[j-nsp] Broken Per-Flow load sharing

Serge Vautour sergevautour at yahoo.ca
Fri Aug 21 14:53:25 EDT 2009 

For anyone curious, Juniper seems to have 3 ways to solve this problem:

http://www.juniper.net/techpubs/software/junos/junos93/swconfig-policy/configuring-per-flow-load-balancing-information.html#id-11352490

I can't say I understand all 3 (docs are a bit vague). We implemented the first and it worked perfectly:

[edit forwarding-options hash-key]
family inet {
  layer-3;
  layer-4;
}

Serge



----- Original Message ----
From: Serge Vautour <sergevautour at yahoo.ca>
To: juniper-nsp at puck.nether.net
Sent: Thursday, August 20, 2009 11:44:25 AM
Subject: [j-nsp] Broken Per-Flow load sharing

Hello,

We have several M320s & T640s in our network running 8.5R4.3. They are all configured for per-flow load sharing:

RouterA> show configuration routing-options forwarding-table 
export perDestinationLoadBalance;

RouterA> show configuration policy-options policy-statement perDestinationLoadBalance 
/* Policy exported against forwarding-table configuration to ensure per-flow-destination load balance */
then {
    load-balance per-packet;
}


The routers have 2x 10GEs via switches to reach Aggregation routers. OSPF sees 2 equal cost paths to the BGP next hops and splits the traffic across the links. This has been working fine for a few years (it worked on 8.2 as well). 

We recently upgraded to 9.3R2.8 and load sharing is no longer working:

RouterA> show interfaces xe-1/0/0 detail | match "Output packets.*pps"    
   Output packets:              6183879                    7 pps
     Output packets:                    0                    0 pps
     Output packets:                52542                    6 pps
     Output packets:                19279                    0 pps
     Output packets:                 3134                    0 pps
     Output packets:                    0                    0 pps

RouterA> show interfaces xe-2/0/0 detail | match "Output packets.*pps"    
   Output packets:         285078265156               228705 pps
     Output packets:                    0                    0 pps
     Output packets:         280511288646               221803 pps
     Output packets:           4118406919                 6075 pps
     Output packets:            442607080                  894 pps
     Output packets:                    0                    0 pps

The first "Output" line is the 10GE aggregate. The other output lines are the VLANs on the 10GE. Note that the xe-1/0/0 interface has next to 0 pps on output!! We have upgraded two M320s and they are both showing the same problem.

My guess is that the per-flow load balancing hash has changed in the newer release. The 9.3 manual talks about setting something like this:

[edit forwarding-options hash-key]
family inet {
  layer-3;
  layer-4;
}

But it's a bit unclear as to what happens if it isn't set. Can anyone confirm that this will restore per-flow load sharing?

Any help would be appreciated. 

Thanks,
Serge


      __________________________________________________________________
Looking for the perfect gift? Give the gift of Flickr! 

http://www.flickr.com/gift/
_______________________________________________
juniper-nsp mailing list juniper-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp



      __________________________________________________________________
The new Internet Explorer® 8 - Faster, safer, easier.  Optimized for Yahoo!  Get it Now for Free! at http://downloads.yahoo.com/ca/internetexplorer/

More information about the juniper-nsp mailing list