Load Balancing internet traffic Cisco 2620XM 1

[hinesjrh]

I have a 2620XM router running version 12.3 of the OS. I have three serial interfaces, with each having a T1 connected for our internet access. When I started with this organization I was told these were "bonded" to equally share the traffic. However I recently began monitoring this and other network traffic using the Solarwinds product, and I am seeing that one of the three interfaces normally shows 90+% received utilization while the other two show less than 5% received utilization.

Is there a way on the router to load balance this traffic? Is there a certian protocol that would do this for me? I am thinking that this senario is not optimized!

 

[netadmin65]

the quick and dirty way is:

ip load-sharing per-packet

on each interface.

Anyone can correct me if I am wrong, but I believe
that if one interface is experiencing most of the traffic,
but the traffic from the others does not add up to the remainder of the bandwidth, the higher usage interface will still get most of the traffic. It is only when bandwidth is exceeded that the true load balancing kicks in.

This is how I understand the use of this command. If I am in error, someone please correct me.

 

[JOAMON]

If the 3 T1 lines are all from the same provider I would recommend truly bonding them together instead of load balancing to achieve the full 4.5 meg of bandwidth. This is done via multilink ppp and would only work if your T1 provider can support it. With multilink you can lose one of the T1 lines and still maintain a 3 meg pipe without interruption.

 

[JOAMON]

Here is an example of what it might look like:


interface Multilink##
description Maple Street
ip address x.x.x.x 255.255.255.252
no ip directed-broadcast
no cdp enable
ppp multilink
ppp multilink fragment disable
multilink-group ##

interface Serial0/0
description
no ip address
no ip directed-broadcast
encapsulation ppp
no keepalive
tx-queue-limit 26
no fair-queue
no cdp enable
ppp multilink
multilink-group ##

interface Serial0/1
description
no ip address
no ip directed-broadcast
encapsulation ppp
no keepalive
tx-queue-limit 26
no fair-queue
no cdp enable
ppp multilink
multilink-group ##

interface Serial0/2
description
no ip address
no ip directed-broadcast
encapsulation ppp
no keepalive
tx-queue-limit 26
no fair-queue
no cdp enable
ppp multilink
multilink-group ##

 

[azanio]

If the 3 T1 lines are all not from the same provider ? Consider link/load balancer equipment. Otherwise use BGP but BGP only do load sharing.

 

[hinesjrh]

Yes, all three T1 lines are from the same provider. Thanks to all for the input!

 

[hinesjrh]

I like the multilink ppp approach. Can someone point me to specific Cisco documentation that addresses configuring this? I am running IOS 12.3.

JOAMON's example config above looks simple enough, so maybe I am just making more of this project than need be?

My provider (Qwest) can't bond the three T1's for me for about a month (so that they would all come out of their same edge router), but they suggest making the config. change on my router now and say I will see an improvement right away.

 

[JOAMON]

It is pretty straight forward....will need to modify the following line:
multilink-group ##
12.3 reads as:
ppp multilink group ##

Might also need to and ip nat command or acl command to the multilink interface.

I use this with two T1's and it works great.

 

[hinesjrh]

JOAMON I'm sorry to keep asking questions, but I don't want to mess this config change up and I have not done this specific before. So I am only changing the config for my 3 serial interfaces, but there is no change needed on my 1 fast ethernet interface correct? What is the command doing that you mention above that begins with 'Interface Multilink##' and which IP address and subnet mask am I to use there?

 

[JOAMON]

Would need to see your current config (less and passwords, usernames, etc.).

You create a virtual interface (Mulltilink 1) and then assign physical interfaces to it with the ppp multilink group 1 command. Serial interfaces have no ip address. Not sure what you have for IP address on your three serial interfaces and if they are all contiguous but what will happen is that the existing or new ip address block will be assigned to the multilink interface to connect to your ISP. You may need to change your default route or routes, VPN peers, access-lists, etc. if your IP address changes.

 

[ktripp]

Joamon,
I assume this is a coordinated effort with the ISP?
Does each individual T1 have their own IP address?

Ken

 

[JOAMON]

Yes it is somewhat of a coordinated effort. If you look at the sample config the T1 interfaces do not have individual ip address. The only ip address block to be used needs to be on the multilink interface.

 

[hinesjrh]

JOAMON: I implemented CEF over the weekend and I have seen immediate improvement (both in internet response time and in how SolarWinds is showing my three T1 lines being used). Below is a copy of my internet router config. Do you feel there are further benefits for me to receive by implementing MLPPP with my ISP, over what CEF is now giviing me?


