[j-nsp] SRX 650 reth interface load balancing
Stefan Fouant
sfouant at shortestpathfirst.net
Thu Mar 17 08:31:23 EDT 2011
> -----Original Message-----
> From: Walaa Abdel razzak [mailto:walaaez at bmc.com.sa]
> Sent: Thursday, March 17, 2011 2:53 AM
> To: Stefan Fouant; juniper-nsp at puck.nether.net
> Subject: RE: [j-nsp] SRX 650 reth interface load balancing
>
> Hi Stefan
>
> I was testing the load balance by generating two flows through the
> firewall using ping to two different IP's and I was expecting to load
> balance each flow on each link as I am using per-packet approach
> without
> modifying the default has function.
Two ping packets is not enough to effect a load balance across the two
paths, it is very likely that they are indeed hashing to the same path.
Per-packet doesn't apply in this case at all - As we've mentioned several
times now the export load-balance policy you've applied at the forwarding
table is not used in this scenario because the there is only a single
next-hop. The forwarding-table load-balance policy only applies when there
are multiple equal-cost next-hops to reach a given destination.
Also for future reference, with forwarding-table load-balance policy,
"per-packet" really means "per-flow", as Juniper changed the behavior long
ago with the introduction of the IPII processor (once again, just pointing
this out, but it really doesn't apply in this scenario).
Stefan Fouant, CISSP, JNCIEx2
www.shortestpathfirst.net
GPG Key ID: 0xB4C956EC
More information about the juniper-nsp
mailing list