SRX Services Gateway
SRX Services Gateway

SRX 300 Cluster load balancing not working properly

[ Edited ]
‎06-05-2019 09:55 AM


I've set up an SRX300 Cluster for a customer. I've got one cable from each member running to the customer switch in a reth interface, and have two 100Mbps WAN links, one on ge-0/0/3 and one on ge-1/0/3.


I'm having issues load balancing my outbound traffic

I'm running version 15.1X49-D70.3


I've set up OSPF between this cluster and my MX in the DC. The load balancing from the MX down to the SRX works fine, however it looks like outbound traffic from my SRX to the MX isn't working properly.


Traceroutes show the traffic taking different links if I run it a few times in succession, but it seems transit traffic is only going over the link on ge-0/0/3.


Cluster config:




hostname> show chassis cluster status
Monitor Failure codes:
    CS  Cold Sync monitoring        FL  Fabric Connection monitoring
    GR  GRES monitoring             HW  Hardware monitoring
    IF  Interface monitoring        IP  IP monitoring
    LB  Loopback monitoring         MB  Mbuf monitoring
    NH  Nexthop monitoring          NP  NPC monitoring
    SP  SPU monitoring              SM  Schedule monitoring
    CF  Config Sync monitoring

Cluster ID: 1
Node   Priority Status         Preempt Manual   Monitor-failures

Redundancy group: 0 , Failover count: 1
node0  100      primary        no      no       None
node1  1        secondary      no      no       None

Redundancy group: 1 , Failover count: 37
node0  100      primary        yes     no       None
node1  1        secondary      yes     no       None

Redundancy group: 2 , Failover count: 1
node0  100      primary        yes     no       None
node1  1        secondary      yes     no       None

hostname> show configuration chassis cluster
reth-count 3;
redundancy-group 0 {
node 0 priority 100;
node 1 priority 1;
redundancy-group 1 {
node 0 priority 100;
node 1 priority 1;
interface-monitor {
ge-0/0/4 weight 255;
redundancy-group 2 {
node 0 priority 100;
node 1 priority 1;
interface-monitor {
ge-0/0/5 weight 255;

I see the route being added if I do a show route:



hostname> show route forwarding-table
Routing table: default.inet
Destination        Type RtRef Next hop           Type Index    NhRef Netif
default            user     2                    ulst   262143     8
                              f4:b5:2f:db:ad:4b  ucst     1616     2 ge-0/0/3.0
                              f4:b5:2f:db:ad:4c  ucst     1617     2 ge-1/0/3.0
default            perm     0                    rjct       36     2         perm     0                    dscd       34     1

hostname> show route

inet.0: 100 destinations, 100 routes (100 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both          *[OSPF/150] 1d 02:24:30, metric 0, tag 0
                      to via ge-0/0/3.0
                    > to via ge-1/0/3.0
hostname> show configuration routing-options
forwarding-table {

hostname> show configuration policy-options policy-statement LOADBALANCING
term VOICE {
    from {
        prefix-list VOICE;
    then accept;
    then {
        load-balance per-packet;


The config seems correct and I've followed the knowledge base. I've set this up on a single SRX 210 and it works fine. Is this not sending traffic over ge-1/0/3 since it is part of the secondary member? I can't see anything noticeably wrong here



SRX Services Gateway
Accepted by topic author Domin0
‎06-05-2019 11:22 PM

Re: SRX 300 Cluster load balancing not working properly

‎06-05-2019 11:17 PM

In Cluster, secondary node will not process transit packets. You may have to change the WAN connectivity such that both upstream gateway should reachable via primary node and secondary node so that cluster failover will not cause any issue.  Terminate WAN connectivity to a switch and connect both nodes to that switch. Use seperate VLANs for each WAN connectivity and use reth interface on SRX



ge-0/0/3 & ge-1/0/3 --> reth0 -->[valn10] Switch [vlan10] --> WAN1

ge-0/0/4 & ge-1/0/4 --> reth1 --> [vlan20] Switch [vlan20] --> WAN2



JNCIE x3 (SEC #321; SP #2839; ENT #790)
Please Mark My Solution Accepted if it Helped, Kudos are Appreciated too!!!