simply apply the route map (remember, it works inbound) on the source interface at one side. Create a similar route map at remote router to ensure symmetric routing.


HTH,

Ryan

mailaglady2 Mon, 03/30/2009 - 07:45
User Badges:

I tried the above configs, my problem is it keeps on sending data on one interface s0/3/0. It only send data on s0/3/1 if I shut the s0/3/o interface. I have removed the OSPF routing protocol but still it sends data on the serial 0/3/0. below are my configs:


!

interface GigabitEthernet0/0

ip address 192.4.1.1 255.255.255.0

duplex auto

speed auto

media-type rj45

!

interface Serial0/3/0

ip address 165.148.120.1 255.255.255.252

clock rate 4000000

!

interface Serial0/3/1

ip address 165.148.121.1 255.255.255.252

ip policy route-map Serial1_Traffic

clock rate 4000000

!

ip forward-protocol nd

ip route 0.0.0.0 0.0.0.0 Serial0/3/1

ip route 0.0.0.0 0.0.0.0 Serial0/3/0

ip http server

no ip http secure-server

!

!

!

route-map Serial1_Traffic permit 10

match interface GigabitEthernet0/0

set ip next-hop 165.148.121.2

!




rpfinneran Tue, 03/31/2009 - 04:02
User Badges:
  • Bronze, 100 points or more

Your configs don't look at all like what I posted. You are applying a route-map (which function only on ingress traffic) to a serial interface. If traffic matches that match clause (which it cant), you are sending it back out the same serial interface?


Look at my previous post again.

mailaglady2 Tue, 03/31/2009 - 05:26
User Badges:

I think I didn't understand "remark Stuff for S0/0/0" because the remark option is only on access-list not the route-map itself, and it's more a description. The match ip add of the serial is confusing because then I did not mark the ip address of the source.. Now I want traffic that is coming from my LAN 192.4.1.2 to be routed through int s0/3/0 ip 165.148.120.1 rem .2, then after achieving that I will try to route through s0/3/1 ip add 165.148.121.1 remote .2. Now the first one is alright but when I want to change to s0/3/1 it dont and then i decided to use static instead of routing protocols but still route through s0/3/0.


"remark staff for s0/3/0"do you want me to copy and pate your configs or should I mark the traffic?

sdoremus33 Tue, 03/31/2009 - 17:59
User Badges:
  • Bronze, 100 points or more

Ryan,

So when you say Note: The whole concept behind PBR is to be able to override dynamic routing protocols based on some conditions. OSPF wouldn't be used at all in this situation. You would simply apply the route map (remember, it works inbound) on the source interface at one side. Create a similar route map at remote router to ensure symmetric routing.


Is that because of the way routers handle traffic flow Ex: inside-outside (trffc in outbnd direction)

Note: I am only specifying trffc based on this scenario

1. Input ACL Check

2. Input actng functions

3. Policy routing --PBR (Override of normal routing functions)

4. Normal routing based upon the RIB (Configured by user -OSPF)

Correct Answer
rpfinneran Wed, 04/01/2009 - 00:34
User Badges:
  • Bronze, 100 points or more

Okay, take a look at the attached drawing, it is a very basic configuration of how PBR works. Effectively, when traffic comes into interface Gi0/1, if it matches some condition (could be route-source, subnet, DSCP values, or a bunch of other various things). So, if it matches the first condition in sequence number 10 of the route-map, then it goes across the 1st T1. If not, it would check the traffic to see if it matches sequence number 20 of the route map. If it does, then it would go across the 2nd T1. If it didn't match either, then normal routing would occur. In other words, a routing table lookup would happen. OSPF may have 2 equal cost routes (one over each T1) in which case it would load balance the traffic. However, don't be confused on how the load balancing occurs. It is not per packet (i.e. its not like the first packet uses the 1st T1 and the 2nd uses the 2nd). I believe, by default, that a computation occurs based on source and destination IP addresses. If the result is "even" it would use the 1st T1. If the result is "odd" it would use the 2nd. Does that make more sense?



