Switching

Expand all | Collapse all

who controls redundancy? ae on EX4550 to reth SRX1400

Jump to Best Answer
  • 1.  who controls redundancy? ae on EX4550 to reth SRX1400

    Posted 07-24-2017 18:35

    hi there,

     

    Sorry if this has been answered somewhere, but I've searched high and low without a clear cut answer.

     

    We have a setup of two AE links (both with a single 10g member, configured as trunks) originaiting from a VC master and backup respectively, to an SRX cluster reth which will do vlan tagging:

     

    LACPactive                                                  LACPpassive

    EXmaster0:(xe-0/0/1)ae0<--------------->SRX:node0:reth1(xe-0/0/1)

    EXbackup1:(xe-1/0/1)ae1<-------------->SRX:node1:reth1(xe-4/0/1)

     

    It's my understanding that AE will load balance across links, essentially behaving in an active/active state, where as reth traffic is more active/passive behaviour. 

     

    I'm wondering which takes precedence when there is:

     

    A.is no redundancy group interface monitoring on the srx configured:

     

    >show configuration interfaces reth1

    vlan-tagging;
    redundant-ether-options {
        redundancy-group 1;
        lacp {
            passive;
            periodic slow;
        }
    }

     

     

     

    B. is redundancy group interface monitoring configured such as below:

     

    redundancy-group 1 {
        node 0 priority 100;
        node 1 priority 1;
        preempt;
        gratuitous-arp-count 4;
        interface-monitor {
            xe-0/0/1 weight 255;
            xe-4/0/1 weight 255;

        }

    }

     

     

    any insight into the above will be much appreciated

     

    cheers!

     



  • 2.  RE: who controls redundancy? ae on EX4550 to reth SRX1400
    Best Answer

     
    Posted 07-25-2017 09:01

    "It's my understanding that AE will load balance across links, essentially behaving in an active/active state, where as reth traffic is more active/passive behaviour. " => not 100% accurate

     

    I assume you want the SRX to function active/passive.  If you want active/active, you need different config and then you also need to make sure the return traffic hits the right SRX; most do NOT configure this way.

     

    The 2 x AE's on the EX4550 do NOT load-balance (right term is load-share).  They will act as 2 separte links.  By configuring them as AE's with single links, you have made them easier in the future to add in additional links for additional bandwidth, but they still work independant of each other.  Load-sharing only occurs within a single AE, not between AE's.

     

    The SRX cluster will control on which AE traffic is sent - only one member of a Reth will be active at any moment in time, associated with the active SRX.  So even though the 2 x AE's on the EX4550 could function active/active, and link will be up on both, there will be limited learning on the inactive AE, which will force all traffic down the active AE.

     

    See this link for details - https://kb.juniper.net/library/CUSTOMERSERVICE/GLOBAL_JTAC/NT260/SRX_HA_Deployment_Guide.pdf

     

    Bottom of pages 10 and 11 state:

     

    3 The secondary interface itself will actually still pass traffic, but there will be no flow processing for it. I.e., it is flow processing that stops the traffic. One example of traffic that can still go through the interface is ARP requests received on the secondary node interface, which will be sent to the active RE. The response to the ARP requests will be sent out on the primary node interface. Another example is IP Monitoring, which can send pings from the secondary node as well, to test connectivity.

     

    I assume what you are trying to do is what is depicted on page 16 of the deployment guide, except the AE's from the switch (EX4550) only have a single link in them.  Since SRX Clustering has not changed in a long time, the fact that the deployment guide is dated 2014 should not be an issue.

     

    Here is a link that talks about supported/non-supported LACP configurations for SRX Clusters - https://kb.juniper.net/InfoCenter/index?page=content&id=KB22474

     

    Your current config should work as you hace created 2 x AE's on the EX4550s (I believe).  It is same as supported config example above but with 2nd interface on each AE being down.

     

    I also found this later guide - https://www.juniper.net/documentation/en_US/release-independent/nce/information-products/pathway-pages/nce/nce0092-chassis-cluster-srx-configuring.pdf (contains nothing more than original HA/Cluster guide).

     

    Hopefully this helps you.



  • 3.  RE: who controls redundancy? ae on EX4550 to reth SRX1400

    Posted 07-25-2017 20:56

    Hi there,

     

    Thanks a lot for the detailed response, you've answered the question for me in that the SRX will control the active/passive state of the two LAGs in our setup.

     

    The only thing I'm wondering now is If no redundancy group configuration other than redundancy group 0 configured such as below, how will the reth by default determine which interface is the active and which is the passive? 

     

    redundancy-group 1 {
        node 0 priority 100;
        node 1 priority 1;
        preempt;
        gratuitous-arp-count 4;
        interface-monitor {
            xe-0/0/1 weight 255;
            xe-4/0/1 weight 255;

        }

    }

     

     

    Thanks again!

     

     

     



  • 4.  RE: who controls redundancy? ae on EX4550 to reth SRX1400

     
    Posted 07-26-2017 09:10

    RG0 is special and is always associated with the Control Plane - whether Node 0 or Node 1 RE is Primary (Master) or Secondary.  Sync will happen across the Fabric Link.  Other RG's are associated with RETHs which are associated with physical interface(s).  A reth interface is a virtual interface. It will be active on one of the two nodes only and it has the ability to move/failover to the other node. 

     

    Only one Node will have any specific RETH as primary; other side will always be in secondary.  See page 19 of 3rd URL - cut and paste does not work well.

     

     

    SRX Cluster can not function properly with out both RG0 and some other RG.  I 'think' this is the question you are asking??  See pages 4-9 of the HA deployment guide for all details.