About: rtoodtoo

Worked for more than 10 years as a Network/Support Engineer and also interested in Python, Linux, Security and SD-WAN // JNCIE-SEC #223 / RHCE / PCNSE


4 thoughts on “srx-flow-routing-asymmetry-symmetry”

  1. This seems like a situation where you’d really want to control the inbound flow to prevent that kind of thing from happening. I guess depending on how you are connecting to the ISPs you might not have that option/flexibility to tell them how to come in – but then again, if you are hosting the service, it seems like it would be easier to have the default route interface be the ingress for traffic unless you had a use case to make it use ISP2 because of the cost of the link/speed/etc. I haven’t run across anything like that, so I’d be interested to hear what kind of scenario was in play. I’ve had issues with asymmetrical routing (not a bad thing, unless you are going through a firewall) but it was caused by the way we were advertising the routes out to our ISP (advertising it out wrong, say to ISP2, when we should have been doing it to ISP1 unless there was a complete failure of ISP1).

    Really cool that you can correct it this way though. Definitely would have been puzzled if I ran across that situation. Cool write up!

    1. Thanks Joe. Personally I never liked asymmetric routing especially after diving into security world:) by the way somehow you left the comment on the topology image. I didn’t know that comment can be written for the image too. I need to disable this somehow.

      Genco.

You have a feedback?