Load Balancing Among Multiple Monitoring Interfaces

The active monitoring application was initially intended for port-mirroring packets on an interface on a normal network router to single or multiple destinations. By port-mirroring these packets to a tunnel interface and using filter-based forwarding on the tunnel interface, port-mirrored packets can be load-balanced across set of interfaces. This method employs existing configuration statements for passive monitoring.

The configuration consists of the following parts; sample values are included for illustration only.

• Firewall filter configuration—Firewall filter PORT-MIRROR-TO-VT is used to port-mirror the packet to a Tunnel PIC, and filter catch, applied on the virtual tunnel (vt) interface, is used to send traffic to a filter-based routing instance.

  [edit firewall]

  filter PORT-MIRROR-TO-VT {

  term a {

  then {

  port-mirror;

  accept;

  }

  }

  }

  filter catch {

  term def {

  then {

  count counter;

  routing-instance fbf_instance;

  }

  }

  }

For more information about firewall filters, see the JUNOS Policy Framework Configuration Guide.

• Interface configuration—Apply filter PORT-MIRROR-TO-VT to the interface on which traffic is to be monitored actively.

  [edit interfaces]

  ge-1/3/0 {

  unit 0 {

  family inet {

  filter {

  input PORT-MIRROR-TO-VT;

  }

  address 10.38.0.2/30;

  }

  }

  }

  vt-3/2/0 {

  unit 0 {

  family inet {

  filter {

  input catch;

  }

  }

  }

  }

  mo-6/1/0 {

  unit 0 {

  family inet;

  }

  }

  mo-6/2/0 {

  unit 0 {

  family inet;

  }

  }

  mo-6/3/0 {

  unit 0 {

  family inet;

  }

  }

  mo-7/1/0 {

  unit 0 {

  family inet;

  }

  }

  mo-7/2/0 {

  unit 0 {

  family inet;

  }

  }

  mo-7/3/0 {

  unit 0 {

  family inet;

  }

  }

For more information on configuring interface properties, see the JUNOS Network Interfaces Configuration Guide.

• Routing instance configuration for filter-based forwarding:

  [edit routing-instances fbf_instance]

  instance-type forwarding;

  routing-options {

  static {

  route 0.0.0.0/0 next-hop [ mo-7/1/0.0 mo-7/2/0.0 mo-7/3/0.0 mo-6/3/0.0 mo-6/2/0.0 mo-6/1/0.0 ];

  }

  }

For more information on routing instance configuration, see the JUNOS Routing Protocols Configuration Guide.

• Routing table groups—Configure the routing table group to resolve the routes installed in the routing instances to directly connected next hops on the interface:

  [edit routing-options]

  interface-routes {

  rib-group inet common;

  }

  rib-groups {

  common {

  import-rib [ inet.0 fbf_instance.inet.0 ];

  }

  }

  forwarding-table {

  export pplb;

  }

For more information on routing table groups, see the JUNOS Routing Protocols Configuration Guide.

• Policy for per-packet load balancing:

  [edit policy-options]

  policy-statement pplb {

  then {

  load-balance per-packet;

  }

  }

For more information on routing policy groups, see the JUNOS Policy Framework Configuration Guide.

• Port mirroring and monitoring groups—Configure the monitoring services options, and also define hash-based load balancing:

  [edit forwarding-options]

  port-mirroring {

  input {

  rate 1;

  }

  family inet {

  output {

  interface vt-3/2/0.0;

  no-filter-check;

  }

  }

  }

  monitoring group1 {

  family inet {

  output {

  export-format cflowd-version-5;

  flow-active-timeout 60;

  flow-inactive-timeout 15;

  cflowd 10.36.252.1 port 2055;

  interface mo-6/1/0.0 {

  source-address 10.36.252.2;

  }

  interface mo-6/2/0.0 {

  source-address 10.36.252.2;

  }

  interface mo-6/3/0.0 {

  source-address 10.36.252.2;

  }

  interface mo-7/1/0.0 {

  source-address 10.36.252.2;

  }

  interface mo-7/2/0.0 {

  source-address 10.36.252.2;

  }

  interface mo-7/3/0.0 {

  source-address 10.36.252.2;

  }

  }

  }

  }

  hash-key {

  family inet {

  layer-3;

  }

  }

For more information on hash keys, see the JUNOS Policy Framework Configuration Guide.