[j-nsp] MX80 no more hash-key option in 12.2?
Pavel Lunin
plunin at senetsy.ru
Tue Nov 6 09:23:23 EST 2012
Sorry for replying an old thread but my two cents about LB on Trio.
> Please take into consideration that the engineers that designed TRIO LB
> decided to simplify the LB options traditionally available on other
> chipsets, so you may find missing ones under the enhanced-hash-key. TRIO LB
> algorithm is already pretty much sophisticated by default.
The sad part of the story is that the sophisticated behavior (tuned to
provide more granular LB for carrier applications) cannot be turned off
for some special (well, not so specific) cases. What is really needed
for, say, CGN is an ability to ignore everything except source address
for IP traffic. If you want to balance flows among several NAT
next-hops, you need to make all flows from a given source-ip
(subscriber) to pass through the same NAT device.
In the old config branch there is a command "set forwarding-options
hash-key family multiservice payload ip layer-3 source-ip-only", but no
analogue on Trio.
Yes, we can use FBF or something like RADIUS-signalled placement of
subscribers into VRFs on the BNG side, but a lot of this complexness
could be avoided just having an option to only hash source IPs and
ignore other fields. It would be even possible to use unequal LB
(signaled with BW-communities), if we needed to balance flows with ECMP
among stateful devices of different capacity.
Pretty same thing happens if you need to scale a DC beyond a single
firewall. If you could have, say, an MX80 doing LB and a bunch of
different firewalls/NAT devices, it would be much more flexible (and
easier) than the traditional FBF approach.
"services-loadbalancing family inet layer-3-services source-address"
seems to be what is needed but, as I understand, only works for LB among
service interfaces. However it looks like a proof, that Trio can do this.
More information about the juniper-nsp
mailing list