Ads 468x60px

Sunday, September 23, 2012

Maipu 1800 Testing Report for Load Balancing Scenario



Hi Friends, Below is testing report of Load balancing and back up scenario using Maipu 1800 Routers. 

Objective-
  •  Maipu 1800 CPE router need to perform load balancing in between two outgoing interfaces F0 and F1
  •  If one WAN link is down, then another wan link will be primary, vice versa.
  • As the faulty link is restored, Both WAN link should do load balancing for LAN traffic.


Topology –


Description –
Load Balancing
Load balancing is based on a combination of source and destination packet information; it allows you to optimize resources by distributing traffic over multiple paths for transferring data to a destination. You configure load balancing on outbound interfaces on a per-destination or per-packet basis.

Types Load balancing – Per destination load balancing and Per packet load balancing.

Per-Destination and Per-Packet

Per-destination load balancing allows the router to distribute packets based on the destination address, and uses multiple paths to achieve load sharing. Packets for a given source-destination host pair are guaranteed to take the same path, even if multiple paths are available. For example, given two paths to the same network, all packets for destination1 on that network go over the first path, all packets for destination2 on that network go over the second path, and so on. Per-destination load balancing is enabled by default when you start the router, and is the preferred load balancing for most situations.
Per-packet load balancing allows the router to send successive data packets over paths without regard to individual hosts or user sessions. It uses the round-robin method to determine which path each packet takes to the destination. With per-packet load balancing enabled, the router sends one packet for destination1 over the first path, the second packet for (the same) destination1 over the second path, and so on. Per-packet load balancing ensures balancing over multiple links.
Although path utilization with per-packet load balancing is beneficial, packets for a given pair of source-destination hosts might take different paths. This means that per-packet load balancing can introduce reordering of packets. This load balancing method would be inappropriate for certain types of data traffic (such as voice traffic over IP) that depend on packets arriving at the destination in sequence.
Use per-packet load balancing to ensure that a path for a single source-destination pair does not get overloaded. If the bulk of data passing through parallel links is for a single pair, per-destination load balancing overloads a single link while other links have very little traffic. Enabling per-packet load balancing allows you to use alternate paths to the same busy destination.

Devices used in Testing –
Maipu 1800-22-AC

IOS Details –

Main Configuration:

interface fastethernet0
 description ### ISP1 ###
 ip address 100.1.1.1 255.255.255.252
 keepalive gateway 100.1.1.2
 exit

interface fastethernet0
 description ### ISP2 ###
 ip address 200.1.1.1 255.255.255.252
 keepalive gateway 200.1.1.2
 exit



interface vlan1
 description ### LOCAL LAN ###
 ip address 201.1.1.1 255.255.255.0
 exit

ip route 0.0.0.0 0.0.0.0 100.1.1.2
ip route 0.0.0.0 0.0.0.0 200.1.1.2


Output –
Show ip route
router#sh ip route
S   0.0.0.0/0 [1/100] via 100.1.1.2, 0:01:10, fastethernet0
S   0.0.0.0/0 [1/100] via 200.1.1.2, 0:01:04, fastethernet1

Notes –
  • By default per destination load balancing will work.
  • To configure per packet load balancing
    • router(config)#ip load-sharing per-packet
  • After above configuration, load balancing will work per packet basis.
  • As F0 (ISP-1) link is down, all LAN traffic will take F1 as primary path, vice versa.
  • After faulty link restored, Traffic will be again go with configured load balancing algorithm. 
d    Hope this testing report will help you in live network implementations. 
      
     Thanks for reading ...
  

Posted by Uttamkumar at 7:27 PM 45 comments
Labels:

Monday, May 14, 2012

Maipu - IPSec Template



Hi All friends, Many time we came across requirement of IPSec configurations. Maipu every Router support IPSec. In this section, I will share IPSec Configuration template. It will help you to understand Maipu IPSec configuration steps.

Maipu IPSec configuration is having different command line than other vendors.

Before looking in details of IPSec template, let’s take a overview of IPSec working process -


IPSec working process –

IPSec works using IKE protocol (Internet Key Exchange).

IKE - When two devices communicate across the network to form secure tunnel. Both Routers/devices will negotiate on set of protocols, they are going to use for security, Encryption, Authentication and protection.

If both devices are using same set of protocols then only secure tunnel will form and data communication will start from secure tunnel or otherwise the secure tunnel will not be established.

In above discussion I used secure tunnel term, The secure tunnel is IPSec tunnel.

IPSec stands for IP packets security.

IPSec is having two modes of communications in Network – Transport and Tunnel Mode…

Some are well known types of VPN – Site to Site VPN, Easy VPN, Point to Multipoint VPN.

VPN -stands for Virtual Private Network, VPN tunnel means creating a private tunnel in public network. IPSec protocols are used to secure VPN tunnel. Data transfer will happen  securely from IPSec VPN.  

IPSec VPN Establishment process –
  • The Routers receives traffic considered "Intresting traffic" from LAN Network towards WAN for establishing a VPN connection.
  • IKE Phase 1 Negotiated and Security Association (SA) established.
  • IKE Phase 2 Negotiated and Security ASsociation (SA) established.
  • Data Transmitted thru IPSec Tunnel
  • Once Transmission is complete , Then IPSec tunnel torn down.


Configuration Steps for Maipu Router IPSec Configurations –
  • Set up Ike Proposal [ For IKE Phase I ]
  • Set up IPSec proposal[ For IKE Phase II ]
  • Define interesting traffic - flow
  • Set up crypto tunnel –include local wan interface
  • Map flow to crypto tunnel


Maipu IPSec Configuration Template –

crypto ike key pplhkhqtodel address x.x.x.x
### Define Crypto key ####
### Define Crypto IKE Phase 1 proposal ###
crypto ike proposal 1
 encryption 3des
 group group2
integrity sha1
 lifetime 28800
 exit

### Define Crypto IKE Phase 2 proposal ###
crypto ipsec proposal 1
 esp 3des
 ah sha1
 lifetime 28800
 exit

### Create IPSec Tunnel Interface ###
crypto tunnel t1
 local interface f0
 peer any
 set authentication preshared
 set ike proposal 1
 set ipsec proposal 1
set auto-up
 exit

### Create Interesting traffic rule, like ACL. Match source and destination traffic ####
crypto policy p1
 flow x.x.x.x x.x.x.x (local lan ip) x.x.x.x x.x.x.x (remote lan) ip tunnel t1
crypto policy p2
 flow x.x.x.x x.x.x.x (local lan ip) x.x.x.x x.x.x.x (remote lan) ip tunnel t1
exit

ex:
crypto policy p1
 flow 10.1.1.0 255.255.255.0 (local lan ip) 172.16.1.0 255.255.255.0 (remote lan) ip tunnel t1
crypto policy p2
 flow 10.1.1.0 255.255.255.0 (local lan ip) 192.168.1.0 255.255.255.0 (remote lan) ip tunnel t1
exit
crypto policy p3
flow 10.1.1.0 255.255.255.0 (local lan ip) 10.1.1.0 255.255.255.0 (local lan ip ) ip permit


Hope this template will help you in IPSec configuration in Maipu Routers.
Thanks for reading…

For feedback. Plz comment with Name and Mail ID..
Posted by Uttamkumar at 10:23 PM 27 comments
Labels: ,
Subscribe to: Posts (Atom)
Related Posts Plugin for WordPress, Blogger...