Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

enhanced-hash-key

Syntax

Syntax (EX Series)

Syntax (QFX5000 Series Switches)

Syntax (QFX10000 Series Switches)

Syntax (SRX5000 Series Routers))

Syntax (Junos OS Evolved)

Syntax Junos OS Evolved (QFX5220 and QFX5130)

Hierarchy Level

Junos OS Evolved uses the set command instead of edit.

Description

Configure the hashing key used to hash link aggregation group (LAG) and equal-cost multipath (ECMP) traffic, or enable adaptive load balancing (ALB) in a Virtual Chassis Fabric (VCF).

Note:

Starting in Junos OS Release 14.1X53-D46, 15.1R7, 16.1R6, 17.1R3, 17.2R2, 17.3R2, and 17.4R1, the ALB feature is deprecated. If fabric-load-balance is enabled in the configuration for a VCF, delete the configuration item upon upgrading Junos OS.

The hashing algorithm is used to make traffic-forwarding decisions for traffic entering a LAG bundle or for traffic exiting a switch when ECMP is enabled.

For LAG bundles, the hashing algorithm determines how traffic entering a LAG bundle is placed onto the bundle’s member links. The hashing algorithm tries to manage bandwidth by evenly load-balancing all incoming traffic across the member links in the bundle.

When ECMP is enabled, the hashing algorithm determines how incoming traffic is forwarded to the next-hop device.

The computed hash is not only used in selecting an ECMP path, but also is used for load balancing. Starting in Junos OS Release 18.3R1, the flow-label field is included by default in the hash computation for IPv6, GRE, and PPPoE packets. This can be beneficial, for example, when you have MX routers operating as designated router (DR) or rendezvous point (RP) and want to load balance traffic on the basis of a single Layer 3 or Layer 4 flow. You can revert to the previous method of hash computation by setting the no-flow-label option.

  • For GRE packets, if the outer IP packet is non-option packet and the inner packet is IPv4 or IPv6, then the source and destination IP addresses from inner packet will be included in hash computation.

    The Layer 4 ports will also be included in hash computation if the protocol of the inner IP packet is TCP or UDP, and if the inner IP packet is not an options packet.

    If outer IP packet is a non-options packet, and the inner packet is MPLS, then the top inner label is included in hash computation.

  • For PPPoE packet, if the inner packet is IPv4 or IPv6, then source and destination IP addresses from inner packet will be included in hash computation.

    The Layer 4 ports are included in the hash computation if the protocol of inner IP packet is TCP or UDP, and the inner IP packet is a non-options packet.

For MX Series routers with MPCs, T4000 routers with Type 5 FPCs, EX9200 switches, and PTX10008 routers, select data used in the hash key for enhanced IP forwarding engines.

By default, MPCs use the following parameters for hashing:

  • Source IP address

  • Destination IP address

  • Layer 3 protocol

  • Source port

  • Destination port

  • Generic routing encapsulation (GRE) for GRE packets only.

You can modify the default hashing mechanism on MPCs and Type 5 FPCs by configuring statements at the [edit forwarding-options enhanced-hash-key] hierarchy level.

QFX10000 Series switches
  • On QFX10000 Series switches, you can configure the hash seed for load balancing. By default, the QFX10000 Series switches use the system MAC address to generate a hash seed value. You can configure the hash seed value using the hash-seed statement at the [edit forwarding-options enhanced-hash-key] hierarchy level. Set a value between 0 and 4294967295. If you do not configure a hash seed value, the system generates a hash seed value based on the system MAC address.

  • Starting in Junos OS Release 18.4R1, symmetric hashing is supported on the QFX10000 Series switches. You configure the no-incoming-port option under the [edit forwarding-options enhanced-hash-key] hierarchy. By default, Destination IP (DIP), SIP, Layer 4 source and destination ports, and the incoming port are used for hashing. You can only configure symmetric hashing at the global level.

QFX5000 Series switches
Note:

On QFX5000 Series switches, multicast packets gets duplicated or dropped when vlan-id is included in the enhanced-hash-key configuration. Hence, while configuring enhanced-hash-key, you must configure layer2-payload and layer2-header options without configuring vlan-id. This behavior is only seen in multicast traffic.

  • Starting in Junos OS Release 19.4R1, the dynamic load balancing on ECMP is supported on QFX5120-32C and QFX5120-48Y switches. You can configure the ecmp-dlb option under the [edit forwarding-options enhanced-hash-key] hierarchy. Refer Dynamic Load Balancing for more details.

  • To enable symmetric hashing on the QFX5000 line of switches, configure the symmetric-hash option.

Enhanced hash key is supported on SRX5000 routers by implementing control path for for the configured setting to reach the services processing card (SPC2) and SPC3. You configure the session-id option to enable the control path for the configured setting to reach the service processing unit (SPU).

