Solved

Juniper SSG 5 Multiple wan for internet load balncing

Posted on 2013-11-23
4
432 Views
Last Modified: 2016-05-31
Hi I have a ssg-5 router currently configured to do round robin internet load sharing between two adsl connections one via pppoe and the other plain dhcp. I want to add two more adsl connections to it. However when I add the 3rd connection the ssg-5 is not offering any traffic to it.
How do I get 4 connections sharing all internet traffic.

Thx
0
Comment
Question by:Bush300
4 Comments
 
LVL 18

Expert Comment

by:Sanga Collins
ID: 39672055
Have you tried usinfncustom virtual routers to configure additional WAN interfaces.
0
 
LVL 68

Accepted Solution

by:
Qlemo earned 500 total points
ID: 39672515
The SSGs aren't really load balancing (that is not in their feature set). You have the choices of
1. "round-robin default routes", which is probably what you have used up to now, and
2. source/destination/policy-based static routing

For 1. the default (me thinks) for same-cost routes is 2, so adding more interfaces will not allow them to be chosen for default routes unless you issue
set vrouter «vr-name» max-ecmp-routes 4

Open in new window

(with «vr-name» probably being trust-vr).
I don't know whether you are aware of it, but HTTP(s) connections and the like will have issues with this kind of "load balancing", as the multiple sessions created usually have different public IP addresses when spread over the WAN connections, and so are unrelated. Logging in to a HTTPS site will not allow to assign sessions reliably, so it is by accident if it works.

Hence 2. is the better way. You have reliable rules how traffic will flow, but you can't spread traffic for the same source or target or protocol or combination. That is, you can e.g. send all traffic from 192.168.0.0/64 to one interface, 192.168.0.64/64 to the next, aso.

You could also do a mixture of both; sensitive protocols, like HTTPS, will be restricted to a single interface by policy-based routing, other protocols are left to the round-robin.
0

Featured Post

What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

Transparency shows that a company is the kind of business that it wants people to think it is.
The use of stolen credentials is a hot commodity this year allowing threat actors to move laterally within the network in order to avoid breach detection.
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now