Load Balancing & Link Failover
Okapi > Traffic engineering > Loadbalance & Failover

Link Failover

 

 The Link Failover feature allows us to make changes to the routing table, when a link fails. Although, all dynamic routing protocols are designed to react to link failures, the Okapi's Link Failover feature is designed keeping in mind the SME environment where we may not want to assume the existence of any peer router running a routing protocol. Okapi(when using Link Failover) just sends ICMP packets to well known hosts(say kritikal.in) using each of the ISP links available to determine if that link is up or down. New routes are inserted or deleted depending on whether that link is up or down. Since, it inserts routes into the routing table, the CLI of Link Failover is somewhat similar to that of other routing protocols.

 

Configuration

If we are getting our network connection from two interfaces, Serial 0 and FastEthernet 0, then we identify the routes to insert, when respective interfaces are up. And, we insert the routes as follows.

For FastEthernet 2 interface

Okapi(config)# router failover FastEthernet 2

Assuming 115.248.142.17 is our ISP's gateway, in case FastEthernet 2.

Okapi(config-router)# ip route 0.0.0.0/0 115.248.142.17 distance 2

A ping address is also specified which will be used to check the health of that interface

Okapi(config-router)# ping-address google.com

 

Okapi(config)# router failover Serial 0

Assuming 122.160.172.1 is our ISP's gateway, in case Serial 0.

Okapi(config-router)# ip route 0.0.0.0/0 122.160.172.1 distance 3

A ping address is also specified which will be used to check the health of that interface

Okapi(config-router)# ping-address kritikalsolutions.com

 
Please note that the administrative distances of the two routes are 2 and 3 respectivaly, in short not equal. This means that when both the interfaces are up, we prefer to use FastEthernet 2.

 

The distances, can be made equal, in which case all the traffic starts getting split between the two interfaces. This is what we call load balancing. Unfortunately, this does not go well with some applications and configurations and should be implemented carefully.

 

Load Balancing

 

Suppose you have two internet connections in your network. The Load balance feature allows you to define weights with which the outgoing traffic would be divided into these two interfaces, so that the load could be effectively shared among them. If the weights are not specified then the traffic is equally shared by the interfaces. We use the well known "ip route" command to define such multi path routes.

 

Configuration

 

For defining a default route such that the traffic is divided in the ratio of 1:2 between two interfaces with nexthop addresses of 115.248.142.17 and 122.160.172.1):

(config)# ip route 0.0.0.0/0 115.248.142.17 weight 2

(config)# ip route 0.0.0.0/0 122.160.172.1 weight 1

 The above routes are just like any other static routes. They can also be created using Link Failover.

 

Link Failover, Load Balancing and Exceptions

 

 Load Balancing, as implemented above, can sometimes cause network problems.

  1. Applications running on the same router
    1. Some applications like openvpn, when running on Okapi, like to know the IP address to use, when sending out packets. If IP1 is used to send the outgoing packet, but if it gets sent out of the interface IF2, then it may not be routed by ISP2.This is actually a routing issue, because, ISP2 should know that IP1 is reachable through IP2, but as we will see, it is not necessary to install routes in ISP routers for getting our Load Balancing working. 
  2. DMZ services
    1. Sometimes, we want some of the DMZ services, hosted inside local network to be always routed through only one of the external interfaces. The load balancing as defined above can cause problems in those cases.

To support exceptions to load balancing(with or without Failover), we need to use multiple routing tables. Multiple routing tables help us implement different routing rules for different classes of traffic. The steps are as follows.

  1. Define access lists one each corresponding to a category of the exceptional traffic.

    1. Okapi(config)# access-list 124 sequence 10 permit tcp host 10.20.50.7 any

    2. Okapi(config)# access-list 125 sequence 10 permit tcp host 10.20.50.8 any

  2. Define a route-map, which will direct the traffic corresponding to each access list defined above into a different routing table.

    1. Okapi(config)# route-map poleth2 permit 5

    2. Okapi(config-route-map)# match ip address 124

    3. Okapi(config-route-map)# set table 12

    4. Okapi(config)# route-map poleth2 permit 6

    5. Okapi(config-route-map)# match ip address 125

    6. Okapi(config-route-map)# set table 13

  3. Install that route-map on the incoming interface.

    1. Okapi(config)# interface FastEthernet 1

    2. Okapi(config-if-eth)# ip policy route-map poleth2

  4. For load balancing "without" failover, install appropriate static default routes into each of the routing tables.

    1. Okapi(config)# ip route 0.0.0.0/0 ... table 12

    2. Okapi(config)# ip route 0.0.0.0/0 ... table 13

  5. For load balancing "with" failover, install appropriate failover default routes under failover.

    1. Okapi(config)# router failover fastethernet 2

    2. Okapi(config-router)# ip route 0.0.0.0/0 ... table 12

    3. Okapi(config-router)# exit

    4. Okapi(config)# router failover serial 0

    5. Okapi(config-router)# ip route 0.0.0.0/0 ... table 13

    6. Okapi(config-router)# exit

    7. Okapi(config)# exit