[j-nsp] Multihome SRX650 2 default routes

Ben Boyd ben at sinatranetwork.com
Fri Aug 26 10:44:11 EDT 2011


If you install both routes in the forwarding table you'll probably end up
dropping a lot of your traffic.

The SRX is a stateful firewall, so if you sent traffic to one provider and
got it back on another it would drop the traffic.

It would be best to do this in a router or to load balance per prefix with
as path prepending going out and local pref coming in.

Anyway, here's how you would do it, but be careful.

root# show
policy-statement TestLBOut {
    then {
        load-balance per-packet;
    }

}



lroot# show routing-options
forwarding-table {
    export TestLBOut;
}



Thanks,
Ben Boyd
----------------------
Sent from my iPhone

On Aug 25, 2011, at 11:09, Daniel M Daloia Jr <daniel.daloia at yahoo.com>
wrote:

Hi Folks,

Is it possible to install 2 BGP default routes from 2 ISPs to provide load
balancing with an SRX650 cluster? Both ISPs are same speed. I was thinking
this may be possible with importing the routes into inet.0 from separate
virtual routers which have the interfaces facing the 2 ISPs in them, but the
ISP interfaces would have to be in separate security zones which wouldn't
agree with the security policy and NAT. Anyone have any ideas or can point
me to some documentation that will help? I suppose I can buy a separate set
of routers to run BGP and use an IGP to load balance, but doing it with the
single cluster would be nice.

Thanks!
_______________________________________________
juniper-nsp mailing list juniper-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp


More information about the juniper-nsp mailing list