[j-nsp] SRX 650 reth interface load balancing

Doug Hanks dhanks at juniper.net
Wed Mar 16 12:14:31 EDT 2011 

Stefan is spot on regarding the testing method.  You need diverse flows.

The forwarding-table export policy is completely useless in this scenario.  Your FIB should be showing reth0 as the Netif.  Verify that your LACP is working with "show lacp"

If LACP is up, it will handle the hashing of the packets.

Doug 

-----Original Message-----
From: juniper-nsp-bounces at puck.nether.net [mailto:juniper-nsp-bounces at puck.nether.net] On Behalf Of Stefan Fouant
Sent: Wednesday, March 16, 2011 8:35 AM
To: 'Walaa Abdel razzak'; juniper-nsp at puck.nether.net
Subject: Re: [j-nsp] SRX 650 reth interface load balancing

> -----Original Message-----
> From: juniper-nsp-bounces at puck.nether.net [mailto:juniper-nsp-
> bounces at puck.nether.net] On Behalf Of Walaa Abdel razzak
> Sent: Wednesday, March 16, 2011 8:31 AM
> To: juniper-nsp at puck.nether.net
> Subject: [j-nsp] SRX 650 reth interface load balancing
> 
> I tried to verify load balancing on the reth interface for SRX 650
> connected to logical router, but I can see that SRX always use one link
> although we have two physical links between the router and the active
> node and one link between the router and the passive node. I am pinging
> directly from router to the FW. I need to load balance through the
> active links. The configuration is as follows:

How are you testing your load-balancing Walaa?  Because Juniper uses a hash
algorithm such that traffic matching a given set of constraints (Source
Address, Destination Address, Source Port, Dest Port, incoming interface)
will always hash to the same path.

In order to properly evaluate if the load-balancing is working properly, you
really need to simulate a large number of diverse flows.

> And the load balance policy:
> 
> test at FW1# show routing-options
> forwarding-table {
>     export ECMP;
> }
> test at FW1# show policy-options policy-statement ECMP
> term load-balance {
>     then {
>         load-balance per-packet;
>     }
> }

I already mentioned to you previously that you don't need a load-balance
policy to effect load-balancing on a LAG or RETH interface since these types
of interfaces appear to the system as a single logical interface, other
mechanisms apply.  The above configuration is completely unnecessary.

Stefan Fouant, CISSP, JNCIEx2
www.shortestpathfirst.net
GPG Key ID: 0xB4C956EC

_______________________________________________
juniper-nsp mailing list juniper-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

More information about the juniper-nsp mailing list