SRX

 View Only
last person joined: 18 hours ago 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.

Dual active-backup IPsec VPN chassis clusters and Z-mode flows

  • 1.  Dual active-backup IPsec VPN chassis clusters and Z-mode flows

    Posted 12-09-2020 04:48
    Hi,

    In the Juniper docs for configuring Dual active-backup IPsec VPN in chassis clusters, there's a statement that says 'Dual active-backup IPsec VPN chassis clusters cannot be configured with Z-mode flows. Z-mode flows occur when traffic enters an interface on a chassis cluster node, passes through the fabric link, and exits through an interface on the other cluster node'


    I'm assuming in reality it can actually be configured, but will just not work if data has to traverse across to the other node, can anyone confirm what will happen, is traffic just dropped, and also why it is not able to to perform this when VPN's are introduced in this configuration, assuming Z-flow is not necessarily an issue in an active/active setup without them.

    Thanks