Using 3188 out of 29688 bytes
!
! NVRAM config last updated at 15:56:05 zone Sun Jun 12 2005
!
version 12.3
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
!
hostname NHA_2620XM_Inet
!
boot-start-marker
boot system flash:c2600-i-mz.123-13.bin
boot-end-marker
!
logging buffered 4096 debugging
enable secret 5 x
enable password 7 x
!
clock timezone EST -5
clock summer-time zone recurring
no network-clock-participate slot 1
no network-clock-participate wic 0
no aaa new-model
ip subnet-zero
no ip source-route
ip icmp rate-limit unreachable 2000
ip cef
!
!
no ip domain lookup
!
no ip bootp server
!
!
!
!
interface FastEthernet0/0
ip address xxx.xxx.254.xxx xxx.255.255.0
ip access-group 115 in
ip access-group 115 out
no ip unreachables
speed auto
full-duplex
no keepalive
!
interface Serial0/0
description DS1IT-8183455
bandwidth 154400
ip address 2xxx.1.144.110 xxx.255.255.xxx
ip access-group 102 in
ip access-group 101 out
no ip mroute-cache
fair-queue
service-module t1 timeslots 1-24
no cdp enable
!
interface Serial0/1
description DS1IT-8183456
bandwidth 154400
ip address xxx.2.144.106 xxx.255.255.xxx
ip access-group 102 in
ip access-group 101 out
no ip mroute-cache
fair-queue
service-module t1 timeslots 1-24
no cdp enable
!
interface Serial1/0
description DS1IT-9402273
bandwidth 154400
ip address xxx.3.212.62 xxx.255.255.xxx
ip access-group 102 in
ip access-group 101 out
no ip mroute-cache
fair-queue
service-module t1 timeslots 1-24
no cdp enable
!
ip http server
ip classless
ip route 0.0.0.0 0.0.0.0 xxx.1.144.109
ip route 0.0.0.0 0.0.0.0 xxx.2.144.105
ip route 0.0.0.0 0.0.0.0 xxx.3.212.61
!
!
logging facility local4
logging source-interface FastEthernet0/0
logging xxx.1.1.xxx
access-list 99 permit xxx.129.xxx.0 0.0.0.255
access-list 99 permit xx.0.1.0 0.0.0.255
access-list 99 deny any log
access-list 101 permit ip xxx.129.xxx.0 0.0.0.255 any
access-list 101 deny ip any any log
access-list 102 deny ip xxx.168.0.0 0.0.255.xxx any log
access-list 102 deny ip xxx.16.0.0 0.15.255.255 any log
access-list 102 deny ip xxx.0.0.0 0.255.255.255 any log
access-list 102 deny ip xxx.0.0.0 0.255.255.255 any log
access-list 102 deny ip xxx.0.0.0 0.xxx.255.255 any log
access-list 102 deny ip xxx.0.0.0 7.255.255.255 any log
access-list 102 deny ip host 0.0.0.0 any log
access-list 102 deny ip xx.xxx.254.0 0.0.0.255 any log
access-list 102 permit ip any any
access-list 115 deny udp any any eq tftp
access-list 115 deny udp any any eq 135
access-list 115 deny tcp any any eq 135
access-list 115 deny tcp any any eq 4444
access-list 115 permit ip any any
snmp-server engineID local 000000090200000196CT2700
snmp-server community xxxxxxx RO 99
snmp-server community xxxxxxxx RO 99
snmp-server enable traps tty
snmp-server host xxx.1.0.xxx xxxxxx
banner motd ^CCC
RTR: NHA Inet

Serial #: JMX0707L6Y1
^C
!
line con 0
password 7
login
line aux 0
password 7
login
line vty 0 4
access-class 99 in
password 7
login
!
!
end

 

[JOAMON]

IP CEF is great for load balancing but if you were to run a speedtest I think the best you will get is 1.5. By bonding the lines together your up and down will increase to 4.5. With the lines bonded and if one drops your connection will renegotiate and run at 3.0 until the other T comes back online. This usually happens without dropping but there is a slight pause during this process. It is really up to you but if your are after speed then bonding them is the only way to achieve this. If your speed is satisfactory then stay with load balancing. If you stay with load balancing I would think that you would only need 2 T1's for this and not three. May be able to trim an expense here.

 

[JOAMON]

Do you have a PIX or other firewall device behind this router?

 

[hinesjrh]

Yes, we have a PIX (as well as lots of other Cisco hardware).