Attachment: 
Correct Answer
rpfinneran Wed, 04/01/2009 - 00:40
User Badges:
  • Bronze, 100 points or more

Also, it is important to note that in my above example there is no verify-availability on the route map's next hop. This means that if a T1 goes down, the router would still be trying to route over it based on the route map. OSPF wouldn't, but the route map would not detect that the T1 is down and therefore would still be setting next hop.


So, if you provide specifics on exactly what you want to do, I can help with configs. Mainly, tell me what traffic you want to use which T1's.


For example, lets say you have voice, web, and ftp traffic. You want to use one T1 for only voice traffic. However, if that T1 goes down, you want the voice to be able to failover to the other T1.


Or, another example. Lets say you have voice, web, and ftp traffic. You want FTP and web to use both T1's, however, you only want voice to be able to use the first T1.


Try to be specific as possible. Obviously, you can replace your real subnets with bogus private IP's if you would like.

mailaglady2 Wed, 04/01/2009 - 02:44
User Badges:

The above basic configs solved my problem, i was applying the policy on the wrong interface. my next step would be what you said on the 2nd post. I wanted to know how can I load share my traffic in such a way that when the 1st(ip add 165.148.120.1 rem .2) T1 fails, I want voice traffic to be routed on the 2nd T1 link(ip add 162.148.121.1 rem .2, i only need the basic configs. My ospf is not load balancing, below are my configs.


Router 3825

interface Loopback0

ip address 1.1.1.1 255.255.255.255

!

interface GigabitEthernet0/0

ip address 192.4.1.1 255.255.255.0

ip policy route-map Serial0_Traffic

duplex auto

speed auto

media-type rj45

!

interface GigabitEthernet0/1

ip address 155.239.247.103 255.255.255.0

duplex auto

speed auto

media-type rj45

!

interface Serial0/3/0

bandwidth 512

ip address 165.148.120.1 255.255.255.252

clock rate 8000000

!

interface Serial0/3/1

bandwidth 512

ip address 165.148.121.1 255.255.255.252

clock rate 8000000

!

router ospf 1

log-adjacency-changes

network 1.1.1.1 0.0.0.0 area 0

network 165.148.120.1 0.0.0.0 area 0

network 165.148.121.1 0.0.0.0 area 0

network 192.4.1.0 0.0.0.255 area 0

!

ip forward-protocol nd

ip http server

no ip http secure-server

!

!

!

route-map Serial0_Traffic permit 5

match interface GigabitEthernet0/0

set ip next-hop 165.148.120.2

!

route-map Serial1_Traffic permit 10

match interface GigabitEthernet0/0

set ip next-hop 165.148.121.2

!

DUT_3825#sh ip route 192.2.1.2

Routing entry for 192.2.1.0/24

Known via "ospf 1", distance 110, metric 196, type intra area

Last update from 165.148.121.2 on Serial0/3/1, 00:25:31 ago

Routing Descriptor Blocks:

165.148.121.2, from 2.2.2.2, 00:25:31 ago, via Serial0/3/1

Route metric is 196, traffic share count is 1

* 165.148.120.2, from 2.2.2.2, 00:25:31 ago, via Serial0/3/0

Route metric is 196, traffic share count is 1


Router 2821

!

interface Loopback0

ip address 2.2.2.2 255.255.255.255

!

interface GigabitEthernet0/0

ip address 192.2.1.1 255.255.255.0

duplex full

speed 100

!

interface GigabitEthernet0/1

ip address 155.239.247.104 255.255.255.0

duplex half

speed 100

!

interface Serial0/1/0

ip address 165.148.120.2 255.255.255.252

!

interface Serial0/1/1

ip address 165.148.121.2 255.255.255.252

!

router ospf 1

log-adjacency-changes

network 2.2.2.2 0.0.0.0 area 0

network 165.148.120.2 0.0.0.0 area 0

network 165.148.121.2 0.0.0.0 area 0

network 192.2.1.0 0.0.0.255 area 0

!

ip forward-protocol nd

ip http server

no ip http secure-server

!

