SRX

I have a question that pertains to a policy statement for load balancing. It really is an ISP question but it has particulars that pertains to input I to the statement.

Here is my code.

policy-options {
policy-statement DestinationLoadBalance {
term term1 {
from {
neighbor [ 192.168.1.1 ];
}
to [ 192.168.1.1 ];
interface vlan.0;
}
then {
load-balance per-packet;
}
}
}
}


In term1 the "to" statement contains an interface statement. Since vlan.0 runs through ge-0/0/0 on my srx, if I enter ge-0/0/0 for the destination will it perform the balance properly? Making it assume that vlan.0 and the ge port are related? Do I have to know the type of port it really is on the other end? Will it take other types as input?

All replies welcome.

Correction...


policy-options {
policy-statement DestinationLoadBalance {
term term1 {
from {
neighbor [ 192.168.1.1 ];
}
to {
neighbor [ 192.168.1.1 ];
interface vlan.0;
}
then {
load-balance per-packet;
}
}
}
}

Hi!

What are you attempting to do with Load Balancing?

Are you doing it SRX down to the LAN or from the SRX up to two ISPs?

Are you running it as a single SRX or are you doing Chassis Clustering HA too?

Thanks for providing the extra context.

KR
Adam

Oh yes that's important. I forgot to mention this. This is from my single srx to the ISP. But I did mention the ISP. I only want to use the vlan.0 and the port that vlan.0 egresses on. But at the ISP. What is the likelyhood? Most likely port name? ge-0/0/0 ? I know it can be complicated.

Hi,

 

You can do it even more simplier than that and use ECMP to load balance between the two ISPs on a per flow basis.

 

KR
Adam

I'm using only one ISP. I haven't studied ECMP yet.

I want to know about the interface name. A solid answer is needed. Will ge-0/0/0.0 work. It is switching I realize. But anyone know exactly? By name or what? The ge port is DHCP enabled. Not ethernet switching. But realize it still switches.

Oh wait yes. In using ECMP. But I want to know about the interface port name still.

If I use the vlan.0 as an interface I want to use the port name the vlan.0 will egress. On my srx it is ge-0/0/0 .

At the isp side vlan.0 is valid. That's not a question. But the egress port ge-0/0/0 is in question. Can I still use ge-0/0/0.0 at the isp side. Do I need a better name. Will it take a different name? I'm not the isp obviously.

Eugene1973,

 

vlan.0 is a logical interface, it is an L3 virtual bridging interface, for it to work must have a L2 interface or switching interface, in this case I believe ge-0/0/0. you can conversely make the ge-0/0/0 a L3 interface by configuring for family INET and put an L3 ip address.

 

you can use the ge-0/0/0.0 in any case, whether you use the vlan.0 and ge-0/0/0 as a member interface, or avoid the vlan.0 and use family inet on the ge-0/0/0

 

the egress interface that you use should be an L3 inteface, when you use it for routing purposes.

 

Hope it helps.

 

Cheers,

 

Benjamin

What about names that are not on the srx. Other vendor, at the isp. Cisco, blah bah. Anyone know? Anyone know a name for comcast. srx is ge . Gigabit ethernet. Anyone know for comcast. I want the vlan.0 to be egressing properly at the isp.

Eugene1973,

 

I am not following, what names are you looking for? you mean interface naming conventions? 

 

For juniper the interfaces naming convention is found on this link:

 

Interface Naming Overview

https://www.juniper.net/documentation/en_US/junos/topics/concept/interfaces-interface-naming-overview.html

 

I suppose that for other vendors similar links may exist.

 

If you try describing a little more your question and what you are trying to accomplish about this namings I may be able to assist better.

 

Cheers pal,

 

Benjamin

Juniper has it's own naming conventions. Interface "ge", "fe", etc. Let's forget about those. Other vendors have their naming conventions. Or do they use "ge". I'll look that up.

But the question is.... can I use non-juniper names in that statement.

policy-options {
policy-statement DestinationLoadBalance {
term term1 {
from {
neighbor [ 192.168.1.1 ];
Interface vlan.0;
Interface ge-0/0/0.0;
}
to {
neighbor [ 192.168.1.1 ];
interface vlan.0;
Interface xxxxxx; <- other vendor
}
then {
load-balance per-packet;
}
}
}
}

So my question becomes.... since I use comcast, will I need a different name? Or is ge-0/0/0.0 the only acceptable solution?

Eugene1973,

 

I see now, well I think that I understand. and the answer is no, the Junos policy will only accept matching criteria that matches with Juniper specific naming conventions, so for example, as you noted in the policy:

 

policy-statement DestinationLoadBalance {
term term1 {
from {
neighbor [ 192.168.1.1 ];
Interface vlan.0;
Interface ge-0/0/0.0;
}

 

the interface options must match with Juniper naming convention, e.g. ge- xe- sp- vlan/irb. the names of the interfaces other vendors use will not work in the policy you are creating.

 

On a side note, I've never used the load-balance policy as you are using it, with neighbor or interfaces, I've only tested it with network prefixes, so if the policy matches the network prefix will try to do 'load-balance'.

 

On your question, the ge-0/0/0.0 should be the only acceptable solution.

 

again, this matching criteria you are using for the load balance policy is not normal, and I don't know if it will work as desired. check out examples on how to use it from here:

 

the normal way for a load-balancing policy should be this:

 

Never say never but the question is answered. Thanks for all the help.

Kudos to all.

Eugene,

 

With much pleasure. 

 

Cheers,

 

Benjamin

 

😀😀😀😀😀

Hello Eugene1973,

 

humm, i don't understand the purpose of the policy. If the term criteria is matched the SRX will try to load balance the traffic if, and only if there are Equal Cost Multiple Routes, meaning different next hops available for the same destination prefix and they have the same cost to reach it.

 

the fact that you mention "from" neighbor 192.168.1.1 "to" neighbor 192.168.1.1 doesn't make much sense to me. I might be wrong, what is the purpose of the load balancing you are trying to accomplish? I've only come to use prefixes under the matching criteria, never neighbors, not sure of what you are trying to accomplish.

 

Keep in mind that the 'load-balance' option in the policy hierarchy will only work when applied to the routing-options for equal-cost-multiple-routes, and it will load balance per "FLOW" not per packet as the command states, just naming thing to be aware of.

 

For more information i have here for you some docuenation you might find useful

 

Equal-cost multipath support on SRX for flow-based forwarding

https://kb.juniper.net/InfoCenter/index?page=content&id=KB23417

 

You can control with filters also how traffic is direted to destinations, see the link below

 

 

FInally, you should check this link, it'll give you a good understanding of how load balancing works and it is use:

 

Understanding Per-Packet Load Balancing

https://www.juniper.net/documentation/en_US/junos/topics/concept/policy-per-packet-load-balancing-overview.html

 

here is an example of the configuration needed:

 

Configuring Per-Packet Load Balancing

https://www.juniper.net/documentation/en_US/junos/topics/usage-guidelines/policy-configuring-per-packet-load-balancing.html

 

Cheers!

 

Benjamin