Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

How CSDS Works with ECMP Based Consistent Hashing

SUMMARY In this topic, you’ll learn how CSDS Architecture works with the ECMP based Consistent Hashing load balancer in the MX Series routers.

What is ECMP and Consistent Hashing?

Equal-cost Multipath (ECMP) is a network routing strategy that allows to load balance traffic of the same session. The traffic in a session with the same source and destination transmits across multiple paths of equal cost.

When forwarding a packet, the routing decides which next-hop path to use. The device considers the packet header fields that identify a flow when determining the next-hop. When using ECMP, the device determines the next-hop paths of equal cost based on the routing metric calculations and hash algorithms. So, routes of equal cost have the same preference and metric values, and the same cost to the network. The ECMP process identifies a set of routers, each of which is a legitimate equal cost next-hop towards the destination. The routes that are identified are referred to as an ECMP set.

Consistent load balancing maintains all active links and instead remaps only those flows affected by one or more link failures. This feature ensures that flows connected to links that remain active continue uninterrupted. This feature applies to topologies where members of an ECMP group are external BGP neighbors in a single-hop BGP session. With the help of Bidirectional Forwarding Detection (BFD) over external BGP, faster link failure detection is possible.

Benefits

  • Increases bandwidth by fully utilizing otherwise unused bandwidth on links to the same destination with ECMP
  • Even distribution of the workloads with Consistent Hashing
  • Fast response in workload distribution with Consistent Hashing

How ECMP and Consistent Hashing works in CSDS?

An ECMP set is formed when the routing table contains multiple next-hop addresses for the same destination with equal cost. If there is an ECMP set for the active route, Junos OS uses a hash algorithm to choose one of the next-hop addresses in the ECMP set to install in the forwarding table. You can configure the device so that multiple next-hop entries in an ECMP set are installed in the forwarding table. The Junos OS devices can perform per-packet load balancing to spread traffic across multiple paths between the routing devices.

The CSDS Architecture maintains the symmetricity of the flows in the SRX Series Firewalls. The user data client’s (client device) incoming and outgoing traffic always reaches the same SRX Series Firewall (server device) that maintains the state. To reach the same SRX Series Firewall, the MX Series hashes the traffic onto the same link towards that firewall in both the directions.

A user data client is identified by the source IP address in the upstream direction (client-to-server) and the destination IP address in the downstream direction (server-to-client). The MX Series performs symmetric hashing for a given tuple—source IP address and destination IP address. The MX Series calculates the same hash irrespective of the direction of the flow, even if the source and destination IP addresses are swapped. To ensure all flows from a client reach the same SRX Series Firewall, MX Series performs hash only on source IP address (and not destination IP address) in one direction and vice versa in the reverse direction.

By default, when a failure occurs in one or more paths, the hashing algorithm recalculates the next-hop for all paths, typically resulting in the redistribution of all flows. Consistent load balancing with Consistent Hashing enables the MX Series to override this behavior so that only flows for links that are inactive are redirected. All existing active flows are maintained without disruption. When a link fails, redistribution of all flows could result in significant traffic loss to the SRX Series Firewalls that are active. Consistent load balancing maintains all active links and instead remaps only those flows affected by one or more link failures. This feature ensures that flows connected to links that remain active continue uninterrupted.

This feature applies to topologies where members of an ECMP group are external BGP neighbors in a single-hop BGP session. By running BFD over these external BGP neighbors, the MX Series ensures faster link failure detection between the MX Series and the ECMP SRX Series next-hops. Junos OS applies consistent load balancing when you add a new ECMP path or modify an existing path. You can add SRX Series Firewall gracefully with an intent to equally redistribute from each active SRX Series Firewall, causing minimal impact to existing ECMP flows. For example, if there are four active SRX Series Firewalls carrying 25% of total flows on each link and you add another SRX Series Firewall, 5% of flows from each existing SRX Series Firewalls moves to the new SRX Series Firewall. This ensures 20% of flow redistribution from the existing four SRX Series Firewalls to the new firewall. The application might restart the session on the new firewall as the flows don’t have a matching session.