!

!

route-map Mpho0 permit 10

match interface GigabitEthernet0/0

set ip next-hop 165.148.120.1

!

route-map Mpho1 permit 10

match interface GigabitEthernet0/0

set ip next-hop 165.148.121.1

!

R2821#sh ip route 192.4.1.2

Routing entry for 192.4.1.0/24

Known via "ospf 1", distance 110, metric 65, type intra area

Last update from 165.148.121.1 on Serial0/1/1, 01:02:28 ago

Routing Descriptor Blocks:

165.148.121.1, from 1.1.1.1, 01:02:28 ago, via Serial0/1/1

Route metric is 65, traffic share count is 1

* 165.148.120.1, from 1.1.1.1, 01:02:28 ago, via Serial0/1/0

Route metric is 65, traffic share count is 1


When sending traffic from 3825 it permanently uses s0/3/0 to router 2821, but when sending from 2821 to remote router(3825) it always uses s0/1/1, I don't understand

rpfinneran Wed, 04/01/2009 - 03:32
User Badges:
  • Bronze, 100 points or more

Okay. Can you put some sort of drawing on what you want to accomplish? If your sole goal is to load balance on the T1's, the no route-map is required, OSPF can handle this. However, if you want to send certain traffic across 1 T1, and different traffic on the other, then you will need a route-map.


"When sending traffic from 3825 it permanently uses s0/3/0 to router 2821"


Yes, the route map is forcing this to happen. If s0/3/0 goes down, the route map doesn't know it. You would have to add verify-reachibility to it, which is more complicated.



"when sending from 2821 to remote router(3825) it always uses s0/1/1"


This is probably not true. It was good that you posted the sho ip routes. Notice that on the 2821 the show ip route for 192.4.1.0/24 has two different equal cost routes (via S0/1/0 and via S0/1/1). By default, OSPF will load balance on them. How OSPF load balances is another question, answered here: http://ciscotips.wordpress.com/2006/05/04/load-balancing/


So, if you have CEF enabled, try the following two commands...


sho ip cef exact-route 10.10.10.1 192.4.1.2

sho ip cef exact-route 10.10.10.2 192.4.1.2


Did you get different interfaces? If so, then OSPF is load balancing fine.



Again, try to give me details on what you want to accomplish. Is it just that you want load balancing? If so, remove your route-maps and it will be done.


mailaglady2 Wed, 04/01/2009 - 04:17
User Badges:

Thank you. For now I only needed the basic staff like load balancing, if I have configured the costs on the interface is that good enough or should I configure load-sharing on the interface too (based on destination or per packet)? The reason I am asking is because I have the cost configured on the interface but not the load-sharing and it still not load-sharing. Instead packets are dropped rather than dividing traffic to the second T1.


interface Serial0/3/0

bandwidth 512

ip address 165.148.120.1 255.255.255.252

ip ospf cost 100

clock rate 8000000

!

interface Serial0/3/1

bandwidth 512

ip address 165.148.121.1 255.255.255.252

ip ospf cost 100

clock rate 8000000

!


DUT_3825(config-if)#do sh int s0/3/0

Serial0/3/0 is up, line protocol is up

Hardware is GT96K Serial

Internet address is 165.148.120.1/30

MTU 1500 bytes, BW 512 Kbit/sec, DLY 20000 usec,

reliability 255/255, txload 255/255, rxload 1/255

Encapsulation HDLC, loopback not set

Keepalive set (10 sec)

CRC checking enabled

Last input 00:00:03, output 00:00:00, output hang never

Last clearing of "show interface" counters 01:48:13

Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 18125292

Queueing strategy: weighted fair

Output queue: 64/1000/64/18125292 (size/max total/threshold/drops)

