Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

TechLibrary
Navigation

Example: Configuring ECMP Flow-Based Forwarding

This example shows how to configure ECMP flow-based forwarding.

Requirements

No special configuration beyond device initialization is required before configuring this feature.

Overview

This example configures three static ECMP routes on an SRX Series device. Each static route uses a different router to reach the destination server. The interfaces to the routers are assigned to the untrust security zone. This example creates a load-balancing routing policy named load-balancing-policy and applies the policy to all routes exported from the routing table to the forwarding table.

Topology

Figure 1 shows the topology used in this example.

Figure 1: ECMP Routes

ECMP Routes

Configuration

CLI Quick Configuration

To quickly configure this example, copy the following commands, paste them into a text file, remove any line breaks, change any details necessary to match your network configuration, and then copy and paste the commands into the CLI at the [edit] hierarchy level.

set interfaces ge-0/0/2 unit 0 family inet address 22.0.39.56/8set interfaces ge-0/0/4 unit 0 family inet address 23.0.39.56/8set interfaces ge-0/0/6 unit 0 family inet address 24.0.39.56/8set interfaces ge-0/0/7 unit 0 family inet address 25.0.39.56/8set routing-options static route 26.0.0.0/8 next-hop 23.0.54.111set routing-options static route 26.0.0.0/8 next-hop 24.0.44.101set routing-options static route 26.0.0.0/8 next-hop 25.0.44.106set security zones security-zone trust interfaces ge-0/0/2set security zones security-zone untrust interfaces ge-0/0/4 ge-0/0/6 ge-0/0/7set security policies from-zone trust to-zone untrust policy permit-mail match source-address 22.0.39.56/8set security policies from-zone trust to-zone untrust policy permit-mail match destination-address 26.0.0.0/8 set security policies from-zone trust to-zone untrust policy permit-mail match application junos-mail set security policies from-zone trust to-zone untrust policy permit-mail then permitset policy-options policy-statement load-balancing-policy then load-balance per-packetset routing-options forwarding-table export load-balancing-policy

Step-by-Step Procedure

The following example requires you to navigate various levels in the configuration hierarchy. For instructions on how to do that, see Using the CLI Editor in Configuration Mode in the CLI User Guide.

To configure ECMP flow-based forwarding:

  1. Configure interfaces.
    [edit interaces]user@host# set ge-0/0/2 unit 0 family inet address 22.0.39.56/8user@host# set ge-0/0/4 unit 0 family inet address 23.0.39.56/8user@host# set ge-0/0/6 unit 0 family inet address 24.0.39.56/8user@host# set ge-0/0/7 unit 0 family inet address 25.0.39.56/8
  2. Create security zones.
    [edit security]user@host# set zones security-zone trust interfaces ge-0/0/2user@host# set zones security-zone untrust interfaces ge-0/0/4user@host# set zones security-zone untrust interfaces ge-0/0/6user@host# set zones security-zone untrust interfaces ge-0/0/7
  3. Configure a security policy.
    [edit security policies from-zone trust to-zone untrust]user@host# set policy permit-mail match source-address 22.0.39.56/8user@host# set policy permit-mail match destination-address 26.0.0.0/8user@host# set policy permit-mail match application junos-mailuser@host# set policy permit-mail then permit
  4. Configure ECMP routes.
    [edit routing-options]user@host# set static route 26.0.0.0/8 next-hop 23.0.54.111user@host# set static route 26.0.0.0/8 next-hop 24.0.44.101user@host# set static route 26.0.0.0/8 next-hop 25.0.44.106
  5. Create a load-balancing routing policy.
    [edit policy-options]user@host# set policy-statement load-balancing-policy then load-balance per-packet
  6. Apply the routing policy to all routes exported from the routing table to the forwarding table.
    [edit routing-options]user@host# set forwarding-table export load-balancing-policy

Results

From configuration mode, confirm your configuration by issuing the show interfaces, show security, show policy-options, and show routing-options command. If the output does not display the intended configuration, repeat the instructions in this example to correct the configuration.

[edit]user@host# show interfaces
ge-0/0/2 {unit 0 {family inet {address 22.0.39.56/8;}}}
ge-0/0/4 {unit 0 {family inet {address 23.0.39.56/8;}}}
ge-0/0/6 {unit 0 {family inet {address 24.0.39.56/8;}}}
ge-0/0/7 {unit 0 {family inet {address 25.0.39.56/8;}}}
user@host# show security
policies {from-zone trust to-zone untrust {policy permit-mail {match {source-address 22.0.39.56/8;destination-address 26.0.0.0/8;application junos-mail;}then {permit;}}}}
zones {security-zone trust {interfaces {ge-0/0/2.0;}}security-zone untrust {interfaces {ge-0/0/4.0;ge-0/0/6.0;ge-0/0/7.0;}}}
user@host# show policy-options
policy-statement load-balancing-policy {then {load-balance per-packet;}}
[edit]user@host# show routing-options
forwarding-table {export load-balancing-policy;}
static {route 0.0.0.0/0 next-hop 10.100.37.1;route 26.0.0.0/8 next-hop [ 23.0.54.111 25.0.44.106 24.0.44.101 ];}

If you are done configuring the device, enter commit from configuration mode.

Verification

Verifying the Forwarding Table

Purpose

Verify that the route information for all ECMP routes appears in the forwarding table.

Action

From operational mode, enter the show route forwarding-table command.

user@host> show route forwarding-table
Routing table: default.inet
Internet:
Destination        Type RtRef Next hop           Type Index NhRef Netif
...

26.0.0.0/8         user     0 23.0.54.111        rslv     0     1 ge-0/0/4.0
26.0.0.0/8         user     0 24.0.44.101        rslv     0     1 ge-0/0/6.0
26.0.0.0/8         user     0 25.0.44.106        rslv     0     1 ge-0/0/7.0

...
 

Related Documentation

 

Published: 2015-04-29

Supported Platforms

 

Related Documentation

 

Published: 2015-04-29

Previous Page Next Page