On Thursday 12 of January 2012 21:50:14 Pajlatek wrote: > Hi > I am searching for any one that is using more than 1 MSPIC 100 in M- > routers (M10i or M7i) and does a load-balance between them to get the > additional thruoutput over 1Gb/s > I'm not sure if it's going to work on M10i/M7i but it should help you to find a solution.
Let's assume you have MX router with a MS-DPC (fpc 2) and you have to configure NAPT-44 between internal network (10.100/16) and the Internet. Topology: http://makutunowicz.net/download/cgn_scenario.png How to configure it? 1) Enable layer-3 services on each PIC (MS-DPC has two NPUs: one at PIC0 and the other at PIC1). set chassis fpc 2 pic 0 adaptive-services service-package layer-3 set chassis fpc 2 pic 1 adaptive-services service-package layer-3 2) Configure sp- interfaces: set interfaces sp-2/0/0 unit 0 family inet set interfaces sp-2/0/0 services-options cgn-pic set interfaces sp-2/1/0 unit 0 family inet set interfaces sp-2/1/0 services-options cgn-pic Note that cgn-pic was introduced in Junos 11.2 and may work on MX with MS-DPC only. 3) Create 2 service-sets with proper sp- interfaces attached. set services service-set SS_PART1 nat-rules NAT_RULE_1 set services service-set SS_PART1 interface-service service-interface sp-2/0/0 set services service-set SS_PART2 nat-rules NAT_RULE_2 set services service-set SS_PART2 interface-service service-interface sp-2/1/0 4) Apply service-sets to the internal interface. You also have to manually distribute incoming packets to PICs for processing, eg. half of the internal network is processed by sp-2/0/0 and the other by sp-2/1/0 (that's why the service filters are necessary). set interfaces ge-0/0/0 unit 0 family inet address 10.100.0.1/16 set interfaces ge-0/0/1 unit 0 family inet address 192.168.0.1/24 set interfaces ge-0/0/0 unit 0 family inet service input service-set SS_PART1 service-filter SS_PART1_FILTER set interfaces ge-0/0/0 unit 0 family inet service input service-set SS_PART2 service-filter SS_PART2_FILTER set interfaces ge-0/0/0 unit 0 family inet service output service-set SS_PART2 service-filter SS_PART2_FILTER set interfaces ge-0/0/0 unit 0 family inet service output service-set SS_PART1 service-filter SS_PART1_FILTER 5) Create the service-filters: set firewall family inet service-filter SS_PART1_FILTER term part1 from source- address 10.100.0.0/17 set firewall family inet service-filter SS_PART1_FILTER term part1 then service set firewall family inet service-filter SS_PART1_FILTER term default then skip set firewall family inet service-filter SS_PART2_FILTER term part2 from source- address 10.100.128.0/17 set firewall family inet service-filter SS_PART2_FILTER term part2 then service set firewall family inet service-filter SS_PART2_FILTER term default then skip 6) Create the NAT pools (one pool for 10.100/17 and the other for 10.100.128/17): set services nat pool POOL_PART1 address 192.168.100.0/24 set services nat pool POOL_PART1 port automatic set services nat pool POOL_PART2 address 192.168.200.0/24 set services nat pool POOL_PART2 port automatic 7) Create the NAT rules: set services nat rule NAT_RULE_1 match-direction input set services nat rule NAT_RULE_1 term part1 from source-address 10.100.0.0/17 set services nat rule NAT_RULE_1 term part1 then translated source-pool POOL_PART1 set services nat rule NAT_RULE_1 term part1 then translated translation-type napt-44 set services nat rule NAT_RULE_2 match-direction input set services nat rule NAT_RULE_2 term part2 from source-address 10.100.128.0/17 set services nat rule NAT_RULE_2 term part2 then translated source-pool POOL_PART2 set services nat rule NAT_RULE_2 term part2 then translated translation-type napt-44 napt-44 translation type was introduced in Junos 11.2. If you have Junos version < 11.2, set translation type to "source dynamic". To summarize: When a user with IP 10.100.0.100 wants to access the Internet, it hits ge-0/0/0 interface, matches SS_PART1_FILTER so SS_PART1 service set is applied. He's translated to the IP from pool 192.168.100.0/24 (by NAT_RULE_1) using sp-2/0/0 interface. Of course the load balancing method is going to work if IP address assignment follows uniform distribution. However, you can be more granular in the service filters (eg. split all the internal address space to several /24 slices). Hope it's helpful. Best regards, Artur _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp