The customer want to connect there new srx4600 cluster direct to a pair of mx10003 (not via switch layer).
The only working solution I can see is to create bridge domain + vrrp in both mx10003, and thus access the switch function as needed.
Is there another way to solve it?
SRX4600 cluster is generally deployed to leverage the redundancy feature. The failovers on SRXs use the GARPs to force the switching infrastructure to forward traffic to new primary interfaces. Therefore, you would need the MX interfaces to act as a bridge.
I don't think you would need VRRP on the interfaces facing SRX as we only want common L-2 infrastructure.
I can think of 2 possible solutions : -
1. When MXs provide the L-2 infrastructure.
Assuming reth0 is a Northbound interface on SRX consist of ge-0/0/0 from both nodes.
Node-0 (ge-0/0/0) ----- (ge-0/0/0) MX-1
Node-1 (ge-0/0/0) ----- (ge-0/0/0) MX-2
MX-1 (ge-0/0/1) ---- (ge-0/0/1) MX-2 . <<<<<<<<<< This will act as a bridge port between the two MXs extending the L2 domain.
In this case, ge-0/0/0 and ge-0/0/1 will be a part of a single bridge domain. You may add an L3 interface to this bridge which can act as a gateway to SRX cluster.
2. This is a complex approach and may need careful designing of the routing protocols. It uses Routing protocols over 2 interfaces to do the failover and all interfaces used are L3. This requires you to spend more IP addresses.
Assuming reth0 on SRX consist of ge-0/0/0 from Node-0 and reth1 on SRX consist of ge-0/0/0 from Node-1.
Note both interfaces reth0 and reth1 are in the same direction (Northbound ).
Now you can establish an IBGP/OSPF with the two interfaces reth0 and reth1 making one of them a preferred route.
Note that reth0 and reth1 would be placed in different RGs where Node-0 is primary for reth0's RG and Node-1 is primary for reth1's RG.
You may like to put both reths in the same zone to avoid any drop due to asymmetric return path.
You can extend the same logic to rest of the interfaces.
I hope this helps!
The following KB article uses SRX5800 as an example for deployment in chassis cluster scenario but you can use other SRXs too like SRX4600s to build network.
Please see if one of them suits your requirements and if you have any other specific question, let us know.