Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Example: Configuring Redundancy and Load Balancing Using a Single AFTR and Multiple Services PICs

 

This example shows how to configure redundancy and load balancing using a single DS-Lite Address Family Transition Router (AFTR).

Requirements

This example uses the following hardware and software components:

  • Juniper Networks MX Series 3D Universal Edge Routers with Multiservices Dense Port Concentrators (DPCs)

  • Juniper Networks® Junos® operating system (Junos OS) 10.4 or later running on the AFTR

Note

This configuration example has been tested using the software release listed and is assumed to work on all later releases.

Overview

You can provide redundancy and load balancing using multiple Services PICs on the same AFTR and a single anycast address where the two Services PICs actively load-balance traffic. In Figure 1, three Basic Bridging BroadBand Elements (B4s or softwire initiators) are connected to the AFTR’s softwire (ID 1001::1) using different tunnels. The AFTR has two services for load balancing and redundancy. When HTTP clients connect to the server, traffic is load-balanced between the Services PICs. In addition, when one of the Services PICs is down, traffic from all three B4s is channelized through the other Services PIC.

Figure 1: Sample Topology for DS-Lite Anycast Configuration Using Multiple Services PICs
Sample Topology for
DS-Lite Anycast Configuration Using Multiple Services PICs
  • The IPv4 client or host in the home network is configured with an IPv4 interface to the ISP and a static route to the IPv4 server on the Internet.

  • The multiple B4s or softwire initiators are configured with an IPv4 interface, an IPv6 interface, and an IPv4-in-IPv6 tunnel to an anycast address.

  • The pure IPv6 node in the IPv6 cloud is configured with interfaces to the IPv6 interfaces.

  • The address range of the NAT pool between the AFTR and the Internet is 33.33.33.1 through 33.33.33.32 corresponding to NAT rule dslite-nat-rule1, and 44.44.44.1 through 44.44.44.32 corresponding to NAT rule dslite-nat-rule2.

  • NAT rule dslite-nat-rule1 corresponds to Services PIC sp-0/1/0, and NAT rule dslite-nat-rule2 corresponds to Services PIC sp-1/3/0.

  • The AFTR is configured with anycast address 2001::1/16 for the interface toward the three B4s. Address 200.200.200.1/24 is configured for the interface from the AFTR toward the Internet. The two Services PICs are sp-0/1/0 and sp-1/3/0.

  • The IPv4 node on the Internet is configured with an IPv4 interface and routes for reverse traffic.

Configuration

CLI Quick Configuration

To quickly configure this example, copy the following commands, paste them into a text file, remove any line breaks, change any details necessary to match your network configuration, and then copy and paste the commands into the CLI at the [edit] hierarchy level.

AFTR

Configuring the AFTR

Step-by-Step Procedure

The following example requires you to navigate various levels in the configuration hierarchy. For information about navigating the CLI, see the CLI User Guide.

  1. Configure the Layer 3 service package.

    This example assumes that the PIC is in FPC 1, slot 1.

    The service package with its associated sp- interface is for manipulating traffic before it is delivered to its destination. For details about configuring service packages, see the Junos OS Services Interfaces Configuration Guide.

  2. Configure two different NAT pools and NAPT for the two Services PICs.
  3. Configure the softwire concentrator and create the softwire rule.
  4. Configure next-hop-style service sets dslite-svc-set1 and dslite-svc-set2 for Services PICs sp-0/1/0 and sp-1/3/0, respectively.
  5. Configure stateful firewall and softwire rules.
  6. Configure the services interfaces.
  7. Configure the interface between the home router running the B4 and the AFTR.
  8. Configure the interface between the AFTR and the Internet.
  9. Configure load-balancing options for the Packet Forwarding Engine to determine how the traffic is load-balanced between the two Services PICs.
  10. Configure routing options to install a route with high priority to the anycast address for both Services PICs.
    1. Configure the static route destination address.

    2. Configure the next hops to the destination address. Include the Services PICs (sp-1/3/0.1 sp-0/1/0.1) in the list of next hops.

  11. Configure load-balancing options for the Packet Forwarding Engine.

Results

In configuration mode, confirm your configuration by entering the show chassis, show services, show interfaces, show routing-options, show policy-options, and show forwarding-options commands. If the output does not display the intended configuration, repeat the instructions in this example to correct the configuration.

If you are done configuring the device, enter commit from configuration mode.

Verification

Confirm that the configuration is working properly.

Verifying Load Balancing Between the Two Services PICs

Purpose

Verify that traffic is load-balanced between the two Services PICs.

Action

  1. Verify traffic flow between the IPv4 host on the home network and the IPv4 node on the Internet by using the show services stateful-firewall flows command.
    user@AFTR> show services stateful-firewall flows

    The output shows ICMP statistics indicating the traffic flow between the IPv4 host on the home network to the IPv4 node on the Internet.

  2. Issue the show services softwire, show services stateful-firewall conversations, show services stateful-firewall flows count, and show services stateful-firewall statistics commands to check the traffic flows.
    user@AFTR> show services softwire

    The output shows statistics for service set dslite-svc-set2 associated with the services interface sp-0/1/0 and service set dslite-svc-set1 associated with the services interface sp-1/3/0.

    user@AFTR> show services stateful-firewall conversations

    The output shows traffic flows for both services interfaces, sp-0/1/0 and sp-1/3/0, indicating that both of the Services PICs are active.

    user@AFTR> show services stateful-firewall flows count

    The output shows flow counts for both services interfaces, sp-0/1/0 and sp-1/3/0, indicating that both of the Services PICs are active.

    user@AFTR> show services stateful-firewall statistics

Meaning

The output shows traffic flows for both Services PICs, sp-0/1/0 and sp-1/3/0. This indicates that the traffic is load-balanced between both of the Services PICs.

Verifying Redundancy Between the Two Services PICs

Purpose

Verify redundancy between the two Services PICs.

Action

  1. Bring services PIC sp-0/1/0 offline by issuing the request chassis pic fpc-slot slot-number pic-slot pic-number offline command.
    user@host> request chassis pic fpc-slot 0 pic-slot 1 offline
  2. Issue the show services stateful-firewall conversations command again to check traffic flows through the redundant Services PIC sp-1/3/0.

    Check the interface name and service-set name in the output.

    user@host> show services stateful-firewall conversations

Meaning

The output indicates that all traffic is now routed through Services PIC sp-1/3/0 when sp-0/1/0 is deactivated. This indicates that redundancy is operational between the two Services PICs.