[j-nsp] Broken Per-Flow load sharing

Andy alamontagne at gmail.com
Fri Aug 21 17:12:11 EDT 2009


Hey Serge,

The default behavior is to look at layer-3 info only.  The option you
configured below add the layer-4 information to the hash.

Starting in JUNOS 9.5, for MX routers with layer-2 links and link
aggregation, there are more options.  In addition to:

[edit forwarding options hash key]
family inet

there is also:

[edit forwarding options hash key]
family multiservice

http://www.juniper.net/techpubs/software/junos/junos95/swconfig-layer-2/id-load-link-sec.html

This is used to layer-2 links can also "look at" the layer-3 and layer-4
information.

Cheers,

-Andy



On Fri, Aug 21, 2009 at 2:53 PM, Serge Vautour <sergevautour at yahoo.ca>wrote:

> For anyone curious, Juniper seems to have 3 ways to solve this problem:
>
>
> http://www.juniper.net/techpubs/software/junos/junos93/swconfig-policy/configuring-per-flow-load-balancing-information.html#id-11352490
>
> I can't say I understand all 3 (docs are a bit vague). We implemented the
> first and it worked perfectly:
>
> [edit forwarding-options hash-key]
> family inet {
>  layer-3;
>  layer-4;
> }
>
> Serge
>
>
>
> ----- Original Message ----
> From: Serge Vautour <sergevautour at yahoo.ca>
> To: juniper-nsp at puck.nether.net
> Sent: Thursday, August 20, 2009 11:44:25 AM
> Subject: [j-nsp] Broken Per-Flow load sharing
>
> Hello,
>
> We have several M320s & T640s in our network running 8.5R4.3. They are all
> configured for per-flow load sharing:
>
> RouterA> show configuration routing-options forwarding-table
> export perDestinationLoadBalance;
>
> RouterA> show configuration policy-options policy-statement
> perDestinationLoadBalance
> /* Policy exported against forwarding-table configuration to ensure
> per-flow-destination load balance */
> then {
>    load-balance per-packet;
> }
>
>
> The routers have 2x 10GEs via switches to reach Aggregation routers. OSPF
> sees 2 equal cost paths to the BGP next hops and splits the traffic across
> the links. This has been working fine for a few years (it worked on 8.2 as
> well).
>
> We recently upgraded to 9.3R2.8 and load sharing is no longer working:
>
> RouterA> show interfaces xe-1/0/0 detail | match "Output packets.*pps"
>   Output packets:              6183879                    7 pps
>     Output packets:                    0                    0 pps
>     Output packets:                52542                    6 pps
>     Output packets:                19279                    0 pps
>     Output packets:                 3134                    0 pps
>     Output packets:                    0                    0 pps
>
> RouterA> show interfaces xe-2/0/0 detail | match "Output packets.*pps"
>   Output packets:         285078265156               228705 pps
>     Output packets:                    0                    0 pps
>     Output packets:         280511288646               221803 pps
>     Output packets:           4118406919                 6075 pps
>     Output packets:            442607080                  894 pps
>     Output packets:                    0                    0 pps
>
> The first "Output" line is the 10GE aggregate. The other output lines are
> the VLANs on the 10GE. Note that the xe-1/0/0 interface has next to 0 pps on
> output!! We have upgraded two M320s and they are both showing the same
> problem.
>
> My guess is that the per-flow load balancing hash has changed in the newer
> release. The 9.3 manual talks about setting something like this:
>
> [edit forwarding-options hash-key]
> family inet {
>  layer-3;
>  layer-4;
> }
>
> But it's a bit unclear as to what happens if it isn't set. Can anyone
> confirm that this will restore per-flow load sharing?
>
> Any help would be appreciated.
>
> Thanks,
> Serge
>
>
>      __________________________________________________________________
> Looking for the perfect gift? Give the gift of Flickr!
>
> http://www.flickr.com/gift/
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>
>
>
>      __________________________________________________________________
> The new Internet Explorer® 8 - Faster, safer, easier.  Optimized for Yahoo!
>  Get it Now for Free! at http://downloads.yahoo.com/ca/internetexplorer/
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>


More information about the juniper-nsp mailing list