Description and cases

The SSG can act as a traffic balancer based on IP addresses belonging to an AS defined as local in asnum.dscp.
In this case, the SSG-LB acts as an L2-bridge in the network, hence the name L2 traffic balancer.

DPI functionality does not work in this mode.

Case: Balancer on a traffic mirror

Suppose a 400Gbps traffic mirror needs to be evenly distributed among four VAS platforms (Value-Added Services) performing traffic analysis and various detection.
In this case, SSG-LB will evenly distribute traffic with equal port utilization on the pullers and maintain traffic symmetry (traffic from one session will be directed to only one puller).

Example configuration /etc/dpi/fastdpi.conf:

  • Traffic mirroring is fed into 4x100G interfaces.
  • Traffic is balanced between four pullers, each puller is connected by 4x25G links.
in_dev=05-00.0:05-00.1:05-00.2:05-00.3
out_dev=01-00.0:01-00.1:01-00.2:01-00.3:02-00.0:02-00.1:02-00.2:02-00.3:03-00.0:03-00.1:03-00.2:03-00.3:04-00.0:04-00.1:04-00.2:04-00.3
 
#FastDPI Control
ctrl_port=29000
ctrl_dev=lo
 
#Turn on Load Balancing
enable_l2_lb=1
 
#Balance algorithm
maglev=2
 
#Hash table
lb_hash_out_dev_type=1