Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

header-navigation

Solutions

Featured solutions AI Campus and branch Data center WAN Security Service provider Cloud operator Industries
Campus and Branch

Welcome to the NOW Way to Wi-Fi

Take your networking performance to new heights with a modern, cloud-native, AI-Native architecture. Only Juniper can help you unleash the full potential of Wi-Fi 7 with our AI-Native platform for innovation.
Prepare for liftoff
Business intelligence analyst dashboard on virtual screen. Big data Graphs Charts.

AI Data Center Networking

Juniper’s AI data center solution is a quick way to deploy high performing AI training and inference networks that are the most flexible to design and easiest to manage with limited IT resources.
Find out more
Enterprise AI-Native Networking

Enterprise AI‑Native Routing

Juniper's Ai-Native routing solution delivers robust 400GbE and 800GbE capabilities for unmatched performance, reliability, and sustainability at scale.
Explore enterprise routing
Zero trust security

Ops4AI Lab

Visit our lab in Sunnyvale, CA and see our AI data center solution for yourself. You can try out your own model’s functionality and performance, too.
Visit the lab
Enterprise AI-Native Networking

Enterprise AI‑Native Routing

Juniper's Ai-Native routing solution delivers robust 400GbE and 800GbE capabilities for unmatched performance, reliability, and sustainability at scale.
Explore enterprise routing
Higher Education

Shaping Student Experiences: The NOW Way to Build Higher Education Networks

Join Juniper Networks CIO Sharon Mandell and a virtual summit of C-level IT leaders from prestigious institutions as they discuss ongoing efforts to support digital transformation.
Register to attend
Hand on tablet with healthcare overlay of graphics

Security in healthcare

In this IDC Spotlight report, discover how AI networking can automate and strengthen a healthcare ecosystem to defeat criminals and prevent loss. 
Gain insights into ecosystem security
Retail

The Future of In-Store Technologies

Join us for an enlightening webinar with Kevin McCartan, Senior IT Service Delivery Engineer at Musgrave; retail guru Jack Stratten of Insider Trends; and Christian Gilby, Director of Product Marketing at Juniper Networks, as they discuss the future of in-store technologies.
Reserve my spot

Products

Wireless access Wired access SD-WAN / SASE Routing and switching Security Mist AI™ Management software Network operating system Blueprint for AI-Native Acceleration Optics
  • Operations
ACX7020 router

Juniper ACX7020 Cloud Metro Access Router

Legacy networks simply cannot meet the demands of today’s rapidly evolving metro landscape. Unlock a new generation of highly scalable architectures and automated operations with the Juniper ACX7020. 
Learn more
EX4000 Ethernet Switch

Next-gen AI-Native EX4000 line of switches

Lack of AI innovation from your current networking vendor slowing you down? Embrace Juniper’s cloud-native, AI-Native access switches that support every level and layer, across nearly every deployment.
Discover how
The Q and AI text with an image of Bob Friday and Kedar Dhuru.

The Q&AI Podcast

Delivering practical solutions and enriching discussions, this podcast series is a vital resource for those seeking an in-depth exploration of AI's transformative potential.
Catch the latest episode

Services

Services
Services AI Care

Juniper AI Care Services Revolutionize Your Service Experience

Our industry-first AI-Native services couple AIOps with our deep expertise across the full network life cycle. You can move from reactive response to proactive insight and action.
Explore AI Care Services
Services AI Data Center

Juniper AI Data Center Deployment Services Optimize Your AI Model Runs

We use our expertise and validated designs to help design, deploy, validate and tune networks, including GPUs and storage, to get the most from your AI infrastructure operation.
Learn about AI Data Center Deployment Services

Partners

Partners

Support and Documentation

Support and Documentation

Learn

About Juniper Training Events The Feed Resources Technology learning topics Thought leadership and insights
Audience raising hands up while businessman is speaking in training at the office.

Juniper certification and training news

See the latest
Ringing of the bell

All global events

See the latest
AI-native-now

AI-Native NOW event series

Register now
Juniper's Christina Hendrix at the head of a conference table. With the text "The NOW Way to Network" overlayed, with "NOW" emphasizing the "O" in green color.

The NOW Way to Network

Watch the video series
AI Native Now

Executive insights

Dive deep with leading experts and thought leaders on all the topics that matter most to your business, from AI to network security to driving rapid, relevant transformation for your business.
Learn more
A keynote speaker giving a presentation at a conference. There are dozens of people sitting around them. The presentation is displayed via projector on all the walls in the room.

