Category Archives: Howto

Simple L2/L3 Load Balancing with a Cisco L3 Switch

Thanks to Tony Kapela for a cool load balancing technique that can be executed on a Cisco L3 Switch. The specific switch in this example is a Cisco 3550 running IOS version c3550-ipservicesk9-mz.122-35.SE. This should work on most current routing platforms (apparently including l3 switches).

The 3550 edge switch, to which the webserver is directly attached, has two discrete L2/L3 Fast Ethernet connections to the webserver. The webservers incoming traffic is automatically balanced across the two links/paths. This is accomplished with two static routes that point to a single IP ‘loopback’ on the webserver however they have different next hop addresses that correspond to the IP addresses of the two NICs on the far side of the transit network. The web (or whatever) service is then bound to the ‘loopback’ address on the server and incoming traffic is routed up to that address appropriately. He then uses RTR (Response Time Reporter) on the edge 3550 to monitor the service availability using each discrete path. If a service becomes unresponsive above a certain threshold over one of the discrete paths, he takes the route down. Check out the config below. Assume we have a webserver that’s configured with it’s web service bound to 10.0.0.78 and it’s two NIC cards with 10.0.0.74 and 10.0.0.75, respectively. The webserver’s default gateway would be 10.0.0.73.

The actual interfaces on the switch

interface FastEthernet0/30
description [cust][fa0/30][vlan600][LoadBalance Server - Link A]
switchport access vlan 600
switchport mode access
load-interval 30
mls qos trust dscp
spanning-tree portfast
!
interface FastEthernet0/31
description [cust][fa0/31][vlan600][LoadBalance Server - Link B]
switchport access vlan 600
switchport mode access
load-interval 30
mls qos trust dscp
spanning-tree portfast
interface Vlan600
description [vlan600][LoadBalance Webserver]
ip address 10.0.0.73 255.255.255.248
no ip redirects
no ip unreachables
no ip proxy-arp

Identify what to look at with RTR
rtr logging traps

rtr 10
type tcpConnect dest-ipaddr 10.0.0.74 dest-port 80 control disable
timeout 10000
owner loadbal-srv-a
rtr schedule 10 life forever start-time now

rtr 11
type tcpConnect dest-ipaddr 10.0.0.74 dest-port 3306 control disable
timeout 10000
owner loadbal-srv-a
rtr schedule 11 life forever start-time now

rtr 20
type tcpConnect dest-ipaddr 10.0.0.75 dest-port 80 control disable
timeout 10000
owner loadbal-srv-b
rtr schedule 20 life forever start-time now

rtr 21
type tcpConnect dest-ipaddr 10.0.0.75 dest-port 3306 control disable
timeout 10000
owner loadbal-srv-b
rtr schedule 21 life forever start-time now

Specify the track objects

track 10 rtr 10
!
track 11 rtr 11
!
track 20 rtr 20
!
track 21 rtr 21

Then, if one service is down, take down the whole track object
track 1 list threshold percentage
object 10
object 11
threshold percentage down 99 up 100
!
track 2 list threshold percentage
object 20
object 21
threshold percentage down 99 up 100

And finally, here are the static routes to the loopback on the server
ip route 10.0.0.78 255.255.255.255 10.0.0.74 name Loadbal_svr_a track 1
ip route 10.0.0.78 255.255.255.255 10.0.0.75 name Loadbal_svr_b track 2