SRX

 View Only
last person joined: yesterday 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.

  • 1.  SRX HA Design

    Posted 03-07-2018 19:07

    Hello Experts,

     

    I am newbie to Juniper world. 🙂 I have a question about setting up a HA parir SRX cluster.

    SRX HA Design.JPG

    I have planning to do a setup like this. First thing I wanted to know is whether this is a valid design?

     

    The reason why I am aiming for etherchannel between SRX and the switch is there a around 10 differnet zones that we need to setup in SRX. I could set each zone into a physical interface in SRX. What I wanted to check is if there is way to setup a trunk from switch to SRX and push differnet zone traffic to SRX. At the same time I need to setup differnet Reth interfaces for all zones for HA between the SRXs.

     

    To recap the requirements are:

     

    1) All 10 zones traffic sent to the SRX using a Etherchannel that carries different VLAN traffic to SRX

    2) Have a proper HA cluster using Reth interfaces for 10 different redundancy groups.

     

    Please let me know if you need more details.



  • 2.  RE: SRX HA Design

    Posted 03-07-2018 20:53

    Hi Krishna,

     

    You may refer following kb to connect SRX with Switch (running LACP/Etherchannel).

     

    https://kb.juniper.net/InfoCenter/index?page=content&id=kb22474

     

    For the requirements you mentioned, i would like to break it in parts.

     

    1) All 10 zones traffic sent to the SRX using a Etherchannel that carries different VLAN traffic to SRX. ---> You can configure vlan-tagging on reth interfaces which will carry different vlan traffic to respective subinterfaces. You may assigned each sub-interface to different zone as per your requirements.

     

    2) Have a proper HA cluster using Reth interfaces for 10 different redundancy groups - This is a conflicting requirements to above. You can achieve a proper HA failover of 1 reth (with multiple sub-interfaces) using 1 redundancy group as you can not map a subinterfaces of reth to different redundancy groups. hence, following will be two possible solutions.

     

    (a). - create a 1 reth and map it to 1 redundancy group. which will do the desired failover.

    (b). if you want to create 10 redundancy group, then you need to create 10 reth with different IP addresses and different ports for each vlans. It will increase the cabling and managebility over head hence not recommended solution. But at the end of the it is customer's choice.

     

    HTH.



  • 3.  RE: SRX HA Design

    Posted 03-07-2018 21:03
    Hello Milind,

    Awesome!

    After a bit of reading and testing I also found the same points as your recommendations, Thanks lot for confirming this.


  • 4.  RE: SRX HA Design
    Best Answer

    Posted 03-07-2018 21:12

    Kindly close the thread if it has resolved your issue please.



  • 5.  RE: SRX HA Design

     
    Posted 03-08-2018 03:24

    Here is a good example:

     

    http://blog.netpro.be/juniper-srx-clustering-with-lacp/