[j-nsp] Load Balancing on 2x MSPIC 100 for NAT
Павел Лунин
plunin at senetsy.ru
Mon Jan 16 03:03:20 EST 2012
> 5) Create the service-filters:
>
> set firewall family inet service-filter SS_PART1_FILTER term part1 from
> source-
> address 10.100.0.0/17
> set firewall family inet service-filter SS_PART1_FILTER term part1 then
> service
> set firewall family inet service-filter SS_PART1_FILTER term default then
> skip
> set firewall family inet service-filter SS_PART2_FILTER term part2 from
> source-
> address 10.100.128.0/17
> set firewall family inet service-filter SS_PART2_FILTER term part2 then
> service
> set firewall family inet service-filter SS_PART2_FILTER term default then
> skip
>
>
There's a trick to reach more accurate manual LB. Something like:
set firewall family inet service-filter SS_PART1_FILTER term part1 from
source-address 10.100.0.0/255.255.0.1
...
set firewall family inet service-filter SS_PART2_FILTER term part1 from
source-address 10.100.0.1/255.255.0.1
Even addresses go left, odd ones go right. Does not matter how your
10.100/16 is divided into subnets, how many subscribers you have in each
half or whatever.
More information about the juniper-nsp
mailing list