Load Balancing Application Flows Using Deep Packet Inspection Algorithm

The Deep Packet Inspection (DPI) algorithm helps in identification of application flows to facilitate detailed inspection of packets. The DPI algorithm deeply inspects the packets and therefore helps the service provider identify efficient ways to share bandwidth among parallel ethernet interfaces.

Finding Feature Information

Your software release may not support all the features documented in this module. For the latest caveats and feature information, see Bug Search Tool and the release notes for your platform and software release. To find information about the features documented in this module, and to see a list of the releases in which each feature is supported, see the feature information table.

Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to https://cfnng.cisco.com/. An account on Cisco.com is not required.

Information About Load Balancing Using Deep Packet Inspection Algorithm

Packet Inspection and Identification Using Hash Value

The DPI algorithm performs deep inspection of packets to generate a unique hash value that helps in identification of packets that flow into parallel links. This helps in effective sharing of bandwidth among subscribers.

Note


The packet inspection is done for both IPv4 and IPv6 traffic. If the traffic is of type PPoE, then enabling the DPI algorithm performs load balancing of the PPPoE traffic as well.

Preserve Key Control Configuration

If you choose to remove the DPI configurations, you can do that using the command no port-channel load-balance-hash-algo dpi algorithm command. This will remove all the DPI tunnel and key-control configurations.

Support for Tunnel and Tunnel-Less Packets

The DPI algorithm is supported for the following tunnels:

  • GRE

  • IPsec

  • IPinIP

  • VxLAN

  • In addition to supporting the above mentioned tunnels, DPI can also be performed for tunnel-less packets using port-channel load-balance-hash-algo dpi key-control default command.

    When you configure load balancing using DPI you can specify a specific tunnel using the port-channel load-balance-hash-algo dpi algorithm <tunnel-name> command. If you prefer to configure DPI for all the tunnels, use the port-channel load-balance-hash-algo dpi algorithm command without a tunnel name. This configures DPI for all the tunnels and port-channels.

Figure 1. Configuring Load Balancing Using DPI

Key-Control Parameters for Hashing at Granular Level

You can configure the key-control parameters required for calculating the hash value for packets of a specific tunnel. These key-control parameters help you define load balancing at a granular level for all the active links.

Type of Tunnel

Key-Control Parameter Set 1

Key-Control Parameter Set 2

Key-Control Parameter Set 3

Key-Control Parameter 4

default

outer-dst-ip

outer-src-dst-ip

outer-src-ip

ignore-outer-port

outer-dst-port

outer-src-dst-port

outer-src-port

tunnel-ipinip

outer-dst-ip

outer-src-dst-ip

outer-src-ip

ignore-inner-ip

inner-dst-ip

inner-src-dst-ip

inner-src-ip

inner-dst-ip

inner-src-dst-ip

inner-src-ip

ignore-inner-port

inner-dst-port

inner-src-dst-port

inner-src-port

inner-dst-port

inner-src-dst-port

inner-src-port

tunnel-gre

outer-dst-ip

outer-src-dst-ip

outer-src-ip

ignore-inner-ip

inner-dst-ip

inner-src-dst-ip

inner-src-ip

ignore-inner-port

inner-dst-port

inner-src-dst-port

inner-src-port

tunnel-ipsec

ignore-outer-ip

outer-dst-ip

outer-src-dst-ip

outer-src-ip

tunnel-vxlan

ignore-outer-ip

outer-dst-ip

outer-src-dst-ip

outer-src-ip

ignore-outer-port

outer-dst-port

outer-src-dst-port

outer-src-port

ignore-inner-mac

inner-dst-mac

inner-src-dst-mac

inner-src-mac

ignore-inner-vlan

inner-vlan

tunnel-l2tp

ignore-outer-ip

outer-dst-ip

outer-src-dst-ip

outer-src-ip

ignore-outer-port

outer-dst-port

outer-src-dst-port

outer-src-port

ignore-inner-ip

inner-dst-ip

inner-src-dst-ip

inner-src-ip

ignore-inner-port

inner-dst-port

inner-src-dst-port

inner-src-port

Default Key-Control Parameters for Tunnels

It is optional to have key-control parameters configured for the tunnels or tunnel-less traffic. If key-control parameters are not configured, default key-control parameters are applied for both tunnel and tunnel-less traffic.

Table 1.

Type of Tunnel

Default Key-Control Parameter Set 1

Default Key-Control Parameter Set 2

Default Key-Control Parameter Set 3

Default Key-Control Parameter Set 4

default

outer-dst-ip

ignore-outer-port

tunnel-ipinip

outer-dst-ip

ignore-inner-ip

ignore-inner-port

tunnel-gre

outer-src-dst-ip

ignore-inner-ip

ignore-inner-port

tunnel-ipsec

ignore-outer-ip

tunnel-vxlan

ignore-outer-ip

ignore-outer-port

ignore-inner-mac

ignore-inner-vlan

tunnel-l2tp

ignore-outer-ip

ignore-outer-port

ignore-inner-ip

ignore-inner-port

How to Configure Load Balancing Using Deep Packet Inspection

Configuring Load Balancing Using Deep Packet Inspection for Tunnel-Based Flow

enable
configure terminal
port-channel load-balance-hash-algo dpi algorithm <tunnelname>
port-channel load-balance-hash-algo dpi key-control <tunnel-name> <key-control variables> 
end

Examples for Configuring Load Balancing Using for Tunnel-Based Flow

Example: Configuring DPI for IPinIP Tunnel
enable
configure terminal
(config)# port-channel load-balance-hash-algorithm dpi tunnel-ipinip
Example: Configuring DPI for IPinIP Tunnel with Key-Control Parameter
enable
configure terminal
(config)# port-channel load-balance-hash-algorithm dpi keycontrol tunnel-ipinip outer-src-dst-ip ignore-inner-ip 
ignore-inner-port
Example: Configuring DPI for GRE Tunnel
enable
configure terminal
port-channel load-balance-hash-algorithm dpi tunnel-gre 
end
Example: Configuring DPI for GRE Tunnel with the Key-Control Parameter
enable
configure terminal
port-channel load-balance-hash-algorithm dpi key-control tunnel-gre outer-src-dst-ip ignore-inner-ip ignore-inner-
port 
end
Example: Configuring DPI for IPsec Tunnel
enable
configure terminal
port-channel load-balance-hash-algorithm dpi tunnel-ipsec 
end
Example: Configuring DPI for IPsec Tunnel with the Key-Control Parameter
enable
configure terminal
port-channel load-balance-hash-algorithm dpi key-control keycontrol tunnel-ipsec ignore-outer-ip 
end

How to Configure Load Balancing Using Deep Packet Inspection

Configuring Load Balancing Using Deep Packet Inspection for Tunnel-Less Packets

enable
configure terminal
port-channel load-balance-hash-algorithm dpi key-control default  <key-control variables> 
end

Examples for Configuring Load Balancing Using for Tunnel-Less Packets

Example: Configuring DPI for Load Balancing Tunnel-Less Packets
enable
configure terminal
port-channel load-balance-hash-algorithm dpi key-control default  outer-src-dst-ip ignore-outer-port 
end

Verifying DPI for Tunnel-Based and Tunnel-Less Packets

Use the show etherchannel load-balancing command to verify that load balancing configuration is successful

Router# show etherchannel load-balancing
EtherChannel Load-Balancing Method:
Global LB Method: flow-based
LB Algo type: Deep packet inspection
Enabled Tunnel Types and Associated Key-Controls
tunnel-ipinip outer-src-dst-ip inner-src-dst-ip innersrc-
dst-port
default outer-src-dst-ip ignore-outer-port
Port-Channel: LB Method
Port-channel1 : flow-based (Deep
packet inspection)

Additional References

Related Documents

Related Topic

Document Title

Cisco IOS commands

Cisco IOS Master Commands List, All Releases

MIBs

MIB

MIBs Link

No new or modified MIBs are supported by this feature, and support for existing MIBs has not been modified by this feature.

To locate and download MIBs for selected platforms, Cisco IOS releases, and feature sets, use Cisco MIB Locator found at the following URL:

http://www.cisco.com/go/mibs

Technical Assistance

Description

Link

The Cisco Support and Documentation website provides online resources to download documentation, software, and tools. Use these resources to install and configure the software and to troubleshoot and resolve technical issues with Cisco products and technologies. Access to most tools on the Cisco Support and Documentation website requires a Cisco.com user ID and password.

http://www.cisco.com/cisco/web/support/index.html

Feature Information for Load Balancing with DPI Algorithm

The following table provides release information about the feature or features described in this module. This table lists only the software release that introduced support for a given feature in a given software release train. Unless noted otherwise, subsequent releases of that software release train also support that feature.

Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/go/cfn. An account on Cisco.com is not required.
Table 2. Feature Information for Load Balancing Using DPI Algorithm

Feature Name

Releases

Feature Information

Load Balancing Application Flows Using Deep Packet Inspection

Cisco IOS XE Gibraltar 16.10.1.

The Deep Packet Inspection (DPI)

helps in identification of application flows to facilitate detailed inspection of packets. The DPI algorithm deeply inspects the packets and therefore helps the service provider identify efficient ways to share bandwidth among parallel Ethernet interfaces.

The following commands were modified:

port-channel load-balance-hash-algorithm dpi algorithm. .

port-channel load-balance-hash-algorithm dpi key-control. .