etherchannel load-balancing and unpredictability

I have a question regarding etherchannel load balancing. I've got a

4507R switch connected to a 3560 switch by means of two content filters which are acting as transparent bridges. The two ports on each side that the content filters are connected to are set up as access ports and are in an etherchannel. The load balancing method on each switch is set to src-dst-ip. I was under the impression that each pair of source and destination ip address would select exactly one content filter no matter which direction.

I've been told that this can be 'unpredictable' and may cause assymetric flows. The algorithm seems fairly straightforward to me. I don't see where the unpredictability can come in. Can someone explain to me what I'm missing?

Reply to
Loading thread data ...

First the disclaimer: I'm no expert.

Now, having said that, I can see where the flows could end up asymmetric; the hash in one direction might select Content Filter A while the hash in the opposite direction could select Content Filter B. However, I can't see where the behavior wouldn't be deterministic, meaning that for any given source-destination IP address the same path would be chosen every single time. Even if the path selection is deterministic, that still doesn't rule out asymmetric behaviors.

Reply to
Scott Lowe

the way the hash works on different cisco devices varies by pl;atform.

the hardware dictates exactly what happens - for example Cat 6500s hash the XOR of dest + source IP value into 8 buckets, then map those buckets onto the active set of links.

since the mapping is not visible, and may use the line ID or other inivisble values, 1 stream will use the same port, so maintaining FIFO for the stream.

but - it isnt necessarily predictable which port, and if links bounce etc, it may not stay as the same port.......

since this happens independently at each switch, you have around 50% chance any 1 conversation will have both directions of flow over the same pipe - which will upset a firewall and possibly your content filters?

Of course if your content filters are "1 directional", so just care that a stream of packets has certain values, and doesnt need to see any return traffic, then that doesnt matter.

the load balance gospel according to cisco, (but not necessarily up to date, since it goes on about Fast Eth ports)

formatting link

Reply to
Stephen Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.