Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

How CSDS Works with TLB

In this topic, you’ll learn how CSDS Architecture works with the TLB-based load balancer in the MX Series routers.

What is Traffic Load Balancer in MX Series

Traffic Load Balancer (TLB) provides stateless translated and non-translated traffic load balancing functionality as an inline Packet Forwarding Engine (PFE) service in MX Series routers. Load balancing in this context is a method where the device distributes the incoming transit traffic across the configured servers that are in service.

Benefits

  • TLB performs stateless load balancing, which means no state information is created for a connection.
  • No scaling limitations.
  • Throughput is close to line rate.

TLB for CSDS

You can operate TLB in the following two modes in MX Series:

  • Translated (Layer 3) mode—Do not use this mode, for CSDS solution .

  • Non-translated Direct Server Return (Layer 3) mode—Use this mode for scale-out solution.

Figure 1: TLB in MX Series for CSDS TLB in MX Series for CSDS

See Figure 1 to understand TLB in MX Series. TLB functionality on MX Series includes the following:

  • TLB configures a list of available SRX Series Firewalls addresses. The Packet Forwarding Engine (PFE) programs the selector table based on these SRX Series Firewalls.

  • TLB performs ICMP based health check for each SRX Series Firewalls using the MX Series Routing Engine (RE). The RE-based health checks support probe types such as ICMP, TCP, UDP, HTTP, and SSL. If health check passes for any firewalls, TLB installs specific IP route or wildcard IP route in the routing table with next-hop as composite next-hop.

  • The MX Series programs composite next-hop in the PFE with all available SRX Series Firewalls in the selector table. Filter-based forwarding enables the client to server traffic to be directed to the TLB. The MX Series matches the specific IP route or wildcard IP route to distribute the traffic between the available SRX Series Firewalls using source or destination hash. The server to client is directly routed back to the client, bypassing the TLB.

RE-Based Health Check for TLB

Traffic Load Balancer (TLB) is enhanced to be able to run the health check process on the Routing Engine (RE) instead of the service-PIC on the next generation MX routers. This feature is applicable for both MSP and USF.

To enable the health-check process (net-monitord) on RE, you can use the command, set services traffic-load-balance routing-engine-mode. This configuration and the TLB change ensure that the process responsible for managing and orchestrating traffic distribution and redirection connects to the local instance of the network monitoring process instead of the remote instance running on the service-PIC.

The health-check probe types that are supported on the RE-based health-checks are ICMP, TCP, UDP, HTTP and SSL probes.

Loopback interface is used instead of the service interface for the TLB configuration.

Note:

The interfaces ms-x/y/0 or vms-x/y/0 respectively for MSP and USF are not needed by TLB when net-monitord is running on RE. Replace reference of the ms-x/y/0 or vms-x/y/0 interface with loopback interface lo.x.

Note:

To enable RE-based TLB, you must configure the routing-engine-mode to enable net-monitord on RE. A validation for the configuration is added and both interface ms-x/y/0.0 or interface vms-x/y/0.0 cannot be configured together in the respective mode of operation, namely, MSP or USF.