Switching

Hi,

 

We have Cisco 6506 switch at H.O. and Juniper Ex switches (4300, 4200) at branch location. We are planning to connect both office with 2 point to point link. If one link goes down second link will transfer all the traffic(vlan)

please suggest how can we do that(i.e. LACP, any kind of routing(dynamic) or if any)

 

Thank you..

#switching

Hello,

Easiest way would be to use either

1/ Flex Link on CSCO side https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3550/software/release/12-2_25_see/configuration/guide/swflink.html

or

2/ Redundant Trunk Group (RTG) on Juniper side

https://www.juniper.net/documentation/en_US/junos/topics/example/cfm-ex-series-redundant-trunk-groups.html

https://www.juniper.net/documentation/en_US/junos/topics/example/cfm-ex-series-redundant-trunk-groups-els.html

But not both at the same time.

HTH

Thx
Alex

Hi,
What will be p2p link type. Layer2 or layer3. Can we use both p2p link simultaneously.

Hello,

I see You haven't actually read the links I supplied. No probs, it happens all the time 

CSCO says

Flex Links are a pair of a Layer 2 interfaces (switch ports or port channels) 

Same for Juniper. The documentation does not spell in clearly but this wording is important

If the active link either goes down or is disabled administratively, it broadcasts a list of
its known MAC addresses for data traffic; the other link immediately picks up and adds the
MAC addresses to its address table, becomes active, and begins forwarding traffic.

So You can deduce that the primary link needs to learn MACs for the JNPR RTG to function. And to learn MACs, the link needs to be enabled with "family ethernet-switching". I also verified it in the lab by enabling RTG for et-0/0/15 and et-0/0/16, I also removed "family ethernet-switching" from et-0/0/15|16 and added "family inet" as below:

[edit interfaces et-0/0/15 unit 0]
+      family inet {
+          address 203.0.113.129/30;
+      }
-      family ethernet-switching {
-          vlan {
-              members default;
-          }
-          storm-control default;
-      }
[edit interfaces et-0/0/16 unit 0]
+      family inet {
+          address 203.0.113.133/30;
+      }
-      family ethernet-switching {
-          vlan {
-              members default;
-          }
-          storm-control default;
-      }
[edit protocols rstp]
+   disable;
[edit]
+  switch-options {
+      redundant-trunk-group {
+          group rtg0 {
+              preempt-cutover-timer 60;
+              interface et-0/0/15.0 {
+                  primary;
+              }
+              interface et-0/0/16.0;   
+          }
+      }
+  }

The result is

{master:0}[edit]
ccl@qfx5200# commit ch
01 Feb 2018 10:25:02 UTCeck 
[edit switch-options redundant-trunk-group group rtg0]
  'interface et-0/0/15.0'
    L2ALD rtg : Interface et-0/0/15.0 is not enabled for Ethernet Switching
error: configuration check-out failed

So the conclusion is that You cannot use JNPR RTG as both L2 and L3, only as L2 with "family ethernet-switching". But this does not prevent You from configuring a stub vlan with SVI (IRB or vlan.XYZ L3 interface) and having a L3 connectivity across said link on that stub VLAN.

HTH

Thx
Alex

Hi Alex,

Thank you and appreciate your efforts..

The scenario is P2P solution in between Cisco 6506 switch(H.O.) and Juniper EX 3400/4300(Branch location) for max 60 users.

Two Layer3 Link(different ISP) will be used for P2P connectivity. Both link need to up and active simultaneously. There are few configuration suggestion we have consider to achieve P2P connectivity for this scenario. First we will try LACP if that will not work then we will go for Layer3 VLAN / OSPF(with IPsec) / BGP / MPLS. There is some dependency at ISP end as well.

As I checked, Juniper EX3400/4300 has limited/no features for MPLS and IPsec. Need your expert advice to achieve the  requirement.

Supported protocol - https://www.juniper.net/documentation/en_US/junos/topics/reference/general/ex-series-l3-protocols-supported.html

 

Not supported protocol - https://www.juniper.net/documentation/en_US/junos/topics/reference/general/ex-series-l3-protocols-not-supported.html

We also have same type of connectivity with other branch location. We used there LACP but observed asynchronous routing(3 ISP at H.O.) issue so we are using only one ISP link for the connectivity and second link remains ideal.

 

Thank you...

Hi,

 

Following is my understanding about your scenario.

 

Since provider link is an l3 link.your topology will be as follows.

 

Cisco 6509 (stand alone or VSS) --->192.168.1.0/30(provider/Cisco segment)-------provider cloud------->192.168.1.4/30-----Juniper EX 4200 (This is for one link)

 

Similar, setup will be there for secondary link as well. 

 

If above scenario is correct, then ospf with authentication you may use for dynamic routing and failover to acheive your requirements.

 

If your links are l2, then following will be the scenario.

 

Cisco 6509 (stand alone or VSS) 192.168.1.1/30(provider/Cisco segment)-------provider cloud------->192.168.1.2/30 Juniper EX 4200 (This is for one link)

similar setup will be there for secondary link.

 

In this scenario, you may do lacp based aggregation where you may configure port channel on Cisco 6500 and ae config on Juniper ex 4200.

 

Hi Milind,

 

We have standalone cisco 6506 switch and 2 Layer 3 p2p link. Both link need to up and pass network traffic. We have concern about MPLS and IPsec functionality on EX platform.

 

Thank you

As you yourself already stated, EX4300 does not support IPSEC or MPLS (L3 VPN I assume is what you would be looking for?).

 

2milindmistry already told you solution was to run some Routing protocol, like OSPF, on both L3 links and then you could either let protocol choose best path, or potential enable ECMP to let both pathes, if equal, to be active.  You might also want to consider running BFD over OSPF for faster end-to-end failure detection.

 

@milindmistry has provided you the answer, not sure what the confusion is?  Have you asked this question to your local Juniper Partner or Sales team, from whom you purchased the Juniper gear?  Both should be able to assist you.

Hi Nikhil,

I think solution is to use dynamic routing protocol with ecmp as i mentioned above.

MPLS is not supported on Ex 4x00 series switches.

IPsec over ospfv3 is supported only on ex series.

pl note following link.

https://apps.juniper.net/feature-explorer/feature-info.html?fKey=1179&fn=IP+Security+(IPSec)+authentication+for+OSPFv3