Routing
Highlighted
Routing

MX router and filter-based forwarding over multiple links

2 weeks ago

Hello all.

I would like to know is it possible to implement, in some way, filter-based forwarding from one source IP address over multiple outgoing links?
We have 3 internet links(we are using BGP on all of them) and we would like to see if there is a way for the MX router to forward traffic from a specific source over all 3 links perhaps in some sort of round robin fashion.

We know we can force traffic over 1 link but are interested to see if this can be done over 3 links.

Thanks in advance for any help.

12 REPLIES 12
Highlighted
Routing

Re: MX router and filter-based forwarding over multiple links

2 weeks ago

Hello,

If the src IP is constant but dst IP and/or ports are varied widely enough, then usual "load-balance per-packet" policy will take care of it just fine.

If src IP, dst IP, ports are not varied, then round-robin (in reality anything but per-flow) will wreak havoc to Your application unless this application is specifically written to care about packet misordering

Please check out this link 

https://www.juniper.net/documentation//en_US/junos/topics/reference/configuration-statement/load-bal...

 

HTH

Thx

Alex

_____________________________________________________________________

Please ask Your Juniper account team about Juniper Professional Services offerings.
Juniper PS can design, test & build the network/part of the network as per Your requirements

+++++++++++++++++++++++++++++++++++++++++++++

Accept as Solution = cool !
Accept as Solution+Kudo = You are a Star !
Highlighted
Routing

Re: MX router and filter-based forwarding over multiple links

[ Edited ]
2 weeks ago

Thanks for the response  This is, I think, what we have been looking for and has sparked some additional ideas. The traffic is mostly video so from the link you pasted I think I could make this work with something like this:

 

1. enable load balancing globally on BGP(we use only BGP in this segment of the network as our routers use BGP to communicate between themselves and with external peers).

2. configure a policy statement that includes the server IP(or IPs if the need comes up in the future) like this:

policy-statement policy-name {
from {
match-conditions;
route-filter destination-prefix match-type <actions>;
prefix-list name;
}
then {
load-balance per-packet;
}
}
 
3. export the policy to the forwarding table
 
4. optional step - I could remove load balancing from a specific external BGP neighbor if the need arises due other factors

5. optional step - since this is mostly video traffic we could also traffic shape this traffic with something like this, to prevent link saturation with only video, applied to the outbound firewall filter:

set firewall policer ratelimit_UDP if-exceeding bandwidth-limit 1g
set firewall policer ratelimit_UDP if-exceeding burst-size-limit 18750000
set firewall policer ratelimit_UDP then discard

set firewall policer ratelimit_TCP if-exceeding bandwidth-limit 9g
set firewall policer ratelimit_TCP if-exceeding burst-size-limit 168750000
set firewall policer ratelimit_TCP then discard
Highlighted
Routing

Re: MX router and filter-based forwarding over multiple links

2 weeks ago

Hello,

 

Point by point:

 


@igor.hamzic81 wrote:

 

1. enable load balancing globally on BGP(we use only BGP in this segment of the network as our routers use BGP to communicate between themselves and with external peers).

2. configure a policy statement that includes the server IP(or IPs if the need comes up in the future) like this:

policy-statement policy-name {
from {
match-conditions;
route-filter destination-prefix match-type <actions>;
prefix-list name;
}
then {
load-balance per-packet;
}
}
 
3. export the policy to the forwarding table

 

It's actually the best practice to enable "load-balance per-packet" on ALL prefixes, without "from" clause.

Such policy is required for many JUNOS features to work properly such as:

1/ RSVP-TE Fast Reroute (any flavor)

2/ LFA, rLFA, TI-LFA

3/ BGP PIC

etc etc

Basically, anything that requires a pre-installation of additional nexthops in the PFE requires this policy, without "from" clause, to be configured.

 


@igor.hamzic81 wrote:
 
4. optional step - I could remove load balancing from a specific external BGP neighbor if the need arises due other factors

 

You may have a corner case but I have never seen such need in my projects over many years.