Conversations 1/3/256 (active/max active/max total)

Reserved Conversations 0/0 (allocated/max allocated)

Available Bandwidth 384 kilobits/sec

5 minute input rate 0 bits/sec, 0 packets/sec

5 minute output rate 7769000 bits/sec, 19429 packets/sec

1450 packets input, 109528 bytes, 0 no buffer

Received 757 broadcasts, 0 runts, 0 giants, 0 throttles

0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort

121498964 packets output, 1780048870 bytes, 0 underruns

0 output errors, 0 collisions, 0 interface resets

0 unknown protocol drops

0 output buffer failures, 0 output buffers swapped out

0 carrier transitions

DCD=up DSR=up DTR=up RTS=up CTS=up



DUT_3825(config-if)#do clear counters s0/3/1

Clear "show interface" counters on this interface [confirm]

DUT_3825(config-if)#do clear counters s0/3/1

*Apr 1 11:18:36.621: %CLEAR-5-COUNTERS: Clear counter on interfacdo sh int s0/3/1

Serial0/3/1 is up, line protocol is up

Hardware is GT96K Serial

Internet address is 165.148.121.1/30

MTU 1500 bytes, BW 512 Kbit/sec, DLY 20000 usec,

reliability 255/255, txload 1/255, rxload 1/255

Encapsulation HDLC, loopback not set

Keepalive set (10 sec)

CRC checking enabled

Last input 00:00:01, output 00:00:01, output hang never

Last clearing of "show interface" counters 00:00:04

Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0

Queueing strategy: weighted fair

Output queue: 0/1000/64/0 (size/max total/threshold/drops)

Conversations 0/3/256 (active/max active/max total)

Reserved Conversations 0/0 (allocated/max allocated)

Available Bandwidth 384 kilobits/sec

5 minute input rate 0 bits/sec, 0 packets/sec

5 minute output rate 0 bits/sec, 0 packets/sec

1 packets input, 325 bytes, 0 no buffer

Received 1 broadcasts, 0 runts, 0 giants, 0 throttles

0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort

1 packets output, 84 bytes, 0 underruns

0 output errors, 0 collisions, 0 interface resets

0 unknown protocol drops

0 output buffer failures, 0 output buffers swapped out

0 carrier transitions

DCD=up DSR=up DTR=up RTS=up CTS=up

rpfinneran Wed, 04/01/2009 - 04:34
User Badges:
  • Bronze, 100 points or more

Ensure the cost of each interface is equal. You can use the "show ip ospf interface " command to verify. You MUST remove the route-map from the GigEth interface to prevent packet loss when the T1 goes down. You should now have load balancing.


Are you running CEF (Cisco Express Forwarding) or Fast switching ? If you are running Fast Switching, then load balancing is based on destination IP address. So, try looking at the route to a different destination IP address on the 192.4.1.0/24 network. If you are running CEF (I hope you are, its fantastic) you can use the command "show ip cef 192.4.1.0" to see how the load balancing is accomplished.


Paste the output if you have further questions.

mailaglady2 Wed, 04/01/2009 - 05:10
User Badges:

DUT_3825(config-if)#do sh ip cef 192.2.1.0

192.2.1.0/24

nexthop 165.148.120.2 Serial0/3/0

nexthop 165.148.121.2 Serial0/3/1


I am happy with the output for load balancing, cef uses load-sharing per packet?


because if it's not configured on the interface then it does not load balance. route map has been removed on global config mode and int g0/0.

rpfinneran Thu, 04/02/2009 - 01:16
User Badges:
  • Bronze, 100 points or more

You don't need any interface configuration. If CEF is running on your router, and you have equal cost routes, then it is load balancing. By default, CEF does load balancing on a per destination basis.


If you want per-packet load balancing, configure both serial interfaces with the following command...


ip load-sharing per-packet



Be sure to do it on both routers so that you get symmetric load balancing.


I hope this helps,


Ryan

Actions

This Discussion