[j-nsp] Multihoming Using Juniper SRX 240
Farrukh Haroon
farrukhharoon at gmail.com
Tue Nov 20 03:03:42 EST 2012
Dear Rehan
To complement Morgan's response.
It seems you are based in Saudi. Here IGW allows ISPs to advertise a /25.
Assuming you already have your own /24 from RIPE, you can divide this into
two /25 and achieve reasonable 'load-sharing' in the inbound direction. To
keep the traffic uniform make sure that the NAT rules use IP addresses from
both /25 ranges. E.g. if you have two proxy servers, you place on in each.
For outbound, you could do some sort of intelligent PBR with tracking
(FBF), with the appropriate switchover to the secondary ISP. E.g. User
VLANs 1,2,3 go to ISP-A, Servers and User VLANs 4 and 5 go to ISP-B. If any
of the ISP is down, all traffic should go through the live ISP.
There is an example of using FBF to do this in the SRX Security config
guide and in the O'reilly SRX security book (Chapter 11)
Regards
Farrukh Haroon
Riyadh,KSA
On Tue, Nov 20, 2012 at 9:37 AM, Rehan Rafi <rrk.cse at gmail.com> wrote:
> Dear All,
>
> Kindly can you share some case studies for achieving multihoming setup in
> different ways.
>
> The setup we have is 2 SRXs in Active/Passive cluster with 2 ISP
> connections running BGP. We have multiple things in mind, we want
> to achieve:
>
> - Load balancing all traffic between 2 ISP connections, not sure if its
> possible or not?
>
> - Send/Receive traffic of some subnets through one ISP and for others
> through other ISP to maximum utilize both ISP links
>
> - In case of one ISP failure all traffic should divert to the other working
> ISP
>
> Your precious thoughts on these points will be appreciated. Ultimate goal
> is to achieve redundancy and maximum utilizing both ISP links.
>
> Looking forward for your replies
>
> --
>
> Regards,
>
> Rehan Rafi
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>
More information about the juniper-nsp
mailing list