[j-nsp] SRX as a server load balancer for service redundancy?

Scott T. Cameron routehero at gmail.com
Wed Aug 15 12:59:34 EDT 2012


On Wed, Aug 15, 2012 at 12:53 PM, joel jaeggli <joelja at bogus.com> wrote:

> On 8/15/12 9:34 AM, Scott T. Cameron wrote:
>
>> The SRX isn't a loadbalancer.
>>
>> Use something sensible like haproxy, nginx, etc.
>>
> We do layer 3 ecmp in front of our load balancer tier and I imagine that
> would be fairly straight forward to implement with an srx. each destination
> to be load balanced to  is available via several nexthops, in this case the
> destinations are advertised using a ebgp session originating from a private
> ASN.
>
> This approach doesn't deal with application health checks or asymmetric
> load balancing but you can take a destination out of the rotation by
> withdrawing the routes and if the bgp session drops that happens
> automatically. l3+l4 hash per flow load balancing is stateless but sticky.
> it can be implemented on more than one device.
>
> I'm generally down on the idea of putting a stateful firewall in front of
> a service that accepts unsolicited incoming connections, it will tend to be
> the least scalable item in the path.


You might consider using a DNS server that supports health checking to
support your objective.

gdnsd supports simple failovers, health checks, multiple or single A record
returns, and geo targetting.

Scott


More information about the juniper-nsp mailing list