[j-nsp] Multihome SRX650 2 default routes
Scott T. Cameron
routehero at gmail.com
Fri Aug 26 11:05:02 EDT 2011
No, that's really not the case.
As long as you have the two external interfaces in the same security zone,
it will not drop traffic simply because BGP is sending traffic in different
directions.
Scott
On Fri, Aug 26, 2011 at 10:44 AM, Ben Boyd <ben at sinatranetwork.com> wrote:
> If you install both routes in the forwarding table you'll probably end up
> dropping a lot of your traffic.
>
> The SRX is a stateful firewall, so if you sent traffic to one provider and
> got it back on another it would drop the traffic.
>
> It would be best to do this in a router or to load balance per prefix with
> as path prepending going out and local pref coming in.
>
> Anyway, here's how you would do it, but be careful.
>
> root# show
> policy-statement TestLBOut {
> then {
> load-balance per-packet;
> }
>
> }
>
>
>
> lroot# show routing-options
> forwarding-table {
> export TestLBOut;
> }
>
>
>
> Thanks,
> Ben Boyd
> ----------------------
> Sent from my iPhone
>
> On Aug 25, 2011, at 11:09, Daniel M Daloia Jr <daniel.daloia at yahoo.com>
> wrote:
>
> Hi Folks,
>
> Is it possible to install 2 BGP default routes from 2 ISPs to provide load
> balancing with an SRX650 cluster? Both ISPs are same speed. I was thinking
> this may be possible with importing the routes into inet.0 from separate
> virtual routers which have the interfaces facing the 2 ISPs in them, but
> the
> ISP interfaces would have to be in separate security zones which wouldn't
> agree with the security policy and NAT. Anyone have any ideas or can point
> me to some documentation that will help? I suppose I can buy a separate set
> of routers to run BGP and use an IGP to load balance, but doing it with the
> single cluster would be nice.
>
> Thanks!
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>
More information about the juniper-nsp
mailing list