Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Navigation
Guide That Contains This Content
[+] Expand All
[-] Collapse All
     
     

    hash-keys (Aggregated Multiservices)

    Syntax

    hash-keys {egress-key (destination-ip | source-ip);ingress-key (destination-ip | source-ip);}

    Hierarchy Level

    [edit services service-set service-set-name interface-service load-balancing-options]

    Release Information

    Statement introduced in Junos OS Mobility Release 11.2W.

    Description

    Configure the hash keys used for load balancing in aggregated multiservices (AMS) for service applications (Network Address Translation [NAT], stateful firewall, and application-level gateway [ALG]). The hash keys supported in the ingress and egress direction are the source IP address and destination IP address.

    Hash keys are used to define the load-balancing behavior among the various members in the AMS group. For example, if hash-keys is configured as source-ip, then the hashing would be performed based on the source IP address of the packet. Therefore, all packets with the same source IP address land on the same member. Hash keys must be configured with respect to the traffic direction: ingress or egress. For example, if hash-keys is configured as source-ip in the ingress direction, then it should be configured as destination-ip in the egress direction. This is required to ensure that the packets of the same flow reach the same member of the AMS group.

    The configuration of the ingress and egress hash keys is mandatory if you are using AMS for NAT. This configuration is not mandatory if you are using AMS for stateful firewall; if the hash keys are not configured, then the defaults are chosen. Refer to Table 1 for the supported hash keys.

    Table 1: Hash Keys Supported for AMS for Service Applications

    Service Set at Ingress Interface

    Service Set at egress Interface

    Hash Keys for NAT

    NAT Type

    Ingress hash key

    Egress hash key

    Ingress hash key

    Egress hash key

    source static

    Destination IP address

    Source IP address

    Source IP address

    Destination IP address

    source dynamic

    Source IP address

    Destination IP address

    Destination IP address

    Source IP address

    Network Address Port Translation (NAPT)

    Source IP address

    Destination IP address

    Destination IP address

    Source IP address

    destination static

    Source IP address

    Destination IP address

    Destination IP address

    Source IP address

    Hash Keys for Stateful Firewall

    Stateful Firewall

    Destination IP address

    Source IP address

    Destination IP address

    Source IP address

    Stateful Firewall

    Source IP address

    Destination IP address

    Source IP address

    Destination IP address

    Note: If NAT is used in the service set (along with stateful firewall and ALG), then the hash keys should be based on the NAT type; otherwise, the hash keys of the stateful firewall should be used.

    The remaining statements are explained separately.

    Required Privilege Level

    interface—To view this statement in the configuration.

    interface-control—To add this statement to the configuration.

     
     

    Published: 2011-07-06