Load-Balancing for IGP

In the following post I will explain you a usual configuration to achieve a load-balancing in JunOS. I will use the following topology for this example:

Topology for Load-Balancing
Topology for Load-Balancing

The routers are all configured as logical-systems on one M5 in my lab. The connection between them is made by one cross cable between port fe-0/2/2 and fe-0/2/3 via VLANs.

For this example I use OSPF as IGP with every router in Area 0.



Default Behavior

The default configuration in JunOS doesn’t have load-balancing enabled. Even if your IGP learned multiple equal-paths to the same destination, it shows you them in your routing-table, but only one next-hop is choosen to get installed into your forwarding-table.

We will take a  look at the loopback address of R4 from the point of view of R1. R1 see two equal-paths to, one goes to R2, the other one goes via R3. In the routing-table we can see that R1 „selected“  the route with the next-hop of R3. Also this next-hop got installed into the forwarding-table:

admin@router:R1> show route extensive

inet.0: 12 destinations, 12 routes (12 active, 0 holddown, 0 hidden) (1 entry, 1 announced)
KRT in-kernel -> {}
 *OSPF Preference: 10
 Next hop type: Router
 Address: 0x8fd1078
 Next-hop reference count: 2
 Next hop: via fe-0/2/2.50
 Next hop: via fe-0/2/2.51, selected
 State: <Active Int>
 Age: 8:43 Metric: 2
 Task: OSPF
 Announcement bits (1): 2-KRT
 AS path: I

admin@router:R1> show route forwarding-table destination detail
Logical system: R1
Routing table: default.inet
Destination Type RtRef Next hop Type Index NhRef Netif user 0 ucst 1046 5 fe-0/2/2.51

What does it mean for us? Only the next-hop pointing R3 will used to forward traffic to the destination – ever! The next-hop will only change, if link goes down and the IGP has to choose another path.

Per-Packet or Per-Flow?

The load-balancing configuration in JunOS is a little bit misleading. It use a configuration option named „per-packet“. In fact every current platform (like MX) use a per-flow load-balancing. Only the early M20/M40 ABC-chipsets got a chip called C-chip, also known as „Internet Processor I“, which only could do per-packet load-balancing. Every later chipsets, including newer ABC-chipsets with Cf-chip „Internet Processor II“, do per-flow load-balancing. So don’t bother about it, just know it is always a per-flow load-balancing.

IGP Load-Balancing

To activate per-flow load-balancing you must configure a policy with an then-action „load-balance per-packet“. You can influence the load-balancing by adding a route-filter to the policy. Additionally youm ust apply this policy to the forwarding-table.

Here is configuration example:

admin@router:R1> show configuration | compare rollback 1
[edit logical-systems R1]
+ policy-options {
+     policy-statement load-balance {
+         then {
+             load-balance per-packet;
+         }
+     }
+ }
+ routing-options {
+     forwarding-table {
+         export load-balance;
+     }
+ }


This configuration now allow the router to install all (upto 16 per default) equal-cost next-hops into your forwarding-table. With multiple next-hops your chipset now can do the per-flow load-balancing.

admin@router:R1> show route forwarding-table destination

 Logical system: R1
 Routing table: default.inet
 Destination Type RtRef Next hop Type Index NhRef Netif user 0 ulst 262142 3 ucst 1044 5 fe-0/2/2.50 ucst 1046 5 fe-0/2/2.51

Influence hashing

The hashing algorithm determine a flow by source/destination IP address and doesnt‘ include the TCP/UDP ports. If you want to include the layer-4 informations, you must apply the following configuration:

admin@router# show | compare

+ forwarding-options {
+     hash-key {
+         family inet {
+             layer-3;
+             layer-4;
+         }
+     }
+ }


(if you work with logical systems you cannot configure the hash-key, you must configure this globally…)


Here you can download my configuration of the  Logical-Systems.

In one of my next posts, I will explain BGP multipath configuration and VPN load-balancing.

Schreibe einen Kommentar

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert.