Junos OS

 View Only
last person joined: yesterday 

Ask questions and share experiences about Junos OS.
  • 1.  Juniper NAT transition from MS-MPC single PIC to AMS configs for load-balancing

    Posted 06-27-2022 10:05
    Edited by SHAHBAZ KHAN 08-22-2022 23:38

    I have an MX-960 being used as a BRAS/BNG for PPPoE subscribers using deterministic NAT IPv4. The current configs are shared below. I tried deleting all configs under ms-2/0/0 and copying it to under ams0 using the redundancy-options (as mentioned here https://www.juniper.net/documentation/us/en/software/junos/interfaces-adaptive-services/topics/topic-map/load-balance-high-avail-AMS.html#id-configuring-warm-standby-for-services-interfaces ). And in the service set settings I tried changing ms-2/0/0 to ams0.

    Yet I get the errors below:

    error: Check-out failed for Mobility process (/usr/sbin/mobiled) without details
    error: configuration check-out failed

    If anyone has experience with this sort of thing, please assist me. What am I missing. I was thinking of doing this as a first step i.e. this warm stand-by thing where one PIC is active and the other is backup and then I thought I would move to the load-balancing options.

    Thanks in advance.

    services-options {
        open-timeout 5;
        close-timeout 5;
        inactivity-tcp-timeout 300;
        inactivity-asymm-tcp-timeout 300;
        inactivity-non-tcp-timeout 30;
        tcp-tickles 4;
        fragment-limit 10;
        reassembly-timeout 3;
    }
    unit 0 {
        description "interface for service-set SP000";
        no-traps;
        family inet {
            address 10.30.9.50/32;
        }
    }
    unit 1 {
        description "Inside interface for service-set SP000";
        no-traps;
        family inet;
        service-domain inside;
    }
    unit 2 {
        description "Outside interface for service-set SP000";
        no-traps;
        family inet;
        service-domain outside;
    

    syslog {
        host 192.168.54.27 {
            inactive: services info;
            log-prefix ISB-Session;
            source-address 10.30.9.5;
        }
    }
    nat-rules sp000;
    interface-service {
        service-interface ms-2/0/0;

    shahbaz@ISB-BNG-MX96-1-re0> show configuration interfaces ae4 
    description wd-MX960-ISB-Router;
    aggregated-ether-options {
        lacp {
            active;
        }
    }
    unit 0 {
        family inet {
            inactive: filter {
                output web-filter2;
            }
            service {
                input {
                    service-set sp000;
                }
                output {
                    service-set sp000;
                }
            }
            address 10.30.9.2/30;
        }
        family inet6 {
            address 2407:9e00::b4a5:2/112;
        }
    }


    ------------------------------
    SHAHBAZ KHAN
    ------------------------------


  • 2.  RE: Juniper NAT transition from MS-MPC single PIC to AMS configs for load-balancing

    Posted 08-22-2022 19:05
    i have an ams load-balancing config like this...

    me@mx960> show configuration interfaces ams0 | display set
    set interfaces ams0 load-balancing-options member-interface mams-3/0/0
    set interfaces ams0 load-balancing-options member-interface mams-3/1/0
    set interfaces ams0 load-balancing-options member-interface mams-3/2/0
    set interfaces ams0 load-balancing-options member-interface mams-3/3/0
    set interfaces ams0 load-balancing-options member-failure-options redistribute-all-traffic enable-rejoin


    me@mx960> show interfaces load-balancing ams0
    Interface State Last change Members HA Model
    ams0 Up 8w4d 19:00 4 None

    {master}
    agould@sv-b-960> show interfaces load-balancing ams0 detail
    Load-balancing interfaces detail
    Interface : ams0
    State : Up
    Last change : 8w4d 19:00
    Member count : 4
    HA Model : None
    Members :
    Interface Weight State
    mams-3/0/0 10 Active
    mams-3/1/0 10 Active
    mams-3/2/0 10 Active
    mams-3/3/0 10 Active


    ------------------------------
    Aaron Gould
    Senior Network Engineer
    aaron@gvtc.com
    https://www.linkedin.com/in/agould123/
    ------------------------------



  • 3.  RE: Juniper NAT transition from MS-MPC single PIC to AMS configs for load-balancing

    Posted 08-22-2022 23:36
    Unfortunately, this config doesn't work for deterministic NAT as mentioned in Juniper documentation (pls. see link in original post if you are interested in reading about it.)

    The only thing that might work is ams warm-standy instead of ams-load-balancing. I tried that but the config in the documentation is very vague and I got some error about mobility process.

    ------------------------------
    SHAHBAZ KHAN
    ------------------------------



  • 4.  RE: Juniper NAT transition from MS-MPC single PIC to AMS configs for load-balancing

    Posted 12-01-2022 10:44
    Hello SHAHBAZ KHAN and everyone,

    I am interested in this issue as I also wanted to implement AMS configs for load-balancing with Deterministic NAT IPv4 but as you and the documention mentionned this implementation is not supported.

    Besides trying to implement ams warm-stanby, have you considered to implement another NAT solution and keep the ams load-balancing-options ?
    That is what I'm thinking of as I would like to use the ams load-balancing-options but I'm not sure what other NAT solution would work with the ams load-balancing-options.

    Do you or anyone else have a suggestion ?

    Many thanks.

    Alexis





  • 5.  RE: Juniper NAT transition from MS-MPC single PIC to AMS configs for load-balancing

    Posted 12-01-2022 22:54
    Edited by SHAHBAZ KHAN 12-01-2022 22:57

    Hi Alexis! 

    we didn't consider doing ams with another form of NAT because being an ISP (official government service provider) we need the ability to know who used what IP address during a certain window of time and we don't have logging implemented. With other forms of NAT, you'd need logging.

    we even contacted a firm to see if they can come up with a solution but they couldn't.


    However, they did mention something about having multiple service sets and binding them to the individual ms-x/x/0-3 interfaces. 

    but our MX started malfunctioning soon after that and I didn't get the chance to test it out. We shifted most of our subscribers to a BRAS from Huawei.

    please do post here if you figure it out or if you try doing multiple service sets and binding pools (dividing them for multiple service sets) and interfaces to them.

    thanks.



    ------------------------------
    SHAHBAZ KHAN
    ------------------------------



  • 6.  RE: Juniper NAT transition from MS-MPC single PIC to AMS configs for load-balancing

    Posted 12-02-2022 10:25
    We were able to implement AMS load balancing with dynamic NAT and also logging.  We retain logs for 2 years for law enforcement reasons.

    ------------------------------
    Aaron Gould
    Senior Network Engineer
    aaron@gvtc.com
    https://www.linkedin.com/in/agould123/
    ------------------------------