Look: Juniper Networks security devices support equal cost multipath (ECMP) routing on a per-session basis. Routes of equal cost have the same preference and metric values. Once a security device associates a session with a route, the security device uses that route until a better route is learned or the current route becomes unusable. The eligible routes must have outgoing interfaces that belong to the same zone.
If the outgoing interfaces do not belong to the same zone and the return packet goes to a zone other than the intended one, a session match cannot occur and the traffic may not go through. When ECMP is enabled and the outgoing interfaces are different and in NAT mode, applications, such as HTTP, that create multiple sessions will not work correctly. Applications, such as telnet or SSH, that create one session should work correctly. ECMP assists with load-balancing among two to four routes to the same destination or increases the effective bandwidth usage among two or more destinations. When ECMP is enabled, security devices use the statically defined routes or dynamically learn multiple routes to the same destination through a routing protocol. The security device assigns routes of equal cost in rotating (round-robin) fashion. <----- Without ECMP, the security device only uses the first learned or defined route. Other routes that are of equal cost remain unused until the currently active route is no longer active. When using ECMP, if you have two security devices in a neighbor relationship and you notice packet loss and improper load-balancing, check the Address Resolution Protocol (ARP) configuration of the neighbor device to make sure the arp always-on-dest feature is disabled (default). ... from: http://www.juniper.net/techpubs/software/screenos/screenos6. 0.0/CE_v7.pdf Att, Giuliano -----Original Message----- From: Sven Juergensen (KielNET) [mailto:[EMAIL PROTECTED] Sent: Monday, January 07, 2008 1:35 PM To: [EMAIL PROTECTED] Cc: juniper-nsp@puck.nether.net Subject: Re: [j-nsp] SSG Loadbalancing Hi Giuliano, this actually works, thank you. What kind of algorithm is happening behind the scenes, do you have any idea? Starting a download from one machine followed by another one sometimes uses the same uplink, which is somewhat suboptimal but I reckon that this is by design. Thanks and regards, sven03 Mit freundlichen Gruessen i. A. Sven Juergensen -- Fachbereich Informationstechnologie KielNET GmbH Gesellschaft fuer Kommunikation Preusserstr. 1-9, 24105 Kiel Telefon : 0431 / 2219-053 Telefax : 0431 / 2219-005 E-Mail : [EMAIL PROTECTED] Internet: http://www.kielnet.de AS# 25295 Key fingerprint: 65B6 90FC 010A 39CE DCA5 336D 9C45 3B7A B02D E132 "221 2.7.0 Error: I can break rules, too. Goodbye." Geschaeftsfuehrer Eberhard Schmidt HRB 4499 (Amtsgericht Kiel) GIULIANO (UOL) wrote: > Sven, > > It is possible. > > You have to configure the related VROUTER to support it: > > FW_PAVAN_SJP-> > FW_PAVAN_SJP-> > FW_PAVAN_SJP-> > FW_PAVAN_SJP-> set vrouter trust-vr > FW_PAVAN_SJP(trust-vr)-> set max-em > FW_PAVAN_SJP(trust-vr)-> set max-ec > max-ecmp-routes maximum ecmp routes searched during > ECMP route lookup in this vrouter > FW_PAVAN_SJP(trust-vr)-> set max-ecmp-routes ? > <number> route number (range: 1 - 4) > FW_PAVAN_SJP(trust-vr)-> set max-ecmp-routes 2 [ENTER] > > > Att, > > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of > Sven Juergensen (KielNET) > Sent: Monday, January 07, 2008 8:57 AM > To: juniper-nsp@puck.nether.net > Subject: [j-nsp] SSG Loadbalancing > > Hi list, > > is it possible to have an SSG5 > connected to two xDSL modems > loadbalance traffic across both > of them? Redundancy works but > it appears that a loadbalancing > mechanism does not exist. > > Thanks in advance. > > Regards, > > sven03 > > Mit freundlichen Gruessen > > i. A. Sven Juergensen > _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp __________ NOD32 2769 (20080107) Information __________ This message was checked by NOD32 antivirus system. http://www.eset.com __________ NOD32 2770 (20080107) Information __________ This message was checked by NOD32 antivirus system. http://www.eset.com _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp