SRX Services Gateway
Reply
Visitor
Renza
Posts: 5
Registered: ‎04-13-2012
0
Accepted Solution

Multiple wan load balancing and failover

Hi,

 

I currently have an office with a SRX210H used as the gateway, with two adsl modems connected and using PPPoE to connect to the ISP. Addresses are defined through the PPP authentication, but they are static. 

 

I have 2 vlans, 35 for data (subnet 10.0.35.0/24), and 36 for voice (subnet 192.168.36.0/24). what I would like is to have is under normal circumstances, all traffic from vlan 35 to go via pp0.0 and vlan 36 to go via pp0.1. in the case that either PPPoE link fails, the traffic should route through the available ppp session until the link is restored. 

 

thanks for your help in advance, let me know if you need any more information

 

cheers

Recognized Expert
JunOS_Fan
Posts: 241
Registered: ‎02-13-2012
0

Re: Multiple wan load balancing and failover

Hi,

 

Just in case ,, you haven't seen this KB17223 - How to configure Filter Based Forwarding on SRX for a typical dual-ISP scenario

 

This should give you an idea( though it is not specifically for pp0 links and you need to change the firewall filter match conditions to suit your requirement)

Best regards
Pradeep (JNCIP-SEC,ENT,SP)
www.networker.co.in
Visitor
Renza
Posts: 5
Registered: ‎04-13-2012
0

Re: Multiple wan load balancing and failover

Thanks, that's exactly what i need. I'll implement that and let you know how it goes.

 

just one question, in that tutorial where it has 

 

 static {
        route 0.0.0.0/0 next-hop [ 10.1.1.2 10.2.2.2 ];

 

i assume i can just replace with:

 

 static {
        route 0.0.0.0/0 next-hop [ pp0.0 pp0.1 ];

 

is that correct?

Recognized Expert
JunOS_Fan
Posts: 241
Registered: ‎02-13-2012
0

Re: Multiple wan load balancing and failover

Yes, thats correct.  They are the ISPs addresses, you can use your pp0 units as the default route next-hops.

Best regards
Pradeep (JNCIP-SEC,ENT,SP)
www.networker.co.in
Visitor
Renza
Posts: 5
Registered: ‎04-13-2012
0

Re: Multiple wan load balancing and failover

[ Edited ]

Thanks for your help. I have updated my config, but it seems to be pusing data out through pp0.1 instead of following the FBR rules... I've been through it a hundred times but can't figure out why its not working as intended. heres the relevant bits of my config, let me know if a full config upload would be more useful

 

    vlan {
        unit 35 {
            family inet {
                filter {
                    input load-balance;
                }
                address 10.0.35.250/24;
            }
        }
        unit 36 {
            family inet {
                filter {
                    input load-balance;
                }
                address 192.168.36.1/24;
            }
        }
    }

 

routing-options {
    interface-routes {
        rib-group inet load-balance;
    }
    static {
        route 0.0.0.0/0 {
                    next-hop pp0.0;
                    qualified-next-hop pp0.1;
                }
    }
    rib-groups {
        load-balance {
            import-rib [ inet.0 routing-table-data.inet.0 routing-table-voice.inet.0 ];
        }
    }
}

 

firewall {
    filter load-balance {
        term Data {
            from {
                source-address {
                    10.0.35.0/24;
                }
            }
            then {
                routing-instance routing-table-data;
            }
        }
        term Voice {
            from {
                source-address {
                    192.168.36.0/24;
                }
            }
            then {
                routing-instance routing-table-voice;
            }
        }
    }
}
routing-instances {
    routing-table-data {
        instance-type forwarding;
        routing-options {
            static {
                route 0.0.0.0/0 {
                    next-hop pp0.0;
                    qualified-next-hop pp0.1 {
                        preference 100;
                    }
                }
            }
        }
    }
    routing-table-voice {
        instance-type forwarding;
        routing-options {
            static {
                route 0.0.0.0/0 {
                    next-hop pp0.1;
                    qualified-next-hop pp0.0 {
                        preference 100;
                    }
                }
            }
        }
    }
}

 

Thanks again for your help!

 

edit: full config has been attached just incase my post misses something

Recognized Expert
JunOS_Fan
Posts: 241
Registered: ‎02-13-2012
0

Re: Multiple wan load balancing and failover

Hi,

 

is it hitting the firewall filter ? can be verified by adding a counter to the firewall terms and see when we generate traffic , the counter increases or not ?   also, security flow traceoptions with flag all  and specific packet-filter ,should give us a better idea . 

Best regards
Pradeep (JNCIP-SEC,ENT,SP)
www.networker.co.in
Visitor
Renza
Posts: 5
Registered: ‎04-13-2012
0

Re: Multiple wan load balancing and failover

[ Edited ]

Hi,

 

It seems that traffic is hitting the firewall filter:

 

 

 

root@gateway.bvp> show firewall

Filter: load-balance
Counters:
Name                                                Bytes              Packets
count-data                                        4965368                 9292
count-voice                                       5355854                26995

 

 

 

i will try set traceoptions and let you know. thanks again for your help

Trusted Contributor
michael.saw
Posts: 1,048
Registered: ‎09-26-2011
0

Re: Multiple wan load balancing and failover

Is there a way to carry out a round robin load-balance on dual-ISP links in SRX?
Thanks!

Michael
JNCIA-JUNOS, JNCIS-ENT/SEC, JNCIP-ENT
(CCNA, ACMP, ACFE, CISE)
"http://www.thechampioncommunity.com/"
CONNECT EVERYTHING. EMPOWER EVERYONE.
Share & Learn. Knowledge is Power.

"If there's a will, there's a way!"
Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.