SRX

 View Only
last person joined: 8 hours ago 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.

  • 1.  SRX to SRX VRRP not running

    Posted 09-25-2018 13:33

     

    Hi All,

     

    can you please confirm what i could be missing here.. I am simply trying to get VRRP working between two SRX devices, config to follow (same config on both sides other side using .216);

     

    set security zones security-zone mgmt interfaces reth1.24 host-inbound-traffic protocols vrrp
    set interfaces reth1 unit 24 family inet address 192.168.xx.215/24 vrrp-group 24 virtual-address 192.168.xx.217
    set interfaces reth1 unit 24 family inet address 192.168.xx.215/24 vrrp-group 24 priority 100
    set interfaces reth1 unit 24 family inet address 192.168.xx.215/24 vrrp-group 24 preempt hold-time 30
    set interfaces reth1 unit 24 family inet address 192.168.xx.215/24 vrrp-group 24 accept-data
    set interfaces reth1 unit 24 family inet address 192.168.xx.215/24 vrrp-group 24 authentication-type md5
    set interfaces reth1 unit 24 family inet address 192.168.xx.215/24 vrrp-group 24 authentication-key "$9$qPT3B1hlK869OREcvMJGDHP5Fn/pO1QzKMX7VbQF3"

     

    law@fw3# run show vrrp
    VRRP is not running

    {primary:node0}[edit]

     

    there is a juniper EX switch inbetween to provide the layer 2 connectivity... Note that both SRXs are within their own cluster, we need to do this as part of a migration... 

     

    Is there anything else that shoudl be enabled? I enabled the vrrp trace option though it didn't log anything.



  • 2.  RE: SRX to SRX VRRP not running

     
    Posted 09-25-2018 14:48

    Last time I checked VRRP was not supported on reth interfaces.

    https://kb.juniper.net/InfoCenter/index?page=content&id=KB12881

    but...

    https://www.juniper.net/documentation/en_US/junos/topics/reference/general/security-chassis-cluster-features-branch-srx.html

    says it's supported on some of the new platforms.

     

    Regards, Wojtek



  • 3.  RE: SRX to SRX VRRP not running
    Best Answer

    Posted 09-25-2018 14:58

    As Wojtek indicates this has not been supported until recently. Your SRX cluster needs to be running at least Junos 18.1R1 to support this functionality:

     

    VRRP and VRRPv3 support on redundant Ethernet interface to provide redundancy (SRX Series, vSRX)—Starting with Junos OS Release 18.1R1, SRX Series devices in a chassis cluster support the Virtual Router Redundancy Protocol (VRRP) and VRRPv3 on reth interfaces to provide redundancy, route advertising, and load sharing. Using VRRP, a secondary node can take over a failed primary node within a few seconds with minimum VRRP traffic and without any interaction with the hosts.

    Ref: https://www.juniper.net/documentation/en_US/junos/information-products/topic-collections/release-notes/18.1/topic-123973.html#jd0e22168



  • 4.  RE: SRX to SRX VRRP not running

    Posted 09-26-2018 01:32

    many thanks guys,