[j-nsp] Junos Load Balancing Behavior
Hello: I'm looking for some insight on the load balancing behavior that Junos uses by default. We are certifying our Junos platform CE routers (SRX, MX10, M7i) and not seeing what we expected given the documentation we have. According to the Juniper docs and the old JNCIP study guide, OSPF will automatically load balance if there are two equal cost routes. And indeed in the routing table we have default route advertised via OSPF to a CE router which shows two next hops (one to each of two PE's). juniper@SRX240-5 show route 0/0 exact inet.0: 23 destinations, 23 routes (23 active, 0 holddown, 0 hidden) + = Active Route, - = Last Active, * = Both 0.0.0.0/0 *[OSPF/150] 20:45:21, metric 112, tag 13979 to 10.7.122.1 via ge-0/0/6.0 to 10.7.122.2 via ge-0/0/6.0 However in the forwarding table there is only one next-hop shown and when testing traffic flows we don't see any load balancing by default. juniper@SRX240-5 show route forwarding-table destination 0/0 Routing table: default.inet Internet: DestinationType RtRef Next hop Type Index NhRef Netif defaultuser 0ulst 262142 2 80:71:1f:c0:3c:81 ucst 584 4 ge-0/0/6.0 defaultperm 0rjct36 4 0.0.0.0/32 perm 0dscd34 2 Routing table: __master.anon__.inet Internet: DestinationType RtRef Next hop Type Index NhRef Netif defaultperm 0rjct 517 1 0.0.0.0/32 perm 0dscd 515 1 Everything goes across the one next hop only (the one with the in front of it). We have to add an export policy to the routing-options forwarding-table stanza to get it to work. This is from the Junos documentation for OSPF for version 10.4: When several equal-cost routes to a destination exist, traffic is distributed equally among them. http://www.juniper.net/techpubs/en_US/junos10.4/topics/concept/ospf-routing- overview.html Shouldn't the load balancing work by default as the documentation would lead one to believe? Does anyone have any insight into this? Is the documentation incorrect and you actually are required to always add a load-balancing export policy in order to get the desired load-balancing behavior? Best Regards, Devin J Kennedy Juniper Engineer - ATT Labs ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
[j-nsp] issue between juniper EX4500 and switch Cisco
I have connected a switch juniper EX4500 with switch cisco 3550 by Giga Link in mode trunk but the mac-addresses in switch juniper are not known by the switch cisco and backwards, have anybody had this issue before ? thanks for any help. Oscar Jimenez S ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] Junos Load Balancing Behavior
It's working just the like documentation says. It's per-prefix load-balancing. If you want per-flow you need to modify the FIB via an export policy. set policy-options policy-statement fib-per-flow then load-balance per-packet set routing-options forwarding-table export fib-per-flow Commit Check your FIB again after that change. Thank you, -- Doug Hanks - JNCIE-ENT #213, JNCIE-SP #875 Sr. Systems Engineer Juniper Networks On 2/2/12 9:01 AM, Devin Kennedy devinkennedy...@hotmail.com wrote: Hello: I'm looking for some insight on the load balancing behavior that Junos uses by default. We are certifying our Junos platform CE routers (SRX, MX10, M7i) and not seeing what we expected given the documentation we have. According to the Juniper docs and the old JNCIP study guide, OSPF will automatically load balance if there are two equal cost routes. And indeed in the routing table we have default route advertised via OSPF to a CE router which shows two next hops (one to each of two PE's). juniper@SRX240-5 show route 0/0 exact inet.0: 23 destinations, 23 routes (23 active, 0 holddown, 0 hidden) + = Active Route, - = Last Active, * = Both 0.0.0.0/0 *[OSPF/150] 20:45:21, metric 112, tag 13979 to 10.7.122.1 via ge-0/0/6.0 to 10.7.122.2 via ge-0/0/6.0 However in the forwarding table there is only one next-hop shown and when testing traffic flows we don't see any load balancing by default. juniper@SRX240-5 show route forwarding-table destination 0/0 Routing table: default.inet Internet: DestinationType RtRef Next hop Type Index NhRef Netif defaultuser 0ulst 262142 2 80:71:1f:c0:3c:81 ucst 584 4 ge-0/0/6.0 defaultperm 0rjct36 4 0.0.0.0/32 perm 0dscd34 2 Routing table: __master.anon__.inet Internet: DestinationType RtRef Next hop Type Index NhRef Netif defaultperm 0rjct 517 1 0.0.0.0/32 perm 0dscd 515 1 Everything goes across the one next hop only (the one with the in front of it). We have to add an export policy to the routing-options forwarding-table stanza to get it to work. This is from the Junos documentation for OSPF for version 10.4: When several equal-cost routes to a destination exist, traffic is distributed equally among them. http://www.juniper.net/techpubs/en_US/junos10.4/topics/concept/ospf-routin g- overview.html Shouldn't the load balancing work by default as the documentation would lead one to believe? Does anyone have any insight into this? Is the documentation incorrect and you actually are required to always add a load-balancing export policy in order to get the desired load-balancing behavior? Best Regards, Devin J Kennedy Juniper Engineer - ATT Labs ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] Junos Load Balancing Behavior
Srx's, assuming you're running in flow mode will not load balance as of today. The forwarding table will show two routes, but it will only pick one. This has been discussed here previously, a quick google search of ECMP and SRX should help. Good luck, sorry to give you the bad news.. Tim Eberhard On Feb 2, 2012, at 11:01 AM, Devin Kennedy devinkennedy...@hotmail.com wrote: Hello: I'm looking for some insight on the load balancing behavior that Junos uses by default. We are certifying our Junos platform CE routers (SRX, MX10, M7i) and not seeing what we expected given the documentation we have. According to the Juniper docs and the old JNCIP study guide, OSPF will automatically load balance if there are two equal cost routes. And indeed in the routing table we have default route advertised via OSPF to a CE router which shows two next hops (one to each of two PE's). juniper@SRX240-5 show route 0/0 exact inet.0: 23 destinations, 23 routes (23 active, 0 holddown, 0 hidden) + = Active Route, - = Last Active, * = Both 0.0.0.0/0 *[OSPF/150] 20:45:21, metric 112, tag 13979 to 10.7.122.1 via ge-0/0/6.0 to 10.7.122.2 via ge-0/0/6.0 However in the forwarding table there is only one next-hop shown and when testing traffic flows we don't see any load balancing by default. juniper@SRX240-5 show route forwarding-table destination 0/0 Routing table: default.inet Internet: DestinationType RtRef Next hop Type Index NhRef Netif defaultuser 0ulst 262142 2 80:71:1f:c0:3c:81 ucst 584 4 ge-0/0/6.0 defaultperm 0rjct36 4 0.0.0.0/32 perm 0dscd34 2 Routing table: __master.anon__.inet Internet: DestinationType RtRef Next hop Type Index NhRef Netif defaultperm 0rjct 517 1 0.0.0.0/32 perm 0dscd 515 1 Everything goes across the one next hop only (the one with the in front of it). We have to add an export policy to the routing-options forwarding-table stanza to get it to work. This is from the Junos documentation for OSPF for version 10.4: When several equal-cost routes to a destination exist, traffic is distributed equally among them. http://www.juniper.net/techpubs/en_US/junos10.4/topics/concept/ospf-routing- overview.html Shouldn't the load balancing work by default as the documentation would lead one to believe? Does anyone have any insight into this? Is the documentation incorrect and you actually are required to always add a load-balancing export policy in order to get the desired load-balancing behavior? Best Regards, Devin J Kennedy Juniper Engineer - ATT Labs ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] Filter-based forwarding outside of inet.0?
Thanks to Stacy and Hendri, I got this to work perfectly! This really
helped.
Since it does not hurt to have more examples (as they are non-existent in
the Junos docs for this particular type of application - Boo Hoo!!!), I am
including the recipe/configuration solution below..
