Junos OS

 View Only

IMPORTANT MODERATION NOTICE

This community is currently under full moderation, meaning  all posts will be reviewed before appearing in the community. Please expect a brief delay—there is no need to post multiple times. If your post is rejected, you'll receive an email outlining the reason(s). We've implemented full moderation to control spam. Thank you for your patience and participation.



  • 1.  Ethernet switching in chassis cluster mode

    This message was posted by a user wishing to remain anonymous
    Posted 07-12-2022 09:58
      |   view attached
    This message was posted by a user wishing to remain anonymous

    Ethernet switching in chassis cluster mode

    I have cluster (Active/Standby) with SRX 550 and VRRP with SRX 345 (2 Numbers), VRRP Firewall 1 is connected to Cluster Primary (Active) Firewall Only and VRRP Firewall 2 is connected to Cluster Secondary (Standby) Firewall Only.
    When the VRRP Firewall 1 is rebooted there is no traffic to VRRP Firewall 2 because the standby Firewall is connected VRRP Firewall 2.
    In order to resolve this issue kindly advise is it ethernet switching in chassis cluster mode is a suitable solution ?  Please find attached sample architecture.


    Regards


  • 2.  RE: Ethernet switching in chassis cluster mode

    Posted 07-17-2022 15:12
    If I follow you question correctly you cannot get the configuration you are looking for.

    I think you want the standby SRX to accept traffic and hand it over to the active SRX in the cluster.  This is NOT how active/standby devices will work.  With an active/standby cluster there is NO traffic passing through the standby device.  The only communications with standby are the communications between the cluster RE nodes themselves.

    You would need to configure and active/active cluster to have traffic transit the standby node.

    ------------------------------
    Steve Puluka BSEET - Juniper Ambassador
    IP Architect - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP - Retired)
    http://puluka.com/home
    ------------------------------



  • 3.  RE: Ethernet switching in chassis cluster mode

    This message was posted by a user wishing to remain anonymous
    Posted 07-22-2022 17:49
    This message was posted by a user wishing to remain anonymous

    In active/active mode both srx will send the traffic to Vrrp firewalls?
    Or
    what ever the redundancy group configured firewall will communicate to corresponding firewall?


  • 4.  RE: Ethernet switching in chassis cluster mode

    Posted 07-23-2022 09:48
    With Active / passive mode only the active firewall interfaces will accept and pass traffic.

    In active / active mode both firewall interfaces can pass and transit traffic depending on the details of the configuration.  But there is only one routing engine controlling all the decisions with the other as a backup.

    The overview description of active / active is here.
    https://www.juniper.net/documentation/en_US/nsm2012.2/topics/concept/security-service-firewall-screenos-active-active-cluster-overview.html

    And and example configuration here
    https://www.juniper.net/documentation/en_US/release-independent/nce/topics/example/chassis-cluster-srx-active-active-configuring.html

    ------------------------------
    Steve Puluka BSEET - Juniper Ambassador
    IP Architect - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP - Retired)
    http://puluka.com/home
    ------------------------------