Hi Doug So, do you mean that there is no need to use the export policy on the forwarding table and the traffic will be load balanced by default using LACP? I am using this ECMP policy only for this purpose. as per my knowledge Juniper is not load balancing the traffic by default unless there is an explicit configured policy.
BR, -----Original Message----- From: Doug Hanks [mailto:dha...@juniper.net] Sent: Wednesday, March 16, 2011 7:15 PM To: Stefan Fouant; Walaa Abdel razzak; juniper-nsp@puck.nether.net Subject: RE: [j-nsp] SRX 650 reth interface load balancing Stefan is spot on regarding the testing method. You need diverse flows. The forwarding-table export policy is completely useless in this scenario. Your FIB should be showing reth0 as the Netif. Verify that your LACP is working with "show lacp" If LACP is up, it will handle the hashing of the packets. Doug -----Original Message----- From: juniper-nsp-boun...@puck.nether.net [mailto:juniper-nsp-boun...@puck.nether.net] On Behalf Of Stefan Fouant Sent: Wednesday, March 16, 2011 8:35 AM To: 'Walaa Abdel razzak'; juniper-nsp@puck.nether.net Subject: Re: [j-nsp] SRX 650 reth interface load balancing > -----Original Message----- > From: juniper-nsp-boun...@puck.nether.net [mailto:juniper-nsp- > boun...@puck.nether.net] On Behalf Of Walaa Abdel razzak > Sent: Wednesday, March 16, 2011 8:31 AM > To: juniper-nsp@puck.nether.net > Subject: [j-nsp] SRX 650 reth interface load balancing > > I tried to verify load balancing on the reth interface for SRX 650 > connected to logical router, but I can see that SRX always use one > link although we have two physical links between the router and the > active node and one link between the router and the passive node. I am > pinging directly from router to the FW. I need to load balance through > the active links. The configuration is as follows: How are you testing your load-balancing Walaa? Because Juniper uses a hash algorithm such that traffic matching a given set of constraints (Source Address, Destination Address, Source Port, Dest Port, incoming interface) will always hash to the same path. In order to properly evaluate if the load-balancing is working properly, you really need to simulate a large number of diverse flows. > And the load balance policy: > > test@FW1# show routing-options > forwarding-table { > export ECMP; > } > test@FW1# show policy-options policy-statement ECMP term load-balance > { > then { > load-balance per-packet; > } > } I already mentioned to you previously that you don't need a load-balance policy to effect load-balancing on a LAG or RETH interface since these types of interfaces appear to the system as a single logical interface, other mechanisms apply. The above configuration is completely unnecessary. Stefan Fouant, CISSP, JNCIEx2 www.shortestpathfirst.net GPG Key ID: 0xB4C956EC _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp