Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[SRX] How to configure ECMP load balancing for EBGP traffic when the neighbors are in different autonomous systems

0

0

Article ID: KB30685 KB Last Updated: 30 Dec 2015Version: 1.0
Summary:

This article describes how to configure ECMP load balancing for EBGP traffic in a scenario where each of the neighbors is in a different autonomous system.

Symptoms:

As illustrated below, the perimeter SRX (AS 65000) has EBGP neighborships with two ISPs (one from AS65001 and the other from AS65002). Each of the two ISPs is exporting a default route (of the same cost) to the perimeter SRX.

Our aim here is to configure load balancing on the perimeter SRX such that it load balances the Internet traffic equally between the two ISPs. Please note that the load balancing will happen on a per-session basis.


Solution:

Below is the detailed procedure to configure ECMP in the above scenario.

Configure EBGP neighborship with ISP 1:

set protocols bgp group EBGP1 type external
set protocols bgp group EBGP1 local-address 10.1.1.1
set protocols bgp group EBGP1 peer-as 65001
set protocols bgp group EBGP1 multipath multiple-as
set protocols bgp group EBGP1 neighbor 10.1.1.2

Configure EBGP neighborship with ISP2:

set protocols bgp group EBGP2 type external
set protocols bgp group EBGP2 local-address 10.1.2.1
set protocols bgp group EBGP2 peer-as 65002
set protocols bgp group EBGP2 multipath multiple-as
set protocols bgp group EBGP2 neighbor 10.1.2.2

Please make a note that the multiple-as option can be exempted when the neighbors are in the same autonomous system.

Configure load-balancing policy:

set policy-options policy-statement loadbal from route-filter 0.0.0.0/0 exact
set policy-options policy-statement loadbal then load-balance per-packet

Although the above configuration statement mentions "per-packet," the load balancing will be done on a per-session basis.

Applying the load-balancing policy to the routing table:

set routing-options forwarding-table export loadbal

Verifying if ECMP is working as expected:

Check the routing table for for routes from the ISPs involved and make sure that imported routes are of equal cost.

root> show route

inet.0: 7 destinations, 8 routes (7 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

0.0.0.0/0             *[BGP/170] 01:26:50, localpref 100
                         AS path: 65002 I
                      > to 10.1.2.2 via ge-0/0/2.0
                        to 10.1.1.2 via ge-0/0/1.0
                       [BGP/170] 01:26:45, localpref 100
                         AS path: 65001 I
                      > to 10.1.1.2 via ge-0/0/1.0

Now check the forwarding table to make sure that there are two next hops installed for the default route. You can see in the example below where the default route has two next hops (one through ge-0/0/1.0 and the other through ge-0/0/2.0).

root> show route forwarding-table
Routing table: default.inet
Internet:
Destination             Type RtRef Next hop               Type  Index  NhRef Netif
default                  user    0                         ulst 262142 2
                                    0:1f:12:e4:c8:1        ucst 519    3    ge-0/0/2.0
                                    64:87:88:eb:32:1       ucst 532    3    ge-0/0/1.0
default                  perm    0                         rjct 36     1
0.0.0.0/32               perm    0                         dscd 34     1
10.1.1.0/24              intf    0                         rslv 546    1    ge-0/0/1.0


Here is the complete configuration for reference:

set interfaces ge-0/0/0 unit 0 family inet address *.*.*.*/26
set interfaces ge-0/0/1 unit 0 family inet address 10.1.1.1/24
set interfaces ge-0/0/2 unit 0 family inet address 10.1.2.1/24
set routing-options autonomous-system 65000
set routing-options forwarding-table export loadbal
set protocols bgp group EBGP1 type external
set protocols bgp group EBGP1 local-address 10.1.1.1
set protocols bgp group EBGP1 peer-as 65001
set protocols bgp group EBGP1 multipath multiple-as
set protocols bgp group EBGP1 neighbor 10.1.1.2
set protocols bgp group EBGP2 type external
set protocols bgp group EBGP2 local-address 10.1.2.1
set protocols bgp group EBGP2 peer-as 65002
set protocols bgp group EBGP2 multipath multiple-as
set protocols bgp group EBGP2 neighbor 10.1.2.2
set policy-options policy-statement loadbal from route-filter 0.0.0.0/0 exact
set policy-options policy-statement loadbal then load-balance per-packet
set security zones security-zone trust host-inbound-traffic system-services all
set security zones security-zone trust host-inbound-traffic protocols all
set security zones security-zone trust interfaces all
set security policies default-policy permit-all

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search