[j-nsp] SRX 650 reth interface load balancing

Walaa Abdel razzak walaaez at bmc.com.sa
Thu Mar 17 03:01:44 EDT 2011


Hi Doug

So, do you mean that there is no need to use the export policy on the
forwarding table and the traffic will be load balanced by default using
LACP? I am using this ECMP policy only for this purpose. as per my
knowledge Juniper is not load balancing the traffic by default unless
there is an explicit configured policy.

BR,


-----Original Message-----
From: Doug Hanks [mailto:dhanks at juniper.net] 
Sent: Wednesday, March 16, 2011 7:15 PM
To: Stefan Fouant; Walaa Abdel razzak; juniper-nsp at puck.nether.net
Subject: RE: [j-nsp] SRX 650 reth interface load balancing

Stefan is spot on regarding the testing method.  You need diverse flows.

The forwarding-table export policy is completely useless in this
scenario.  Your FIB should be showing reth0 as the Netif.  Verify that
your LACP is working with "show lacp"

If LACP is up, it will handle the hashing of the packets.

Doug 

-----Original Message-----
From: juniper-nsp-bounces at puck.nether.net
[mailto:juniper-nsp-bounces at puck.nether.net] On Behalf Of Stefan Fouant
Sent: Wednesday, March 16, 2011 8:35 AM
To: 'Walaa Abdel razzak'; juniper-nsp at puck.nether.net
Subject: Re: [j-nsp] SRX 650 reth interface load balancing

> -----Original Message-----
> From: juniper-nsp-bounces at puck.nether.net [mailto:juniper-nsp- 
> bounces at puck.nether.net] On Behalf Of Walaa Abdel razzak
> Sent: Wednesday, March 16, 2011 8:31 AM
> To: juniper-nsp at puck.nether.net
> Subject: [j-nsp] SRX 650 reth interface load balancing
> 
> I tried to verify load balancing on the reth interface for SRX 650 
> connected to logical router, but I can see that SRX always use one 
> link although we have two physical links between the router and the 
> active node and one link between the router and the passive node. I am

> pinging directly from router to the FW. I need to load balance through

> the active links. The configuration is as follows:

How are you testing your load-balancing Walaa?  Because Juniper uses a
hash algorithm such that traffic matching a given set of constraints
(Source Address, Destination Address, Source Port, Dest Port, incoming
interface) will always hash to the same path.

In order to properly evaluate if the load-balancing is working properly,
you really need to simulate a large number of diverse flows.

> And the load balance policy:
> 
> test at FW1# show routing-options
> forwarding-table {
>     export ECMP;
> }
> test at FW1# show policy-options policy-statement ECMP term load-balance 
> {
>     then {
>         load-balance per-packet;
>     }
> }

I already mentioned to you previously that you don't need a load-balance
policy to effect load-balancing on a LAG or RETH interface since these
types of interfaces appear to the system as a single logical interface,
other mechanisms apply.  The above configuration is completely
unnecessary.

Stefan Fouant, CISSP, JNCIEx2
www.shortestpathfirst.net
GPG Key ID: 0xB4C956EC

_______________________________________________
juniper-nsp mailing list juniper-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp



More information about the juniper-nsp mailing list