Leadership voices

Juniper Networks’ leaders operate on the front lines of creating the network of the future. Take a look around to see what’s on their minds.
Watch now
Bob Friday and Jessica Garrison speaking

Bob Friday Talks

Join Bob as he ventures into all the knowns -- and -- unknowns -- of AI.
Catch the latest episode
Documentation
Menu
License Guide
Quick Starts
Validated Designs
Home Documentation cRPD cRPD Deployment Guide for Linux Server Use cRPD

cRPD Deployment Guide for Linux Server

keyboard_arrow_up
close
keyboard_arrow_left
cRPD Deployment Guide for Linux Server
Table of Contents Expand all
list Table of Contents
file_download PDF
{ "lLangCode": "en", "lName": "English", "lCountryCode": "us", "transcode": "en_US" }
English
ON THIS PAGE
keyboard_arrow_right

Configure Settings on Host OS

date_range 10-Dec-24
arrow_backward
arrow_forward

This chapter provides information on how to tune the settings on host OS to enable advanced features or to increase the scale of cRPD functionality.

Configure ARP Scaling

The maximum ARP entry number is controlled by the Linux host kernel. You can adjust the ARP or NDP entry limits using the sysctl command on the Linux host.

For example, to adjust the maximum ARP entries using IPv4:

root@host:~# sysctl -w net.ipv4.neigh.default.gc_thresh1=4096

root@host:~# sysctl -w net.ipv4.neigh.default.gc_thresh2=8192

root@host:~# sysctl -w net.ipv4.neigh.default.gc_thresh3=8192

For example, to adjust the maximum NDP entries using IPv6:

root@host:~# sysctl -w net.ipv6.neigh.default.gc_thresh1=4096

root@host:~# sysctl -w net.ipv6.neigh.default.gc_thresh2=8192

root@host:~# sysctl -w net.ipv6.neigh.default.gc_thresh3=8192

IGMP Membership Under Linux

To allow a greater number of OSPFv2/v3 adjacencies with cRPD, increase the IGMP membership limit:

Increase the IGMP membership limit.

root@host:~# sysctl -w net.ipv4.igmp_max_memberships=1000

Kernel Modules

You need to load the following kernel modules on the host before you deploy cRPD in Layer 3 mode. These modules are usually available in linux-modules-extra or kernel-modules-extra packages. Run the following commands to add the kernel modules.

  • modprobe tun

  • modprobe fou

  • modprobe fou6

  • modprobe ipip

  • modprobe ip_tunnel

  • modprobe ip6_tunnel

  • modprobe mpls_gso

  • modprobe mpls_router

  • modprobe mpls_iptunnel

  • modprobe vrf

  • modprobe vxlan

Configure MPLS

To configure MPLS in Linux kernel:

  1. Load the MPLS modules in the container using modprobe or insmod:

    root@crpd-ubuntu3:~# modprobe mpls_iptunnel

    root@crpd-ubuntu3:~# modprobe mpls_router

    root@crpd-ubuntu3:~# modprobe ip_tunnel

  2. Verify the MPLS modules loaded in host OS.
    content_copy zoom_out_map
    root@host:~# lsmod | grep mpls
    content_copy zoom_out_map
    mpls_iptunnel          16384  0
mpls_router            28672  1 mpls_iptunnel
ip_tunnel              24576  4 ipip,ip_gre,sit,mpls_router

Hash Field Selection for ECMP Load Balancing on Linux

You can select the ECMP hash policy (fib_multipath_hash_policy) for both forwarded and locally generated traffic (IPv4/IPv6).

IPv4 Traffic

  1. By default, Linux kernel uses the L3 hash policy to load-balance the IPv4 traffic. L3 hashing uses the following information:
    • Source IP address
    • Destination IP address

    root@host:~# sysctl -n net.ipv4.fib_multipath_hash_policy 0

  2. Run the following command to load-balance the IPv4 traffic using Layer 4 hash policy. Layer 4 hashing load-balance the traffic based on the following information:
    • Source IP address
    • Destination IP address
    • Source port number
    • Destination port number
    • Protocol

    root@host:~# sysctl -w net.ipv4.fib_multipath_hash_policy=1

    root@host:~# sysctl -n net.ipv4.fib_multipath_hash_policy 1

  3. Run the following command to use L3 hashing on the inner packet header (IPv4/IPv6 over IPv4 GRE).

    root@host:~# sysctl -w net.ipv6.fib_multipath_hash_policy=2

    root@host:~# sysctl -n net.ipv6.fib_multipath_hash_policy 2

    The policy defaults to L3 hashing on the packet forwarded as described in the default approach for IPv4 traffic.

