Symmetric load balancing

Symmetric load balancing is a mechanism of interchanging the source and destination addresses to ensure that bidirectional traffic specific to a particular source and destination address pair flows out of the same member of a trunk group.

NOTE
Symmetric load balancing is not supported on non-IP data traffic.

For many monitoring and security applications, bidirectional conversations flowing through the system must be carried on the same port of a LAG. For network telemetry applications, network traffic is tapped and sent to a Brocade device, which can hash selected traffic to the application servers' downstream. Each server analyzes the bidirectional conversations. Therefore, the Brocade devices must enable symmetric load balancing to accomplish bidirectional conversations. In addition, the firewall between the Brocade devices can be configured to allow the bidirectional conversations per link of the LAG. These network telemetry applications also require symmetric load balancing on the LAGs between the Brocade devices.

NOTE
Symmetric load balancing is supported on Brocade ICX 7750, Brocade ICX 7450, and Brocade ICX 7250 devices only.
Figure 24  Symmetric load balancing

NOTE
Symmetric load balancing can also be used in case of Equal-cost multi-path routing (ECMP) where the same next hop is selected for bidirectional conversation.

You can enable symmetric load balancing for IPv4 and IPv6 data traffic on Brocade FastIron devices using the load-balance symmetric command.

Run the show running-config command to check if symmetric load balancing is enabled.

NOTE
Symmetric load balancing is a system level configuration and may affect load sharing among LAG members as compared to non-symmetric load balancing and the ECMP next hop load sharing by not fairly utilizing all the LAG links. It might also affect load sharing within a stack trunk in case of broadcast, unknown unicast, and multicast (BUM) traffic where the user may not see all the stack trunk member links getting fairly utilized.
Table 9 Fields used for hash calculation based on packet types
Packet type Hashing field Is symmetric load balancing supported on Brocade ICX 7xxx platforms?
Non-IP packets Source MAC address and destination MAC address No
IPv4/ IPv6 packets SIP, DIP, protocol type, and Layer 4 source or destination ports (only if non-fragmented packet) Yes
TCP/ UDP packets SIP, DIP, protocol type, and Layer 4 source or destination ports (only if non-fragmented packet) Yes
IP-in-IP tunnel/GRE packets Layer 4 source or destination ports (only if non-fragmented packet), SIP, DIP, and protocol type from the inner IP payload Yes

Use case: Deploying Brocade ICX 7750 as a traffic splitter in a DPI solution

Figure 25  Symmetric load balancing in Brocade ICX 7750

Production network: Traffic flowing in the production network is mirrored onto a few ports that connect to the monitoring network.

Monitoring network: In the monitoring network, Brocade ICX 7750 is deployed as a traffic splitter. There are multiple servers hosting the DPI application and connected to Brocade ICX 7750. All monitored traffic is transparently flooded onto the VLAN and is load-balanced among the outgoing ports connected to the DPI pool.
NOTE
For our analysis, we assume that the bidirectional traffic pertaining to the same SIP-DIP pair and/ or same layer 4 source/destination pair should go to the same DPI (connected to one of the LAG port).

After enabling symmetric load balancing, Flow X upstream traffic (with SIP as 1.1.1.1, DIP as 2.2.2.2, layer 4 source port as 3927, layer 4 destination port as 80) and Flow X downstream traffic (with SIP as 2.2.2.2, DIP as 1.1.1.1, layer 4 source port as 80, layer 4 destination port as 3927) will hash to the same member link of the LAG resulting in the bidirectional conversation going to the same DPI pool.

Parent topic: Link Aggregation Group