 

 


@igor.hamzic81 wrote:

5. optional step - since this is mostly video traffic we could also traffic shape this traffic with something like this, to prevent link saturation with only video, applied to the outbound firewall filter:

set firewall policer ratelimit_UDP if-exceeding bandwidth-limit 1g
set firewall policer ratelimit_UDP if-exceeding burst-size-limit 18750000
set firewall policer ratelimit_UDP then discard

set firewall policer ratelimit_TCP if-exceeding bandwidth-limit 9g
set firewall policer ratelimit_TCP if-exceeding burst-size-limit 168750000
set firewall policer ratelimit_TCP then discard

 

This is not shaping, this is policing - I hope You know the difference.

To do shaping separately for TCP and UDP, you'd need JUNOS feature called "traffic-control-profiles"

https://www.juniper.net/documentation/en_US/junos/topics/task/configuration/cos-configuring-traffic-...

https://www.juniper.net/documentation/en_US/junos/topics/reference/configuration-statement/output-tr...

 

HTH

Thx

Alex

_____________________________________________________________________

Please ask Your Juniper account team about Juniper Professional Services offerings.
Juniper PS can design, test & build the network/part of the network as per Your requirements

+++++++++++++++++++++++++++++++++++++++++++++

Accept as Solution = cool !
Accept as Solution+Kudo = You are a Star !
Highlighted
Routing

Re: MX router and filter-based forwarding over multiple links

a week ago

@aarseniev wrote:

Hello,

 

Point by point:

 


@igor.hamzic81 wrote:

 

1. enable load balancing globally on BGP(we use only BGP in this segment of the network as our routers use BGP to communicate between themselves and with external peers).

2. configure a policy statement that includes the server IP(or IPs if the need comes up in the future) like this:

policy-statement policy-name {
from {
match-conditions;
route-filter destination-prefix match-type <actions>;
prefix-list name;
}
then {
load-balance per-packet;
}
}
 
3. export the policy to the forwarding table

 

It's actually the best practice to enable "load-balance per-packet" on ALL prefixes, without "from" clause.

Such policy is required for many JUNOS features to work properly such as:

1/ RSVP-TE Fast Reroute (any flavor)

2/ LFA, rLFA, TI-LFA

3/ BGP PIC

etc etc

Basically, anything that requires a pre-installation of additional nexthops in the PFE requires this policy, without "from" clause, to be configured.

 

 

 

With current traffic distribution using either local preference or best AS path without any intervention on our side we have achieved that traffic is distributed over the links in such a way that most of the outgoing traffic is going over our to our local Internet exchange link. That is OK as most of our users are within our country and the response time is minimal.

 

If I understand this correctly if we enable this without a from statement(for a few specific IPs) we will load balance all traffic across all the links. Is this correct?

 

 

 


@igor.hamzic81 wrote:

5. optional step - since this is mostly video traffic we could also traffic shape this traffic with something like this, to prevent link saturation with only video, applied to the outbound firewall filter:

set firewall policer ratelimit_UDP if-exceeding bandwidth-limit 1g
set firewall policer ratelimit_UDP if-exceeding burst-size-limit 18750000
set firewall policer ratelimit_UDP then discard

set firewall policer ratelimit_TCP if-exceeding bandwidth-limit 9g
set firewall policer ratelimit_TCP if-exceeding burst-size-limit 168750000
set firewall policer ratelimit_TCP then discard

 

This is not shaping, this is policing - I hope You know the difference.

To do shaping separately for TCP and UDP, you'd need JUNOS feature called "traffic-control-profiles"

https://www.juniper.net/documentation/en_US/junos/topics/task/configuration/cos-configuring-traffic-...

https://www.juniper.net/documentation/en_US/junos/topics/reference/configuration-statement/output-tr...

 


 

Yeah I meant policing and not shaping. But thank you for the links though. They will prove useful if we need to shape in the future.

Highlighted
Routing

Re: MX router and filter-based forwarding over multiple links

a week ago

Hello,

 


@igor.hamzic81 wrote:

If I understand this correctly if we enable this without a from statement(for a few specific IPs) we will load balance all traffic across all the links. Is this correct?

