Re: [j-nsp] Broken Per-Flow load sharing
For anyone curious, Juniper seems to have 3 ways to solve this problem:
http://www.juniper.net/techpubs/software/junos/junos93/swconfig-policy/configuring-per-flow-load-balancing-information.html#id-11352490
I can't say I understand all 3 (docs are a bit vague). We implemented the first
and it worked perfectly:
[edit forwarding-options hash-key]
family inet {
layer-3;
layer-4;
}
Serge
- Original Message
From: Serge Vautour sergevaut...@yahoo.ca
To: juniper-nsp@puck.nether.net
Sent: Thursday, August 20, 2009 11:44:25 AM
Subject: [j-nsp] Broken Per-Flow load sharing
Hello,
We have several M320s T640s in our network running 8.5R4.3. They are all
configured for per-flow load sharing:
RouterA show configuration routing-options forwarding-table
export perDestinationLoadBalance;
RouterA show configuration policy-options policy-statement
perDestinationLoadBalance
/* Policy exported against forwarding-table configuration to ensure
per-flow-destination load balance */
then {
load-balance per-packet;
}
The routers have 2x 10GEs via switches to reach Aggregation routers. OSPF sees
2 equal cost paths to the BGP next hops and splits the traffic across the
links. This has been working fine for a few years (it worked on 8.2 as well).
We recently upgraded to 9.3R2.8 and load sharing is no longer working:
RouterA show interfaces xe-1/0/0 detail | match Output packets.*pps
Output packets: 61838797 pps
Output packets:00 pps
Output packets:525426 pps
Output packets:192790 pps
Output packets: 31340 pps
Output packets:00 pps
RouterA show interfaces xe-2/0/0 detail | match Output packets.*pps
Output packets: 285078265156 228705 pps
Output packets:00 pps
Output packets: 280511288646 221803 pps
Output packets: 4118406919 6075 pps
Output packets:442607080 894 pps
Output packets:00 pps
The first Output line is the 10GE aggregate. The other output lines are the
VLANs on the 10GE. Note that the xe-1/0/0 interface has next to 0 pps on
output!! We have upgraded two M320s and they are both showing the same problem.
My guess is that the per-flow load balancing hash has changed in the newer
release. The 9.3 manual talks about setting something like this:
[edit forwarding-options hash-key]
family inet {
layer-3;
layer-4;
}
But it's a bit unclear as to what happens if it isn't set. Can anyone confirm
that this will restore per-flow load sharing?
Any help would be appreciated.
Thanks,
Serge
__
Looking for the perfect gift? Give the gift of Flickr!
http://www.flickr.com/gift/
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
__
The new Internet Explorer® 8 - Faster, safer, easier. Optimized for Yahoo!
Get it Now for Free! at http://downloads.yahoo.com/ca/internetexplorer/
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] Broken Per-Flow load sharing
Hey Serge,
The default behavior is to look at layer-3 info only. The option you
configured below add the layer-4 information to the hash.
Starting in JUNOS 9.5, for MX routers with layer-2 links and link
aggregation, there are more options. In addition to:
[edit forwarding options hash key]
family inet
there is also:
[edit forwarding options hash key]
family multiservice
http://www.juniper.net/techpubs/software/junos/junos95/swconfig-layer-2/id-load-link-sec.html
This is used to layer-2 links can also look at the layer-3 and layer-4
information.
Cheers,
-Andy
On Fri, Aug 21, 2009 at 2:53 PM, Serge Vautour sergevaut...@yahoo.cawrote:
For anyone curious, Juniper seems to have 3 ways to solve this problem:
http://www.juniper.net/techpubs/software/junos/junos93/swconfig-policy/configuring-per-flow-load-balancing-information.html#id-11352490
I can't say I understand all 3 (docs are a bit vague). We implemented the
first and it worked perfectly:
[edit forwarding-options hash-key]
family inet {
layer-3;
layer-4;
}
Serge
- Original Message
From: Serge Vautour sergevaut...@yahoo.ca
To: juniper-nsp@puck.nether.net
Sent: Thursday, August 20, 2009 11:44:25 AM
Subject: [j-nsp] Broken Per-Flow load sharing
Hello,
We have several M320s T640s in our network running 8.5R4.3. They are all
configured for per-flow load sharing:
RouterA show configuration routing-options forwarding-table
export perDestinationLoadBalance;
RouterA show configuration policy-options policy-statement
perDestinationLoadBalance
/* Policy exported against forwarding-table configuration to ensure
per-flow-destination load balance */
then {
load-balance per-packet;
}
The routers have 2x 10GEs via switches to reach Aggregation routers. OSPF
sees 2 equal cost paths to the BGP next hops and splits the traffic across
the links. This has been working fine for a few years (it worked on 8.2 as
well).