Clarke Morledge
College of William and Mary
Information Technology - Network Engineering
Jones Hall (Room 18)
Williamsburg VA 23187
DefaultRoute via 192.168.0.1
^
|
|
xe-11/0/0.40
|
Downstream: 192.168.99.2 xe-9/0/0.40 VirtualRtr
|
irb.42
|
|
v
Hijack via 192.168.255.1
By default, I have a static route in a routing instance (VirtualRtr)
sending the default route to 192.168.0.1. I want to hijack traffic
matching a particular filter and send the traffic to a different next-hop,
192.168.255.1.
For you Cisco types, this is basically equivalent to using a route-map for
setting the next hop:
route-map VirtualRtr-Redirect permit 100
match ip address hijack-acl
set ip vrf VirtualRtr next-hop 192.168.255.1
Whereas in the Cisco world, you would need to create an ACL and apply that
with the route-map to the incoming interface, in Junos you create a filter
and apply the filter to the interface:
[edit firewall family inet filter fbf-redirect-filter]
term t1 {
from {
address {
192.168.99.2/32;
}
}
then {
routing-instance fbf-test;
}
}
term t2 {
then accept;
}
[edit interfaces xe-9/0/0 unit 40]
vlan-id 40;
family inet {
filter {
input fbf-redirect-filter;
}
address 192.168.99.1/30;
}
At this point, Junos is more complex as it adds a layer of abstraction
with the concept of rib-groups. You create your rib group by importing
FIRST the table belonging to your virtual router and SECOND the table for
the forwarding instance that has the next-hop specified:
[edit routing-options]
rib-groups {
fbf-rib-test {
import-rib [ VirtualRtr.inet.0 fbf-test.inet.0 ];
}
}
So here is the forwarding routing instance that defines the next-hop IP.
But you'll need to make sure you can resolve the next-hop, so you
associate the interface-routes with the rib-group you've created within
the virtual routing instance:
[edit routing-instances fbf-test]
instance-type forwarding;
routing-options {
static {
route 0.0.0.0/0 next-hop 192.168.255.1; ## PBR-like next-hop
}
}
[edit routing-instances VirtualRtr]
instance-type virtual-router;
interface xe-9/0/0.40;
interface xe-11/0/0.40;
interface irb.42;
routing-options {
interface-routes {
rib-group inet fbf-rib-test;
static {
route 0.0.0.0/0 next-hop 192.168.0.1; ## Normal next-hop
}
}
In my case above, the 192.168.255.1 is hanging off of the irb.42
interface. Everything resolves in the routing tables:
show route table VirtualRtr
0.0.0.0/0 *[Static/5] 25w4d 07:20:38
to 192.168.0.1 via xe-11/0/0.40
show route table fbf-test
0.0.0.0/0 *[Static/5] 00:54:31
to 192.168.255.1 via irb.42
And also you can verify the forwarding entries (my IRB is part of a vpls
interface, hence the reference to the lsi):
show route forwarding-table table VirtualRtr
Routing table: VirtualRtr.inet
Internet:
DestinationType RtRef Next hop Type Index NhRef Netif
defaultuser 0 0:23:9c:10:10:40 ucst 183639
xe-11/0/0.40
defaultperm 0rjct 643 2
0.0.0.0/32 perm 0dscd 641 1
show route forwarding-table table fbf-test
Routing table: fbf-test.inet
Internet:
DestinationType RtRef Next hop Type Index NhRef Netif
defaultuser 0 0:10:db:ee:10:0ucst 4721 3
lsi.1048729
defaultperm 0rjct 7005 2
0.0.0.0/32 perm 0dscd 6937 1
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
[j-nsp] M-Series DHCP Server
Hi, We are trying to configure JUNIPER M-Series with dhcp-local-server without any good results. Basically we are configuring: set system services dhcp-local-server and set access address-assignment It is not working and the router is dropping the DHCP Requests ... Does anyone has some experience with this ? How can I make it work ? Thanks a lot, Giuliano ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
