SRX

last person joined: 3 days ago 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.
  • 1.  Multiple wan load balancing and failover

    Posted 04-13-2012 04:06

    Hi,

     

    I currently have an office with a SRX210H used as the gateway, with two adsl modems connected and using PPPoE to connect to the ISP. Addresses are defined through the PPP authentication, but they are static. 

     

    I have 2 vlans, 35 for data (subnet 10.0.35.0/24), and 36 for voice (subnet 192.168.36.0/24). what I would like is to have is under normal circumstances, all traffic from vlan 35 to go via pp0.0 and vlan 36 to go via pp0.1. in the case that either PPPoE link fails, the traffic should route through the available ppp session until the link is restored. 

     

    thanks for your help in advance, let me know if you need any more information

     

    cheers


    #fbf
    #load.balancing


  • 2.  RE: Multiple wan load balancing and failover
    Best Answer

    Posted 04-13-2012 04:54

    Hi,

     

    Just in case ,, you haven't seen this KB17223 - How to configure Filter Based Forwarding on SRX for a typical dual-ISP scenario

     

    This should give you an idea( though it is not specifically for pp0 links and you need to change the firewall filter match conditions to suit your requirement)



  • 3.  RE: Multiple wan load balancing and failover

    Posted 04-13-2012 05:35

    Thanks, that's exactly what i need. I'll implement that and let you know how it goes.

     

    just one question, in that tutorial where it has 

     

     static {
            route 0.0.0.0/0 next-hop [ 10.1.1.2 10.2.2.2 ];

     

    i assume i can just replace with:

     

     static {
            route 0.0.0.0/0 next-hop [ pp0.0 pp0.1 ];

     

    is that correct?



  • 4.  RE: Multiple wan load balancing and failover

    Posted 04-13-2012 05:47

    Yes, thats correct.  They are the ISPs addresses, you can use your pp0 units as the default route next-hops.



  • 5.  RE: Multiple wan load balancing and failover

    Posted 04-14-2012 04:48
      |   view attached

    Thanks for your help. I have updated my config, but it seems to be pusing data out through pp0.1 instead of following the FBR rules... I've been through it a hundred times but can't figure out why its not working as intended. heres the relevant bits of my config, let me know if a full config upload would be more useful

     

        vlan {
            unit 35 {
                family inet {
                    filter {
                        input load-balance;
                    }
                    address 10.0.35.250/24;
                }
            }
            unit 36 {
                family inet {
                    filter {
                        input load-balance;
                    }
                    address 192.168.36.1/24;
                }
            }
        }

     

    routing-options {
        interface-routes {
            rib-group inet load-balance;
        }
        static {
            route 0.0.0.0/0 {
                        next-hop pp0.0;
                        qualified-next-hop pp0.1;
                    }
        }
        rib-groups {
            load-balance {
                import-rib [ inet.0 routing-table-data.inet.0 routing-table-voice.inet.0 ];
            }
        }
    }

     

    firewall {
        filter load-balance {
            term Data {
                from {
                    source-address {
                        10.0.35.0/24;
                    }
                }
                then {
                    routing-instance routing-table-data;
                }
            }
            term Voice {
                from {
                    source-address {
                        192.168.36.0/24;
                    }
                }
                then {
                    routing-instance routing-table-voice;
                }
            }
        }
    }
    routing-instances {
        routing-table-data {
            instance-type forwarding;
            routing-options {
                static {
                    route 0.0.0.0/0 {
                        next-hop pp0.0;
                        qualified-next-hop pp0.1 {
                            preference 100;
                        }
                    }
                }
            }
        }
        routing-table-voice {
            instance-type forwarding;
            routing-options {
                static {
                    route 0.0.0.0/0 {
                        next-hop pp0.1;
                        qualified-next-hop pp0.0 {
                            preference 100;
                        }
                    }
                }
            }
        }
    }

     

    Thanks again for your help!

     

    edit: full config has been attached just incase my post misses something

    Attachment(s)

    txt
    srx210.txt   14 KB 1 version


  • 6.  RE: Multiple wan load balancing and failover

    Posted 04-15-2012 09:13

    Hi,

     

    is it hitting the firewall filter ? can be verified by adding a counter to the firewall terms and see when we generate traffic , the counter increases or not ?   also, security flow traceoptions with flag all  and specific packet-filter ,should give us a better idea . 



  • 7.  RE: Multiple wan load balancing and failover

    Posted 04-15-2012 18:28

    Hi,

     

    It seems that traffic is hitting the firewall filter:

     

     

     

    root@gateway.bvp> show firewall
    
    Filter: load-balance
    Counters:
    Name                                                Bytes              Packets
    count-data                                        4965368                 9292
    count-voice                                       5355854                26995

     

     

     

    i will try set traceoptions and let you know. thanks again for your help



  • 8.  RE: Multiple wan load balancing and failover

    Posted 05-21-2012 21:28
    Is there a way to carry out a round robin load-balance on dual-ISP links in SRX?