    IPv6 Traffic

  4. By default, Linux kernel uses L3 hash policy to load-balance the IPv6 traffic. The L3 hash policy load-balance the traffic based on the following information:
    • Source IP address
    • Destination IP address
    • Flow label
    • Next header (Protocol)

    root@host:~# sysctl -n net.ipv6.fib_multipath_hash_policy 0

  5. You can use the Layer 4 hash policy to load-balance the IPv6 traffic. The Layer 4 hash policy load-balance traffic based on the following information:
    • Source IP address
    • Destination IP address
    • Source port number
    • Destination port number
    • Next header (Protocol)

    root@host:~# sysctl -w net.ipv6.fib_multipath_hash_policy=1

    root@host:~# sysctl -n net.ipv6.fib_multipath_hash_policy 1

  6. Run the following command to use L3 hashing on the inner packet header (IPv4/IPv6 over IPv4 GRE).

    root@host:~# sysctl -w net.ipv6.fib_multipath_hash_policy=2

    root@host:~# sysctl -n net.ipv6.fib_multipath_hash_policy 2

    MPLS

  7. Linux kernel can select the next hop of a multipath route using the following parameters:
    • Label stack upto the limit of MAX_MP_SELECT_LABELS (4)
    • Source IP address
    • Destination IP address
    • Protocol of the inner IPv4/IPv6 header

    Neighbor Detection

  8. Run the following command to view the liveness (failed/incomplete/unresolved) of the neighbor entry.

    root@host:~# sysctl -w net.ipv4.fib_multipath_use_neigh=1

    By default, the packets are forwarded to next-hops using the root@host:~# sysctl -n net.ipv4.fib_multipath_use_neigh 0 command.

wECMP Using BGP on Linux

Unequal cost load balancing is a way to distribute traffic unequally among different paths (comprising the multipath next-hop); when the paths have different bandwidth capabilities. BGP protocol tags each route/path with the bandwidth of the link using the link bandwidth extended community. The bandwidth of the corresponding link can be encoded as part of this link bandwidth community. RPD uses this bandwidth information of each path to program the multipath next-hops with appropriate linux::weights. A next-hop with linux::weight allows linux kernel to load-balance traffic asymmetrically.

BGP forms a multipath next-hop and uses the bandwidth values of individual paths to find out the proportion of traffic that each of the next-hops that form the ECMP next-hop should receive. The bandwidth values specified in the link bandwidth need not be the absolute bandwidth of the interface. These values need to reflect the relative bandwidth of one path from the another. For details, see Understanding How to Define BGP Communities and Extended Communities and How BGP Communities and Extended Communities Are Evaluated in Routing Policy Match Conditions.

Consider a network with R1 receiving equal cost paths from R2 and R3 to a destination R4. If you want to send 90% of the load balanced traffic over the path R1-R2 and the remaining 10% of the traffic over the path R1-R3 using wECMP. You need to tag routes received from the two BGP peers with link bandwidth community by configuring policy-options.

  1. Configure policy statement.

    root@host> show configuration policy-options

    content_copy zoom_out_map
    policy-statement add-high-bw {
    then {
        community set high-bw;
        accept;
    }
}
policy-statement add-low-bw {
    then {
        community set low-bw;
        accept;
    }
}
community high-bw members [ bandwidth:2:90 ];
community low-bw members [ bandwidth:2:10 ];
  2. RPD uses the bandwidth values to unequally balance the traffic with the multiple path next-hops.

    root@host> show route 100.100.100.100 detail

    content_copy zoom_out_map
    inet.0: 13 destinations, 16 routes (13 active, 0 holddown, 0 hidden)
100.100.100.100/32 (2 entries, 1 announced)
        *BGP    Preference: 170/-101
                Next hop type: Router, Next hop index: 0
                Address: 0x565535f37a3c
                Next-hop reference count: 10
                Source: 10.1.1.5
                Next hop: 20.1.1.5 via eth2 balance 10%, selected
                Session Id: 0x0
                Next hop: 10.1.1.5 via eth1 balance 90%
  3. Linux kernel supports unequal load balancing by assigning linux::weights for each next-hop.

    root@host:/# ip route show 100.100.100.100

    content_copy zoom_out_map
    100.100.100.100 proto 22
	nexthop via 20.1.1.5 dev eth2 weight 26
	nexthop via 10.1.1.5 dev eth1 weight 229

    The linux::weights are programmed to linux as divisions of integer 255 (the maximum value of an unsigned character). Each next-hop in the ECMP next-hop is given a linux::weight proportional to its share of the bandwidth.

Enable SRv6 on cRPD

You can enable IPv6 SR capability on cRPD using the following sysctl command:

  1. Enable SR.

    root@host:~# sysctl net.ipv6.conf.all.seg6_enabled=1

    root@host:~# sysctl net.ipv6.conf.all.forwarding=1

  2. Configure the following command to enable SRv6 on eth0 interface.

    root@host:~# sysctl net.ipv6.conf.eth0.seg6_enabled=1

  3. Configure the following command to set the DT4 SIDs.

    root@host:~# sysctl -wq net.vrf.strict_mode=1

Related Documentation

arrow_backward PREVIOUS JET APIs
NEXT arrow_forward Configure Settings on cRPD
footer-navigation

© 1999 - 2025 Juniper Networks, Inc. All rights reserved.

Scroll to top