SRX

Expand all | Collapse all

Does SRX need route for return traffic in flow session?

Jump to Best Answer
  • 1.  Does SRX need route for return traffic in flow session?

    Posted 04-15-2020 21:49

    Hi,

    I'm new in SRX technology.

    I have topology as below.

     

    Topology.jpg

     

    The SRX is connected with 2 routers on different P2P VLAN. Behind routers, the users subnet and IP address are same. The traffic always initiated from users to the server. For the forwarding packet from users to server, I think it is not problem because it's only 1 destination with 1 next-hop to the server. But I'm thinking about the return traffic.

    I want the SRX do the symmetric routing. When there is source 10.0.0.1 coming from interface Ge-0/0/0.10 (VLAN 10), I expect the return traffic from server will be going out via Ge-0/0/0.10 again to the R1 and to the user. All the routing are just static routing.

    1. Do I need to add static route of 10.0.0.0/24 with multiple next-hop? From my understanding, if I add static route with multiple next-hop to the same destination, only 1 random next-hop that will be installed on forwarding-table.

    2. What is configuration that I need to configure to achieve symmetric routing for traffic return to the interface where the traffic is coming from?

     

    Thank you in advanced.

    Arie


    #flow
    #SRX
    #Return


  • 2.  RE: Does SRX need route for return traffic in flow session?
    Best Answer

    Posted 04-15-2020 22:25

    Hello,

     

    Short answer - yes it does.

    Long answer - see below.

     


    @arie.yank wrote:

     

    1. Do I need to add static route of 10.0.0.0/24 with multiple next-hop?


     

    Yes You do

     

     

    set routing-options static route 10.0.0.0/24 next-hop [ 192.168.52.1 192.168.52.5 ]

     

     


    @arie.yank wrote:

     

    From my understanding, if I add static route with multiple next-hop to the same destination, only 1 random next-hop that will be installed on forwarding-table.

     

     

    With default SRX config - correct. You need the forwarding table policy to have 2 nexthops installed in the FIB

     

    set routing-options forwarding-table export LBPP
    set policy-options policy-statement LBPP term t1 then load-balance per-packet

     

     


    @arie.yank wrote:

     

    2. What is configuration that I need to configure to achieve symmetric routing for traffic return to the interface where the traffic is coming from?

     

     

    Please see above. Plus You need to put both ge-0/0/0.10 and ge-0/0/0.20 interfaces under the same security zone.

     

    HTH

    Thx

    Alex



  • 3.  RE: Does SRX need route for return traffic in flow session?

    Posted 04-17-2020 00:17

    Hi Alex,

     

    Thank you! It works! 🙂

     

    Regards,

    Arie