newbie-help configure dual isp on juniper srx



  • hi. i’m a newbie at networks,
    i am trying to configure a juniper srx to work with 2 diffrent isp.
    i want to have redundancy is one fails, and also to do some load balancing for the network.
    the trafic on the network is mostly composed of some pc’s that stream live on different servers: youtube twitch, etc. i found that youtube works better with one isp and twitch with other one, but it could be the same pc that runs 2 gaming streams one on youtube and one on twitch for example so i don’t want to do a simple failover, like if one isp fails the traffic goes to the second one.

    one isp router is 192.168.1.1 and the other one is 192.169.1.1 and they are dhcp enabled
    i tryed to inspire from :
    http://www.mustbegeek.com/configure-filter-based-load-balancing-in-juniper-srx/

    but i am doing something wrong,don’t know what

    Last commit:

    version …;
    system {
    host-name juniper;
    root-authentication {
    encrypted-password “xxx”;
    }
    name-server {
    1.1.1.1;
    1.0.0.1;
    }
    services {
    ssh;
    telnet;
    xnm-clear-text;
    web-management {
    http {
    interface vlan.0;
    }
    https {
    system-generated-certificate;
    interface vlan.0;
    }
    }
    dhcp {
    maximum-lease-time 43000;
    default-lease-time 40000;
    router {
    192.167.1.1;
    }
    pool 192.167.1.0/24 {
    address-range low 192.167.1.3 high 192.167.1.254;
    }
    propagate-settings “set fe-0/0/7.0”;
    }
    }
    syslog {
    archive size 100k files 3;
    user * {
    any emergency;
    }
    file messages {
    any critical;
    authorization info;
    }
    file interactive-commands {
    interactive-commands error;
    }
    }
    max-configurations-on-flash 5;
    max-configuration-rollbacks 5;
    license {
    autoupdate {
    url https://ae1.juniper.net/junos/key_retrieval;
    }
    }
    }
    interfaces {
    ge-0/0/0 {
    unit 0 {
    family inet {
    dhcp;
    }
    }
    }
    ge-0/0/1 {
    unit 0 {
    family inet {
    dhcp;
    }
    }
    }
    fe-0/0/2 {
    unit 0 {
    family ethernet-switching {
    vlan {
    members vlan-trust;
    }
    }
    }
    }
    fe-0/0/3 {
    unit 0 {
    family ethernet-switching {
    vlan {
    members vlan-trust;
    }
    }
    }
    }
    fe-0/0/4 {
    unit 0 {
    family ethernet-switching {
    vlan {
    members vlan-trust;
    }
    }
    }
    }
    fe-0/0/5 {
    unit 0 {
    family ethernet-switching {
    vlan {
    members vlan-trust;
    }
    }
    }
    }
    fe-0/0/6 {
    unit 0 {
    family inet {
    filter {
    input ISPA-FILTER;
    }
    address 192.166.1.1/24;
    }
    }
    }
    fe-0/0/7 {
    unit 0 {
    family inet {
    filter {
    input ISPB-FILTER;
    }
    address 192.167.1.1/24;
    }
    }
    }
    vlan {
    unit 0 {
    family inet {
    address 192.168.1.1/24;
    }
    }
    }
    }
    routing-options {
    static {
    route 192.167.1.0/24 next-hop 192.169.1.1;
    route 192.166.1.0/24 next-hop 192.168.1.1;
    }
    rib-groups {
    LOAD-BALANCE-RIB {
    import-rib [ inet.0 ISPA.inet.0 ISPB.inet.0 ];
    }
    }
    }
    protocols {
    stp;
    }
    security {
    nat {
    source {
    rule-set trust-to-untrust {
    from zone trust;
    to zone untrust;
    rule source-nat-rule {
    match {
    source-address 0.0.0.0/0;
    }
    then {
    source-nat {
    interface;
    }
    }
    }
    }
    rule-set movistar {
    from interface ge-0/0/0.0;
    to interface [ fe-0/0/3.0 fe-0/0/4.0 ];
    }
    }
    }
    screen {
    ids-option untrust-screen {
    icmp {
    ping-death;
    }
    ip {
    source-route-option;
    tear-drop;
    }
    tcp {
    syn-flood {
    alarm-threshold 1024;
    attack-threshold 200;
    source-threshold 1024;
    destination-threshold 2048;
    timeout 20;
    }
    land;
    }
    }
    }
    zones {
    security-zone trust {
    host-inbound-traffic {
    system-services {
    all;
    }
    protocols {
    all;
    }
    }
    interfaces {
    vlan.0;
    }
    }
    security-zone untrust {
    screen untrust-screen;
    interfaces {
    ge-0/0/0.0 {
    host-inbound-traffic {
    system-services {
    dhcp;
    tftp;
    }
    }
    }
    }
    }
    }
    policies {
    from-zone trust to-zone untrust {
    policy trust-to-untrust {
    match {
    source-address any;
    destination-address any;
    application any;
    }
    then {
    permit;
    }
    }
    }
    }
    }
    firewall {
    family inet {
    filter ISPA-FILTER {
    term FOR-ISPA {
    from {
    source-address {
    192.166.1.0/24;
    }
    }
    then {
    routing-instance ISPA;
    }
    }
    }
    filter ISPB-FILTER {
    term FOR-ISPB {
    from {
    source-address {
    192.167.1.0/24;
    }
    }
    then {
    routing-instance ISPB;
    }
    }
    }
    }
    }
    routing-instances {
    ISPA {
    instance-type forwarding;
    routing-options {
    static {
    route 0.0.0.0/0 {
    next-hop 192.168.1.1;
    qualified-next-hop 192.169.1.1 {
    preference 7;
    }
    }
    }
    }
    }
    ISPB {
    instance-type forwarding;
    routing-options {
    static {
    route 0.0.0.0/0 {
    next-hop 192.169.1.1;
    qualified-next-hop 192.168.1.1 {
    preference 7;
    }
    }
    }
    }
    }
    }
    vlans {
    vlan-trust {
    vlan-id 3;
    l3-interface vlan.0;
    }
    }


 

56
Online

38.5k
Users

12.7k
Topics

44.5k
Posts