SRX Services Gateway
Highlighted
SRX Services Gateway

ECMP Load Balancing Bypass for IDP Signature Updates

‎02-25-2019 07:47 AM

Hi All,

 

I am currently implementing an ECMP load-balancing solution for my default route (0.0.0.0/0) on my SRX. I have the load-balancing working as intended for all traffic originating behind the firewall, however, traffic that originates on the device is seeing packet loss. I cannot seem to find a way to bypass the load-balancing for the specific route that I require it to (signature updates for IDP going to services.netscreen.com). 

 

I am wondering if there is a list of all IPs that services.netscreen.com is registered to, so I can just put a static route on my device and point it to one of the two ISP circuits to use. I assume Juniper uses a CDN service to host it so it may be difficult to find a list of all IPs. IF this is the case, does anyone have any other suggestions for my device bypassing the load-balancing?

 

Thanks

Feedback