Configuring Load Balancing on AMS Infrastructure
Configuring load balancing requires an aggregated multiservices (AMS) system. AMS involves grouping several services PICs together. An AMS configuration eliminates the need for separate routers within a system. The primary benefit of having an AMS configuration is the ability to support load balancing of traffic across multiple services PICs.
AMS is supported on the MS-MPC and MS-MIC. Starting in Junos OS Release 19.3R2, AMS interfaces are supported on the MX-SPC3.
High availability (HA) is supported on AMS infrastructure on all MX Series 5G Universal Routing Platforms. AMS has several benefits:
Support for configuring behavior if a services PIC that is part of the AMS configuration fails
Support for specifying hash keys for each service set in either direction
Support for adding routes to individual PICs within the AMS system
Configuring AMS Infrastructure
AMS supports load balancing across multiple service sets. All ingress or egress traffic for a service set can be load balanced across different services PICs. To enable load balancing, you have to configure an aggregate interface with existing services interfaces.
To configure failure behavior in AMS, include the member-failure-options statement:
[edit interfaces ams1] load-balancing-options { member-failure-options { drop-member-traffic { rejoin-timeout rejoin-timeout; } redistribute-all-traffic { enable-rejoin; } } }
If a PIC fails, you can configure the traffic to the failed
PIC to be redistributed by using the redistribute-all-traffic statement at the [edit interfaces interface-name load-balancing-options member-failure-options] hierarchy level.
If the drop-member-traffic statement is used, all traffic
to the failed PIC is dropped. Both options are mutually exclusive.
If member-failure-options is not explicitly configured,
the default behavior is to drop member traffic with a rejoin timeout
of 120 seconds.
Only mams- interfaces (services interfaces that are part of
AMS) can be aggregated. After an AMS interface has been configured,
you cannot configure the individual constituent mams- interfaces.
A mams- interface cannot be used as an ams interface (this is not
applicable to Next Gen Services MX-SPC3). AMS supports IPv4 (family inet) and IPv6 (family inet6).
You cannot configure addresses on an AMS interface. Network Address
Translation (NAT) is the only application that runs on AMS infrastructure
at this time.
You cannot configure unit 0 on an AMS interface.
To support multiple applications and different types of translation, AMS infrastructure supports configuring hashing for each service set. You can configure the hash keys separately for ingress and egress. The default configuration uses source IP, destination IP, and the protocol for hashing; incoming-interface for ingress and outgoing-interface for egress are also available.
When using AMS in a load-balanced setup for the NAT solution, the number of NAT IP addresses must be greater than or equal to the number of active mams-interfaces you have added to the AMS bundle.
Configuring High Availability
In an AMS system configured with high availability, a designated services PIC acts as a backup for other active PICs that are part of the AMS system in a many-to-one (N:1) backup configuration. In a N:1 backup configuration, one PIC is available as backup for all other active PICs. If any of the active PICs fail, the backup PIC takes over for the failed PIC. In an N:1 (stateless) backup configuration, traffic states and data structures are not synchronized between the active PICs and the backup PIC.
An AMS system also supports a one-to-one (1:1) configuration. In the case of 1:1 backup, a backup interface is paired with a single active interface. If the active interface fails, the backup interface takes over. In a 1:1 (stateful) configuration, traffic states and data structures are synchronized between the active PICs and the backup PIC. Stateful synchronization is required for high availability of IPsec connections. For IPsec connections, AMS supports 1:1 configuration only.
IPsec connections are not supported on the MX-SPC3 in this release.
High availability for load balancing is configured by adding
the high-availability-options statement at the [edit
interfaces interface-name load-balancing-options] hierarchy level.
To configure N:1 high availability, include the high-availability-options statement with the many-to-one option:
[edit interfaces ams1] load-balancing-options { high-availability-options { many-to-one { preferred-backup preferred-backup; } } }
Starting in Junos OS Release
16.1, you can configure stateful 1:1 high availability on an MS-MPC. To
configure stateful 1:1 high availability, at the [edit interfaces interface-name load-balancing-options] hierarchy
level, include the high-availability-options statement
with the one-to-one option:
The Next Gen Services MX-SPC3 services card does not support AMS 1:1 high availability.
[edit interfaces ams1] load-balancing-options { high-availability-options { one-to-one { preferred-backup preferred-backup; } } }
Load Balancing Network Address Translation Flows
Network Address Translation (NAT) has been programmed as a plug-in and is a function of load balancing and high availability. The plug-in runs on AMS infrastructure. All flows for translation are automatically distributed to different services PICs that are part of the AMS infrastructure. In case of failure of an active services PIC, the configured backup PIC takes over the NAT pool resources of the failed PIC. The hashing method selected depends on the type of NAT. Using NAT on AMS infrastructure has a few limitations:
NAT flows to failed PICs cannot be restored.
There is no support for IPv6 flows.
IPv6 address pools are not supported with AMS, however NAT64 is supported with AMS, so that IPv6 flows enters AMS.
NAT64 is supported for Next Gen Services on the MX-SPC3 services card, there is no support of NAT66. IPv6 flows for different NAT services are supported except where the translation is required to be IPv6 to IPv6 or IPv4 to IPv6.
Twice NAT is not supported for load balancing on MS-MPC cards.
Twice NAT is supported for load balancing on the Next Gen Services MX-SPC3 services card.
Deterministic NAT uses warm-standby AMS configuration and can distribute the load using multiple AMS bundles in warm-standby mode.