SRX

Hi,

I've googled around a bit and tried a few things, simple load balancing and source nat pools, but haven't achieved the desired outcome of balance traffic across ip's and interfaces.

IP's are not real, but representative.

ISP: I have a /29 static range with a single gateway. ISP modem allows for 1x10g connection, 4x1g connections. 1.2.3.1/29 is the provided gateway

My Current Setup:

set security nat source pool CB-Telus address 1.2.3.2/32 to 1.2.3.5/32

set security zones security-zone untrust interfaces ge-0/0/0.0 host-inbound-traffic system-services ssh

set security zones security-zone untrust interfaces ge-0/0/1.0

set security zones security-zone untrust interfaces ge-0/0/2.0

set security zones security-zone untrust interfaces ge-0/0/3.0

set interfaces ge-0/0/0 unit 0 family inet address 1.2.3.2/29

set interfaces ge-0/0/1 unit 0 family inet address 1.2.3.3/29

set interfaces ge-0/0/2 unit 0 family inet address 1.2.3.4/29

set interfaces ge-0/0/3 unit 0 family inet address 1.2.3.5/29

set policy-options policy-statement Load-Balance-All then load-balance per-flow

set routing-options static route 0.0.0.0/0 next-hop 1.2.3.1

set routing-options forwarding-table export Load-Balance-All

My Goal:

I'd like to have traffic balanced across the 4 static wan ip addresses, as a simple way of utilizing the 3gig uplink available to me without upgrading to a router with a 10g port.

If I've missed some examples or KB articles, my apologies for raising a redundant question. I'm a newcomer to Junos and enterprise networking, coming from SOHO / small office networks with limited complexity.

Thank you for any and all assistance!

Craig

Unfortunately, the problem here is that the load-balancing that you're enabling is designed to spread traffic across different destinations rather than sources. In your case the destination is always the same -- 1.2.3.1.

Ref: https://www.juniper.net/documentation/us/en/software/junos/flow-packet-processing/topics/topic-map/security-ecmp-flow-based-forwarding.html See the very last output provided; in your case you can check with show route forwarding-table destination 8.8.8.8. I suspect in your case you'll see only one next hop over only one of the interfaces (my guess is ge-0/0/0.0 but who knows). The subnet overlap between the interface is probably not helping either ...

Of course, we can go into the weeds and attempt to cheat. Never tried this particular scenario so I don't know if it will work. My ideas so far are:

1) Configure all additional addresses secondary on ge-0/0/0.0. Then, configure the remaining interfaces as unnumbered, borrowing specific addresses from ge-0/0/0.0. Then use multiple 0.0.0.0/0 routes with qualified-next-hop instead of next-hop, one for each of the additional interfaces. Problems: the next hop address essentially remains the same, so this may not install multiple entries in the forwarding table. Also, while the outbound traffic may get balanced, the return traffic will all all come to ge-0/0/0.0 because that's the interface that'll respond to ARP for all the addresses...

2) Move each interface into its own virtual-router routing-instance, each with its own default route. Then import all the default routes from the separate routing instances into the default routing instance with the same preference.  This may or may not work; I'm not sure if ECMP will consider imported routes for balanced. Even if it does, the next-hop address is still the same for all of them -- 1.2.3.1 so it might just pick one, but it's worth a shot.

If this wasn't bad enough, you can go deeper in the weeds and cheat further by pretending the subnet was -- and configuring the IP addresses as -- /28 instead of /29 and then define static ARP entries on ge-0/0/1.0 for 1.2.3.11 with the mac address of the default gateway, ge-0/0/2.0 for 1.2.3.12 with the mac address of the default gateway, etc. and then define the different 0.0.0.0/0 routes with next-hop 1.2.3.1, 1.2.3.11, 1.2.3.12, etc. That should make anyone who sees the configuration shudder in terror and mild disgust, but you'll have multiple 0.0.0.0/0 routes with different-looking next hops.

Of course, there may be a simpler way to cheat that I'm not thinking of ...

Lastly, this may be a moot exercise, because there are only so many gigabits the SRX340 can push around anyway.

Hi,

I've googled around a bit and tried a few things, simple load balancing and source nat pools, but haven't achieved the desired outcome of balance traffic across ip's and interfaces.

IP's are not real, but representative.

ISP: I have a /29 static range with a single gateway. ISP modem allows for 1x10g connection, 4x1g connections. 1.2.3.1/29 is the provided gateway

My Current Setup:

set security nat source pool CB-Telus address 1.2.3.2/32 to 1.2.3.5/32

set security zones security-zone untrust interfaces ge-0/0/0.0 host-inbound-traffic system-services ssh

set security zones security-zone untrust interfaces ge-0/0/1.0

set security zones security-zone untrust interfaces ge-0/0/2.0

set security zones security-zone untrust interfaces ge-0/0/3.0

set interfaces ge-0/0/0 unit 0 family inet address 1.2.3.2/29

set interfaces ge-0/0/1 unit 0 family inet address 1.2.3.3/29

set interfaces ge-0/0/2 unit 0 family inet address 1.2.3.4/29

set interfaces ge-0/0/3 unit 0 family inet address 1.2.3.5/29

set policy-options policy-statement Load-Balance-All then load-balance per-flow

set routing-options static route 0.0.0.0/0 next-hop 1.2.3.1

set routing-options forwarding-table export Load-Balance-All

My Goal:

I'd like to have traffic balanced across the 4 static wan ip addresses, as a simple way of utilizing the 3gig uplink available to me without upgrading to a router with a 10g port.

If I've missed some examples or KB articles, my apologies for raising a redundant question. I'm a newcomer to Junos and enterprise networking, coming from SOHO / small office networks with limited complexity.

Thank you for any and all assistance!

Craig