[j-nsp] Broken Per-Flow load sharing

Serge Vautour sergevautour at yahoo.ca
Thu Aug 20 10:44:25 EDT 2009 

Hello,

We have several M320s & T640s in our network running 8.5R4.3. They are all configured for per-flow load sharing:

RouterA> show configuration routing-options forwarding-table 
export perDestinationLoadBalance;

RouterA> show configuration policy-options policy-statement perDestinationLoadBalance 
/* Policy exported against forwarding-table configuration to ensure per-flow-destination load balance */
then {
    load-balance per-packet;
}


The routers have 2x 10GEs via switches to reach Aggregation routers. OSPF sees 2 equal cost paths to the BGP next hops and splits the traffic across the links. This has been working fine for a few years (it worked on 8.2 as well). 

We recently upgraded to 9.3R2.8 and load sharing is no longer working:

RouterA> show interfaces xe-1/0/0 detail | match "Output packets.*pps"    
   Output packets:              6183879                    7 pps
     Output packets:                    0                    0 pps
     Output packets:                52542                    6 pps
     Output packets:                19279                    0 pps
     Output packets:                 3134                    0 pps
     Output packets:                    0                    0 pps

RouterA> show interfaces xe-2/0/0 detail | match "Output packets.*pps"    
   Output packets:         285078265156               228705 pps
     Output packets:                    0                    0 pps
     Output packets:         280511288646               221803 pps
     Output packets:           4118406919                 6075 pps
     Output packets:            442607080                  894 pps
     Output packets:                    0                    0 pps

The first "Output" line is the 10GE aggregate. The other output lines are the VLANs on the 10GE. Note that the xe-1/0/0 interface has next to 0 pps on output!! We have upgraded two M320s and they are both showing the same problem.

My guess is that the per-flow load balancing hash has changed in the newer release. The 9.3 manual talks about setting something like this:

[edit forwarding-options hash-key]
family inet {
  layer-3;
  layer-4;
}

But it's a bit unclear as to what happens if it isn't set. Can anyone confirm that this will restore per-flow load sharing?

Any help would be appreciated. 

Thanks,
Serge


      __________________________________________________________________
Looking for the perfect gift? Give the gift of Flickr! 

http://www.flickr.com/gift/

More information about the juniper-nsp mailing list