The post Load Balance Dual ISP Internet in Juniper SRX appeared first on MustBeGeek.
There are two different methods for load balancing internet traffic in Juniper SRX series devices. They are per flow load balancing and filter based forwarding load balancing. Both techniques can be applied to MX series routers as well. You can use any method to load balance dual ISP internet in Juniper SRX or MX series or J series devices. Here, I will load balance dual ISP internet in Juniper SRX device using per flow load balancing method.
Load Balance Dual ISP Internet in Juniper SRX
The diagram below shows our existing scenario. We have two ISPs that we want to load balance the internet traffic to. Two internet links are in UNTRUST zone whereas the internal network is in TRUST zone. I have already configured required security policies.
The first step is to define routing policy. Configure the following policy under [edit-policy-options] hierarchy.
[edit policy-options]root@SRX240# set policy-options policy-statement LOAD-BALANCE then load-balance per-packet [edit policy-options]
root@SRX240# show
policy-statement LOAD-BALANCE { then { load-balance per-packet; } }
The second step is to configure the routing option. Configure the following routing information under [edit-routing-policy] hierarchy.
[edit policy-options]root@SRX240# set routing-options static route 0.0.0.0/0 next-hop 1.1.1.1
[edit policy-options]
root@SRX240# set routing-options static route 0.0.0.0/0 next-hop 2.2.2.1
Now, configure the routing policy called LOAD-BALANCE under the forwarding option.
[edit policy-options]root@SRX240#set routing-options forwarding-table export LOAD-BALANCE
Type show command to view the configuration.
[edit routing-options]root@SRX# show static { route 0.0.0.0/0 next-hop [ 1.1.1.1 2.2.2.1 ]; }
forwarding-table { export LOAD-BALANCE; }
You can now view route forwarding table to verify.
root@SRX> show route forwarding-tableYou will see two next-hop MAC addresses for default destination network.
By default JunOS include only layer 3 IP address to determine the flow but you can change this behavior and include layer 4 as well. To do so hit the following command under [edit forwarding-options] hierarchy.
[edit]root@SRX#set forwarding-options hash-key family inet layer-3
[edit]
root@SRX# set forwarding-options hash-key family inet layer-4 [edit]
root@SRX# show hash-key {
family inet { layer-3;
layer-4;
} }
You can now see the logs or even do tracert from client PC and test the load sharing. You can test from a single PC in the network.
The post Load Balance Dual ISP Internet in Juniper SRX appeared first on MustBeGeek.