[j-nsp] SRX as a server load balancer for service redundancy?

joel jaeggli joelja at bogus.com
Wed Aug 15 12:53:07 EDT 2012 

On 8/15/12 9:34 AM, Scott T. Cameron wrote:
> The SRX isn't a loadbalancer.
>
> Use something sensible like haproxy, nginx, etc.
We do layer 3 ecmp in front of our load balancer tier and I imagine that 
would be fairly straight forward to implement with an srx. each 
destination to be load balanced to  is available via several nexthops, 
in this case the destinations are advertised using a ebgp session 
originating from a private ASN.

This approach doesn't deal with application health checks or asymmetric 
load balancing but you can take a destination out of the rotation by 
withdrawing the routes and if the bgp session drops that happens 
automatically. l3+l4 hash per flow load balancing is stateless but 
sticky. it can be implemented on more than one device.

I'm generally down on the idea of putting a stateful firewall in front 
of a service that accepts unsolicited incoming connections, it will tend 
to be the least scalable item in the path.


> Scott
>
> On Wed, Aug 15, 2012 at 12:07 PM, OBrien, Will <ObrienH at missouri.edu> wrote:
>
>> I'm wondering if I can do a simple server load balancer using a SRX.
>>
>> Example:
>> Server A offers up service on port xxxx.
>>
>> Server B has the same service.
>>
>> If Server A goes offline, send traffic over to server B.
>> Resume when Server A becomes available again.
>>
>>
>>
>> One thought is to use something like track-ip to push a static nat mapping
>> around.
>> Ideally, I'd love to monitor the port.
>>
>> Ideas or examples? This is really just for failover, rather than load
>> balancing.
>>
>>
>> I suppose I could monitor the service from a control machine and have a
>> script execute a configuration change if the service becomes unreachable.
>> I'd prefer it if the entire process were managed from the SRX.
>>
>> (In this case it's a pair of clustered SRX 210s.)
>>
>> Will
>> _______________________________________________
>> juniper-nsp mailing list juniper-nsp at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/juniper-nsp
>>
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>

More information about the juniper-nsp mailing list