We recently upgraded to 9.3R2.8 and load sharing is no longer working:
RouterA show interfaces xe-1/0/0 detail | match Output packets.*pps
Output packets: 61838797 pps
Output packets:00 pps
Output packets:525426 pps
Output packets:192790 pps
Output packets: 31340 pps
Output packets:00 pps
RouterA show interfaces xe-2/0/0 detail | match Output packets.*pps
Output packets: 285078265156 228705 pps
Output packets:00 pps
Output packets: 280511288646 221803 pps
Output packets: 4118406919 6075 pps
Output packets:442607080 894 pps
Output packets:00 pps
The first Output line is the 10GE aggregate. The other output lines are
the VLANs on the 10GE. Note that the xe-1/0/0 interface has next to 0 pps on
output!! We have upgraded two M320s and they are both showing the same
problem.
My guess is that the per-flow load balancing hash has changed in the newer
release. The 9.3 manual talks about setting something like this:
[edit forwarding-options hash-key]
family inet {
layer-3;
layer-4;
}
But it's a bit unclear as to what happens if it isn't set. Can anyone
confirm that this will restore per-flow load sharing?
Any help would be appreciated.
Thanks,
Serge
__
Looking for the perfect gift? Give the gift of Flickr!
http://www.flickr.com/gift/
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
__
The new Internet Explorer® 8 - Faster, safer, easier. Optimized for Yahoo!
Get it Now for Free! at http://downloads.yahoo.com/ca/internetexplorer/
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] Broken Per-Flow load sharing
Beginning with JUNOS Release 9.3, you can enable router-specific load
balancing by configuring a unique, load balance hash value for each
Packet
Forwarding Engine slot.
To configure per-prefix load balancing. include the load-balance
statement
at the [edit forwarding-options] hierarchy level:
[edit forwarding-options]
load-balance {
indexed-next-hop;
per-flow {
hash-seed number; ---
}
}
To enable per-flow load balancing, you must include the hash-seed number
statement. The range that you can configure is 0 through 65,535. 0 is
the
default value; Though if no hash seed is configured, the elected
forwarding next hop should be the same as in previous releases.
Hope it helps!
Thanks Regards,
Tarique A. Nalkhande
-Original Message-
From: juniper-nsp-boun...@puck.nether.net
[mailto:juniper-nsp-boun...@puck.nether.net] On Behalf Of Serge Vautour
Sent: Thursday, August 20, 2009 8:14 PM
To: juniper-nsp@puck.nether.net
Subject: [j-nsp] Broken Per-Flow load sharing
Hello,
We have several M320s T640s in our network running 8.5R4.3. They are
all configured for per-flow load sharing:
RouterA show configuration routing-options forwarding-table
export perDestinationLoadBalance;
RouterA show configuration policy-options policy-statement
perDestinationLoadBalance
/* Policy exported against forwarding-table configuration to ensure
per-flow-destination load balance */
then {
load-balance per-packet;
}
The routers have 2x 10GEs via switches to reach Aggregation routers.
OSPF sees 2 equal cost paths to the BGP next hops and splits the traffic
across the links. This has been working fine for a few years (it worked
on 8.2 as well).
We recently upgraded to 9.3R2.8 and load sharing is no longer working:
RouterA show interfaces xe-1/0/0 detail | match Output packets.*pps
Output packets: 61838797 pps
Output packets:00 pps
Output packets:525426 pps
Output packets:192790 pps
Output packets: 31340 pps
Output packets:00 pps
RouterA show interfaces xe-2/0/0 detail | match Output packets.*pps
Output packets: 285078265156 228705 pps
Output packets:00 pps
Output packets: 280511288646 221803 pps
Output packets: 4118406919 6075 pps
Output packets:442607080 894 pps
Output packets:00 pps
The first Output line is the 10GE aggregate. The other output lines
are the VLANs on the 10GE. Note that the xe-1/0/0 interface has next to
0 pps on output!! We have upgraded two M320s and they are both showing
the same problem.
My guess is that the per-flow load balancing hash has changed in the
newer release. The 9.3 manual talks about setting something like this:
[edit forwarding-options hash-key]
family inet {
layer-3;
layer-4;
}
But it's a bit unclear as to what happens if it isn't set. Can anyone
confirm that this will restore per-flow load sharing?
Any help would be appreciated.
Thanks,
Serge
__
Looking for the perfect gift? Give the gift of Flickr!
http://www.flickr.com/gift/
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
