Screen OS

last person joined: 8 months ago 

This is a legacy community with limited Juniper monitoring.

  • 1.  ECMP

    Posted 11-13-2016 07:12

    hi:
    kindly could you please help me
    I have a juniper ssg550,I have configured 4 lines on it with ecmp and i configure 75 policy based vpn.

    I want to add 5th line and i know that the max for ecmp is 4
     
    so is there any work arround


  • 2.  RE: ECMP

    Posted 11-13-2016 09:37
    AFAIK, there is no workaround

    https://kb.juniper.net/InfoCenter/index?page=content&id=KB7805&actp=search



  • 3.  RE: ECMP

    Posted 11-16-2016 23:11

    thank you Abed AL-R



  • 4.  RE: ECMP
    Best Answer

    Posted 11-14-2016 03:01

    Perhaps you can re-structure your 5 paths into two virtual routers with 2 in one and 3 in the other.

     

    then have your downstream setup in a third VR that has ECMP up to the other two.  

     

    This will not pefectly distribute to the 5 but perhaps give you a better utillization spread than any other option I can think of.  Unfortunately it is a little complicated.



  • 5.  RE: ECMP

    Posted 11-16-2016 23:25

    Thank you my dear Spuluka,

    It was  very helpfull,

    I test it in my enviroment and I will use it in production after two days.



  • 6.  RE: ECMP

    Posted 11-17-2016 04:12

    Hi Spuluka,

    Thank you for cooperation,

    Could you please Advise me What is the best design to load share the traffic with different bandwidth ( 20M and 8M and 2M ,...) ?



  • 7.  RE: ECMP

    Posted 11-19-2016 05:15

    I'm not sure, but I think you are saying the multiple paths in question here have different bandwidth available.  So in that case you don't want to equally distribute the traffic.

     

    ScreenOS has PBR (Policy based routing) that can be used then to distributed traffic based on the source, destination or ports of the traffic similar to security policies.  You would need to monitor the traffic and know about how much is there for some of these criteria then create rules to push the traffic out specific upstreams.

     

    This is covered in chapter 6 of the Routing guide

     

    http://www.juniper.net/techpubs/software/screenos/screenos6.3.0/630_ce_Routing.pdf



  • 8.  RE: ECMP

    Posted 11-20-2016 04:15

    Hi Mr Spuluka,

    Good day,

    Thank you for perfect answer,
    Please could you advise me if I change the configuration from ECMP to PBR, Is this affect on Policy base VPN?
    Which I have Policy base VPN to 70 branch.

     



  • 9.  RE: ECMP

    Posted 11-22-2016 03:04

    The configuration of policy based VPN itself would not change when you use PBR. 

     

    But depending on what traffic you have on the 5 upstreams and where the source and destination is on the network, the contents of the tunnel traffic or the gateway to gateway tunnel traffic may be part of your PBR setup.

     

    Policy based VPN inside tunnel traffic will not be able to be controlled with PBR as a route based tunnel could.  So as long as you don't need to use PBR to choose the tunnels used then there should be no issue.

     

    More likely the remote sites tunneling to this site are using upstream resources and this you could still control with PBR without changing the tunnel itself.