 

 

No, Your understanding is incorrect. The forwarding table JUNOS policy takes effect after all control plane' best path selection algorithms are completed and there are >1 paths left. Absense of forwarding table policy means only 1 path gets selected for a given prefix.

So what You are doing with BGP path selection (when only 1 best path over 1 link is selected), will be preserved.

In other words, the paths that were disqualified by control plane best path selection will not be reconsidered again by forwarding table policy.

Hope this makes sense.

 

HTH

Thx

Alex

 

 

_____________________________________________________________________

Please ask Your Juniper account team about Juniper Professional Services offerings.
Juniper PS can design, test & build the network/part of the network as per Your requirements

+++++++++++++++++++++++++++++++++++++++++++++

Accept as Solution = cool !
Accept as Solution+Kudo = You are a Star !
Highlighted
Routing

Re: MX router and filter-based forwarding over multiple links

a week ago

No, Your understanding is incorrect. The forwarding table JUNOS policy takes effect after all control plane' best path selection algorithms are completed and there are >1 paths left. Absense of forwarding table policy means only 1 path gets selected for a given prefix.

So what You are doing with BGP path selection (when only 1 best path over 1 link is selected), will be preserved.

In other words, the paths that were disqualified by control plane best path selection will not be reconsidered again by forwarding table policy.

Hope this makes sense.

 

HTH

Thx

Alex

 

 


I'm still a bit fuzzy on this. So if we implement policy forwarding for specific IPs, with our current BGP path selection, we will only load balance the traffic for those IPs and the rest of the traffic will use only one path?

Highlighted
Routing

Re: MX router and filter-based forwarding over multiple links

[ Edited ]
a week ago

Hello,

 


@igor.hamzic81 wrote:

I'm still a bit fuzzy on this. So if we implement policy forwarding for specific IPs, with our current BGP path selection, we will only load balance the traffic for those IPs and the rest of the traffic will use only one path?


 

Ok let me give You an example.

Say, You have 1 prefix 10.10.10/24 and 2 ECMP paths towards it (i.e. You implemented BGP "multipath" feature for peers that advertise You this prefix)

Then You have 1 prefix 198.51.100/24 and 3 ECMP paths towards it (same as above, with BGP "multipath" knob)

And then You have:

OSPF 203.0.113/24 prefix with 2 ECMP paths towards it, and

static 192.168/16 prefix with 2 possible paths/nexthops but You depreferred one of them using preference/metric.

You implemented following forwarding table policy:

 

 

set policy-options policy-statement PL-LB term 1 from route-filter 10.10.10/24 exact
set policy-options policy-statement PL-LB term 1 from route-filter 192.168/16 exact
set policy-options policy-statement PL-LB term 1 then load-balance per-packet
set policy-options policy-statement PL-LB term 1 then accept
set routing-options forwarding-table export PL-LB

 

 

Then the end result is:

a] transit traffic destined to 10.10.10/24 is load-balanced per flow across 2 ECMP paths

b] transit traffic towards 198.51.100/24 is not load-balanced , and sent along one of possible paths which was selected randomly.

c] transit traffic towards 203.0.113/24 is not load-balanced either, and sent along one of possible paths which was selected randomly.

d] transit traffic towards 192.168/16 is not load-balanced, it is sent along 1 best path.

 

The rules for locally-generated traffic are different.

 

Hope this makes sense.

HTH

Thx

Alex

_____________________________________________________________________

Please ask Your Juniper account team about Juniper Professional Services offerings.
Juniper PS can design, test & build the network/part of the network as per Your requirements

+++++++++++++++++++++++++++++++++++++++++++++

Accept as Solution = cool !
Accept as Solution+Kudo = You are a Star !
Highlighted
Routing

Re: MX router and filter-based forwarding over multiple links

Thursday

Hi Alex,

 

thanks for the explanation. It really did clarify it a lot for me.

Also I did research if it's possible to do load balancing only traffic from specific servers in our AS. For example if it's possible to load balance only traffic coming from server x.x.x.x that is part of our public range and generates a lot of traffic we would like to redistribute over the links and didn't have much luck.