For more details, see CLI Explorer.

Default

In PTX, compared to MX (which is similar to QFX), the source and destination mac address options for hash computation are different. While QFX excludes the default MAC address fields for hash computations, PTX includes the destination MAC while excluding the source-mac.

Options

services-loadbalancing—Distributes traffic across PICs based on source IP address when a route pointing to more than one services PICs is installed.

symmetric—Enable symmetric load balancing across aggregated Ethernet interfaces. This option is needed on Trio-based MPCs only.

Data selections for services-loadbalancing:

  • inet—IPv4 addressing protocol.

  • inet6—IPv6 addressing protocol.

  • layer-3-services—Include layer 3 IP data in the hash key.

  • incoming-interface-index—Include incoming interface index in the hash key.

  • source-address—Include source-address in the hash key.

  • destination-address—Include destination-address in the hash key.

  • src-prefix-len—Include the source prefix length in the hash key.

Data selections for family any:

  • incoming-interface-index—(PTX10008 only) Include incoming interface index in the hash key.

  • no-tunnel-payload—(PTX10001-36MR, PTX10004, PTX10008, and PTX10016 only) Omit the tunnel payload data from the hash key.

Data selections for family inet:

  • gtp-tunnel-endpoint-identifer—Include the tunnel endpoint identifier (TEID) field in the hash key for GPRS tunneling protocol (GTP) traffic.

    Note:

    This option is supported only on MX Series routers with MPCs and on the MX80 router.

  • incoming-interface-index—Include incoming interface index in the hash key.

  • no-destination-port—Omit IP destination port in the hash key.

  • no-source-port—Omit IP source port in the hash key.

  • type-of-service—Include type-of-service (TOS) byte in the hash key.

Data selections for family inet6:

  • gtp-tunnel-endpoint-identifer—Include the tunnel endpoint identifier (TEID) field in the hash key for GPRS tunneling protocol (GTP) traffic.

    Note:

    This option is supported only on MX Series routers with MPCs and on the MX80 router.

  • incoming-interface-index—Include the incoming interface index in the hash key.

  • no-destination-port—Omit the IP destination port in the hash key.

  • no-source-port—Omit the IP source port in the hash key.

  • traffic-class—Include the traffic class byte in the hash key.

Data selections for family mpls:

  • ether-pseudowire—Load-balance IP over Ethernet pseudowire. Presence of zero-control-word in the payload indicates an Ethernet frame.

  • incoming-interface-index—Include the incoming interface index in the hash key.

  • label-1-exp—The EXP bit of the first label is used in the hash calculation.

  • no-ether-pseudowire—Omit the Ethernet pseudowire payload data from the hash key (MX Series routers with MPCs only).

  • no-labels—Omit MPLS labels from the hash key (PTX10008 only).

  • no-payload—Omit the MPLS payload data from the hash key.

Data selections for family multiservice:

  • incoming-interface-index—Include the incoming interface index in the hash key.

  • no-mac-addresses—Omit source and destination MAC addresses from the hash key.

  • no-payload—Omit the payload data from the hash key.

  • outer-priority—Include the outer 802.1 priority bits in the hash key.

  • source-mac—Includes source MAC address in hash key

  • no-destination-mac—Excludes destination MAC address in hash key.

Required Privilege Level

interface—To view this statement in the configuration.

interface-control—To add this statement to the configuration.

Release Information

Statement introduced in Junos OS Release 10.1.

services-loadbalancing statement introduced in Junos OS Release 11.2.

gtp-tunnel-endpoint-identifier statement introduced in Junos OS Release 13.2

The fabric-load-balance statement introduced in Junos OS Release 14.1X53-D10.

The fabric-load-balance statement deprecated starting in Junos OS Releases 14.1X53-D46, 15.1R7, 16.1R6, 17.1R3, 17.2R2, 17.3R2, and 17.4R1.

The hash-seed statement introduced in Junos OS Release 15.1X53-D30.

ether-pseudowire statement introduced in Junos OS Release 16.1 for the M Series, MX Series, and PTX Series.

l2tp-tunnel-session-identifier statement introduced in Junos OS Release 17.2

Starting in Junos OS Release 18.3R1, the default behavior for IPv6, GRE, and PPPoE packet hash computation is to include the flow-label field for improved load-balancing in certain cases. Use the no-payload option to revert to the previous method for hash computation.

The ecmp-dlb statement introduced in Junos OS Release 19.4R1 for QFX5120-32C and QFX5120-48Y switches.

Option symmetric-hash introduced in Junos OS Release 20.4R1.

Statement introduced in Junos OS Evolved Release 21.3R1.

The ecmp-dlb statement is introduced in Junos OS Release 23.2R1 for EX4400-24T, EX4400-24X, and EX-4400-48F switches.