Junos OS

 View Only
last person joined: yesterday 

Ask questions and share experiences about Junos OS.
  • 1.  Per-Packet Load balancing

    Posted 08-24-2023 11:19

    I'm using MX204 with 20.4R3-S3.4 Junos OS and enabled load-balancing as follows:

    <BGP multipath enabled>
    set policy-options policy-statement LOAD-BALANCE-ALL term 1 then load-balance per-packet
    set routing-options forwarding-table export LOAD-BALANCE-ALL

    Based on this documentation Junos should use:

    • Source IP
    • Destination IP
    • Protocol type 
    • Incoming interface index

    to create a hash and this way to identify a traffic flow. 

    In the above test setup, I generated SCP traffic:
    • copy from ClientA to ClientB
    • 10 seconds later I started another copy from ClientA to ClientB

    The Source IP / Destination IP / Protocol type / Incoming interface index  were all identical, only the port numbers differed, but still, both Connection 1 and Connection 2 was actively used.  

    Why is that?

  • 2.  RE: Per-Packet Load balancing

    Posted 08-25-2023 10:32


    a few things:

    1) I'm afraid that what you explain is not perfectly clear :)  What is used and when ?

    2) the document you mention is not relevant to MX routers. Of course one would say that juniper doc is quite unclear about this, but whatever... The documentation relevant for MX routers and ECMP is: Understanding the Algorithm Used to Load Balance Traffic on MX Series Routers

    3) in order to check what is really actually used by the forwarding engine on your MX router you would do some:

    request pfe execute target fpc0 command "show jnh lb"

    as explained in (good old) [MX] Hash key computation on MPC cards

    Olivier Benghozi

  • 3.  RE: Per-Packet Load balancing

    Posted 08-25-2023 11:43

    Hi Olivier,

    thank you very much for your answer, it helped a lot!

    1, Well, what I try to do is execute 2 SCP copy with the same source and destination IP addresses. Based on the documentation that I linked, the hash-key is generated by Source IP + Destination IP + Protocol, so the 2 parallel SCP copy should use only 1 Connection. But the test results show that the one of the SCP copy uses Connection1 and the other SCP copy uses Connection 2 (they are running parallel).

    2, Stupid question, but how do I know that the documentation that I mentioned is not relevant for MX routers? I found that documentation in the same page that you referred:  " Understanding the Algorithm Used to Load Balance Traffic on MX Series Routers"  :

    • "Per-packet load balancing–All next-hop addresses for a destination in the active route are installed in the forwarding table (the term per-packet load balancing in Junos is equivalent to what other vendors may call per-flow load balancing). See Configuring Per-Packet Load Balancing for more information."

    3, Thank you, this table is GOLD:

    Fields Configurable Default
    Source IP No Yes
    Destination IP No Yes
    Protocol ID No Yes
    Source TCP/UDP port Yes Yes
    Destination TCP/UDP port Yes Yes
    Incoming interface Yes No
    DSCP Yes No

    I disabled Source/Destination port:

    set forwarding-options enhanced-hash-key family inet no-destination-port
    set forwarding-options enhanced-hash-key family inet no-source-port

    And now when I repeat my test, both SCP use the same connection.


  • 4.  RE: Per-Packet Load balancing

    Posted 08-25-2023 12:02

    Actually, L3 (srcip + dstip) + L4 (proto + dstport + srcport) is very classical in ECMP (and MX adds very useful stuff, MPLS labels and so on).

    I would actually suggest to leave the (enhanced)hashkey using its default values in production network, it works well.

    About the non-relevance of some documents in Junos documentation? Well, that's the point :D  Stuff written by various writers and updated on a multi-years scheme pointing to docs not updated anymore... Not that easy if you don 't follow JunOs release notes and forums.

    Olivier Benghozi

  • 5.  RE: Per-Packet Load balancing

    Posted 08-25-2023 12:10

    I do not intend to modify the default behavior, actually original goal was to use Source + Destination Port in the hashing algorithm, but since that documentation stated otherwise I started testing and the whole thing didn't make sense :D 

    I think I'll start reading release notes then and be more active on forum haha 

    Everything is clear now, thank you for your help, have a nice weekend! :)