Posted on December 30, 2019 7:14 pm
 |  Asked by Rayne R
 |  53 views
0
0
Print Friendly, PDF & Email

I’ve configured a port channel and an ACL to filter for BGP traffic. Et1-12 are the input ports, Et52/1-4 (40G port, split into 4x10G) are the output ports, where the port channel and ACL are applied on. My configuration is as follows.

interface Port-Channel1
load-interval 5
ip access-group bgp out
switchport mode tool
switchport tool group set group1 group2 group3
!
interface Ethernet1
load-interval 5
switchport mode tap
switchport tap default group group1
!
interface Ethernet2
load-interval 5
switchport mode tap
switchport tap default group group1
!
interface Ethernet3
load-interval 5
switchport mode tap
switchport tap default group group2
!
interface Ethernet4
load-interval 5
switchport mode tap
switchport tap default group group2
!
interface Ethernet5
load-interval 5
switchport mode tap
switchport tap default group group3
!
...
!
interface Ethernet52/1
load-internal 5
channel-group 1 mode on
switchport mode tool
!
interface Ethernet52/2
load-internal 5
channel-group 1 mode on
switchport mode tool
!
interface Ethernet52/3
load-internal 5
channel-group 1 mode on
switchport mode tool
!
interface Ethernet52/4
load-internal 5
channel-group 1 mode on
switchport mode tool

The ACL is working since I’m getting only bgp traffic from the output ports.

Initially when I only applied the port channel to Et52/3 and Et52/4, I have the following output.
Int In Mbps Out Mbps
Et52/3 88.5 0.8
Et52/4 0.7 88.6

How could the In rate of Et52/4 be less than the Out Rate?

Then I added Et52/1 and Et52/2 to the port channel, and I get approximately the same In/Out rates as Et52/3 for both ports. Output of Et52/4 remains he same. I thought the port channel would try to load balance across the 4 ports. There is approximately 24Gbps of traffic from the 12 input ports. Did the total In rate increase because there was simply too much incoming traffic from the 12 ports (Et1-12)? If so, why is each In rate only about 100Mbps and not higher?

Thanks in advance.

0
Posted by prajwala an
Answered on January 3, 2020 6:17 am

Hi Rayne,

Wish you a Happy new year!!

I understand from your description that Et1-12 are input interface while Et52/1-4 ( in Port-channel ) is the egress interface for the traffic under concern, so this traffic will Ingress at Et1 and Egress at Po1.
So for the concerned traffic, we need to check the input rate on Et1-12 and only Out Rate on Po1.

The input traffic that you see on the po1 interfaces ( Et52/1-4 ) is what is coming in from the devices connected to po1 and does not refer to the traffic coming in from Et1-12. The Rx and the Tx channels are completely separate.

Also wrt the load-balancing, the traffic for the multiple flows get hashed to different link. However traffic from one particular flow will get hashed to one link irrespective of the rate of this traffic flow.
There are various factors which determine the flow of traffic, for example the most basic parameters which indicate a flow are the source / dest , Ip / Mac address. Different platforms have different default factors which determine a flow. Further this hashing is done for traffic that goes out of the port-channel and for the traffic coming into the interfaces of the port-channel ( Et52/1-4 ) ( In mbps ), the opposite device decides the link to send out the traffic.

Please let me know if you have any further queries on this.

Thanks,
Prajwala

Post your Answer

You must be logged in to post an answer.