Solved

Juniper SSG 5 Multiple wan for internet load balncing

Posted on 2013-11-23
4
485 Views
Last Modified: 2016-05-31
Hi I have a ssg-5 router currently configured to do round robin internet load sharing between two adsl connections one via pppoe and the other plain dhcp. I want to add two more adsl connections to it. However when I add the 3rd connection the ssg-5 is not offering any traffic to it.
How do I get 4 connections sharing all internet traffic.

Thx
0
Comment
Question by:Bush300
4 Comments
 
LVL 18

Expert Comment

by:Sanga Collins
ID: 39672055
Have you tried usinfncustom virtual routers to configure additional WAN interfaces.
0
 
LVL 68

Accepted Solution

by:
Qlemo earned 500 total points
ID: 39672515
The SSGs aren't really load balancing (that is not in their feature set). You have the choices of
1. "round-robin default routes", which is probably what you have used up to now, and
2. source/destination/policy-based static routing

For 1. the default (me thinks) for same-cost routes is 2, so adding more interfaces will not allow them to be chosen for default routes unless you issue
set vrouter «vr-name» max-ecmp-routes 4

Open in new window

(with «vr-name» probably being trust-vr).
I don't know whether you are aware of it, but HTTP(s) connections and the like will have issues with this kind of "load balancing", as the multiple sessions created usually have different public IP addresses when spread over the WAN connections, and so are unrelated. Logging in to a HTTPS site will not allow to assign sessions reliably, so it is by accident if it works.

Hence 2. is the better way. You have reliable rules how traffic will flow, but you can't spread traffic for the same source or target or protocol or combination. That is, you can e.g. send all traffic from 192.168.0.0/64 to one interface, 192.168.0.64/64 to the next, aso.

You could also do a mixture of both; sensitive protocols, like HTTPS, will be restricted to a single interface by policy-based routing, other protocols are left to the round-robin.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
How does VLAN work? Scenario: (please read the question) 11 99
Systems talking to each other 5 123
Add Mac address reservation to Sonicwall TZ 210 router 1 43
BGP Code 12 41
Quality of Service (QoS) options are nearly endless when it comes to networks today. This article is merely one example of how it can be handled in a hub-n-spoke design using a 3-tier configuration.
Outsource Your Fax Infrastructure to the Cloud (And come out looking like an IT Hero!) Relative to the many demands on today’s IT teams, spending capital, time and resources to maintain physical fax servers and infrastructure is not a high priority.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

914 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now