Symmetric load balancing
Symmetric load balancing is a mechanism of interchanging the source and destination addresses to ensure that bidirectional traffic specific to a particular source and destination address pair flows out of the same member of a trunk group.
For many monitoring and security applications, bidirectional conversations flowing through the system must be carried on the same port of a LAG. For network telemetry applications, network traffic is tapped and sent to a Brocade device, which can hash selected traffic to the application servers' downstream. Each server analyzes the bidirectional conversations. Therefore, the Brocade devices must enable symmetric load balancing to accomplish bidirectional conversations. In addition, the firewall between the Brocade devices can be configured to allow the bidirectional conversations per link of the LAG. These network telemetry applications also require symmetric load balancing on the LAGs between the Brocade devices.
You can enable symmetric load balancing for IPv4 and IPv6 data traffic on Brocade FastIron devices using the load-balance symmetric command.
Run the show running-config command to check if symmetric load balancing is enabled.
Packet type | Hashing field | Is symmetric load balancing supported on Brocade ICX 7xxx platforms? |
---|---|---|
Non-IP packets | Source MAC address and destination MAC address | No |
IPv4/ IPv6 packets | SIP, DIP, protocol type, and Layer 4 source or destination ports (only if non-fragmented packet) | Yes |
TCP/ UDP packets | SIP, DIP, protocol type, and Layer 4 source or destination ports (only if non-fragmented packet) | Yes |
IP-in-IP tunnel/GRE packets | Layer 4 source or destination ports (only if non-fragmented packet), SIP, DIP, and protocol type from the inner IP payload | Yes |
Use case: Deploying Brocade ICX 7750 as a traffic splitter in a DPI solution
Production network: Traffic flowing in the production network is mirrored onto a few ports that connect to the monitoring network.
After enabling symmetric load balancing, Flow X upstream traffic (with SIP as 1.1.1.1, DIP as 2.2.2.2, layer 4 source port as 3927, layer 4 destination port as 80) and Flow X downstream traffic (with SIP as 2.2.2.2, DIP as 1.1.1.1, layer 4 source port as 80, layer 4 destination port as 3927) will hash to the same member link of the LAG resulting in the bidirectional conversation going to the same DPI pool.