 

Do you have any experience with that kind of setup or is it possible to achieve something like this at all?

Highlighted
Routing

Re: MX router and filter-based forwarding over multiple links

Thursday

Hello,

 


@igor.hamzic81 wrote:


Also I did research if it's possible to do load balancing only traffic from specific servers in our AS. For example if it's possible to load balance only traffic coming from server x.x.x.x that is part of our public range and generates a lot of traffic we would like to redistribute over the links and didn't have much luck.

 

Do you have any experience with that kind of setup or is it possible to achieve something like this at all?


 

Right, as I said before, if Your server has ECMP towards its traffic destinations, then forwarding table policy will load-balance per flow among these available ECMP paths.

If not then You have to equalize them/make the available unequal-cost paths equal-cost, for example, by overriding the BGP best path selection with static routes etc etc.

A diagram of Your network topology, current BGP arch and sanitized configurations would help a lot.

HTH

Thx

Alex

 

 

 

 

 

_____________________________________________________________________

Please ask Your Juniper account team about Juniper Professional Services offerings.
Juniper PS can design, test & build the network/part of the network as per Your requirements

+++++++++++++++++++++++++++++++++++++++++++++

Accept as Solution = cool !
Accept as Solution+Kudo = You are a Star !
Highlighted
Routing

Re: MX router and filter-based forwarding over multiple links

Thursday

Hi Alex,

 

I understand what you are saying and your previous examples were great in showing how this works.
What I'm trying to find out now is if it's possible to make forwarding table policy load balance(after making all links equal cost) traffic only from 1 specific server/IP in our public network and to make all other traffic from our public network use only the best path.

For a brief overview of the network we have MX routers connected to 3 ISPs receiving full BGP tables from them. We also have a link to our local internet exchange also with BGP receiving routes from members.

For routes we have configured local preference so that any routes received from the internet exchange will be the best one.
Links to the 3 ISPs have various local preferences configured based on link capabilities, burst rate, ...

Highlighted
Routing
Solution
Accepted by topic author igor.hamzic81
Friday

Re: MX router and filter-based forwarding over multiple links

[ Edited ]
Thursday

Hello,

I believe Your real problem statement is as follows:

- how do I equalize the 3 available paths for a single server so this and only this server can load-balance by flow over these 3 links, and the other servers can utilize their respective BGP best path(s) over same links. 

 

The easiest way for this to happen is to use JUNOS FBF by putting the traffic with src IP == that server IP into a routing instance and configure a static 0/0 route with 3 nexthops inside that instance. Of course, do not forget to leak the interface subnets from respective 3 links into that instance otherwise this 0/0 route will be hidden.

The forwarding table policy which took so long time to discuss will have to be as below

 

set policy-options policy-statement PL-LB term 1 then load-balance per-packet
set policy-options policy-statement PL-LB term 1 then accept
set routing-options forwarding-table export PL-LB

 

And since You said You use BGP attributes to always select 1 best path, all other servers' outgoing traffic will not have ECMP available to them. Only the traffic from Your chosen server will have 3xECMP available inside that routing instance and forwarding table policy will ensure the 3xECMP will be used.

Of course, You could enhance this solution with backup 0/0 pointing to somewhere and whatnot, if You wish.

One last thing - some ISPs explicitly prohibit pointing 0/0 to them so be careful NOT to send them traffic destined to subnets they did not advertise to You.

HTH

Thx

Alex

 

 

_____________________________________________________________________

Please ask Your Juniper account team about Juniper Professional Services offerings.
Juniper PS can design, test & build the network/part of the network as per Your requirements

+++++++++++++++++++++++++++++++++++++++++++++

Accept as Solution = cool !
Accept as Solution+Kudo = You are a Star !
Highlighted
Routing

Re: MX router and filter-based forwarding over multiple links

Friday

Thanks Alex. I think this is what I was searching for.

I will now have to see how to configure a routing instance with these modifications and to properly test it. 

Feedback