Follow

How do GRE Tunnel Load Balancing and Route Preferencing work?

Question

  • How does GRE Tunnel Load Balancing work?
  • How does GRE Tunnel Route Preferencing work?

Environment 

  • Silverline DDoS
    • Routed
    • GRE Tunnels

Answer

Load Balancing

Silverline requires 2 GRE tunnels per router to ensure redundancy to each of the Silverline scrubbing centers. See: Q&A: Why Do I Need Redundant GRE Tunnels?

Under default configuration, inbound traffic to customer sites does not prefer one GRE tunnel over another.  

  • we have equal preference on the routes
  • we do ECMP (Equal Cost Multipath) routing.

Equal Cost Multi Path (ECMP) routing will ensure load balancing between tunnels so as to not saturate one customer link. 

  • Each packet is hashed based on src-ip, dst-ip and interface-ID, and a path is chosen for that hash from the available routes.
  • Additional incoming packets matching that hash continue to take the same path.
  • Therefore, all traffic for the same TCP connection would be sent down the same tunnel.

 

Route Preferencing

  • If you want to preference one tunnel over the other, such as if you have a primary and backup site (see below diagram). 

GRE.png

In the above diagram, we want to advertise 10.1.1.0/24 from both sites, but ensure that F5 gives preference to the routes received from ‘Customer Primary’. 

 

Route Advertisements & Prefix Lengths

IPv4:

      • IPv4 /29-/32 routes will be accepted into the local Silverline scrubbing center but not propagated outside of the scrubbing center. This means that the smaller/RHI routes advertised between tunnels to the same scrubbing center will be accepted and will thus steer traffic between tunnels terminated in the same scrubbing center in the outbound direction.
      • IPv4 /25-/28 routes will be accepted into the local Silverline scrubbing center and will be propagated through the global Silverline network. But it will not be propagated to our upstream ISP's.
      • IPv4 /8-/24 routes will be accepted into the local Silverline scrubbing center, will be propagated through the global Silverline network, and will be propagated to our upstream ISP's and thus to the global Internet. Only this prefix range will offramp traffic from the global Internet to the Silverline network.

IPv6:

      • IPv6 - /32-/48 routes will be accepted into the local Silverline scrubbing center, will propagate through the global Silverline network, and will be propagated to our upstream ISPs and thus to the global Internet.  Only this prefix range will offramp traffic from the global Internet to the Silverline network.
      • IPv6 - /49-/64 routes will be accepted into the local Silverline scrubbing center and will be propagated through the global Silverline network. But it will not be propagated to our upstream ISP's.
      • IPv6 - /65-/128 routes will be accepted into the local Silverline scrubbing center but not propagated outside of the scrubbing center.  This means that the smaller/RHI routes advertised between tunnels to the same scrubbing center will be accepted and will thus steer traffic between tunnels terminated in the same scrubbing center in the outbound direction.

 

Related Articles

 

Was this article helpful?
3 out of 3 found this helpful
Have more questions? Submit a request