Security

Reply
Highlighted
Occasional Contributor II

Re: Multiple Internet bearers supporting one guest VLAN

Splitting the outbound traffic with static routes will work, but I was hoping that by some form of "round robin" MAC recognition driving the distribution, I could get the first client  (MAC Address) on the first bearer, second client (MAC address) on second bearer, third client on first bearer and so on, so that loading was "leveled out".

 

I can achieve something similar by not spliting the subnet into two parts, but into many parts , so for instance the first 62 clients (/26) go to bearer 1, then the next 62 go to beaer 2, then the next 62 go to bearer 1, etc. but on a large Guest subnet, that makes for a lot of static routes.

 

It's a suggestion that will work, and that I will use if there are no "smarts" in the controller to do it more elegantly....Aruba, please note, if this is not possible now, how about a future feature!

 

Thanks

 

Jim

Highlighted
Moderator

Re: Multiple Internet bearers supporting one guest VLAN

presuming the WLC is the router for the clients, can you not just use ECMP to solve this ? If you have two default routes then any given 5 tuple flow will always hash to the same egress path thus preserving the public IP after the NAT.

View solution in original post

Highlighted
Occasional Contributor II

Re: Multiple Internet bearers supporting one guest VLAN

The network topology will be WLC trunk-to-CoreSwitch (Cisco 9500)-to-multiple ISP routers-to-Internet. At this stage, I hadn't considered a L3 component between the WLC and the egress routers, and I'm unclear about what changes would be needed for ECMP to work...can you suggest details?
Highlighted
Moderator

Re: Multiple Internet bearers supporting one guest VLAN

first can I ask if the two isp links are conncted to your c9500 core, and if that device is also the default gw for the guest clients, can it not be setup to do ecmp for the default route ?

 

yes you could bring the L3 connection back to the WLC but that also means you need to bring the 2 x ISP links back to the WLC too (which i admit is what i thought was the case originally, now i see they are connected to the c9500

 

 

Highlighted
Occasional Contributor II

Re: Multiple Internet bearers supporting one guest VLAN

The topology is functionally as you say. Even if it was not, this is a new network to replace the existing one, so I have freedom to do what is needed. Reason I was not considering L3 was primarily because I didn't want to rely on the ISPs CPE routers participating in L3, but it's looking like it may be the better option. Whatever, you have broken me out of the restrictions of thinking L2 only, so thanks for that.
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: