Junos OS

 View Only

IMPORTANT MODERATION NOTICE

This community is currently under full moderation, meaning  all posts will be reviewed before appearing in the community. Please expect a brief delay—there is no need to post multiple times. If your post is rejected, you'll receive an email outlining the reason(s). We've implemented full moderation to control spam. Thank you for your patience and participation.



Ethernet Switching in SRX Chassis Cluster

This thread has been viewed 2 times
  • 1.  Ethernet Switching in SRX Chassis Cluster

    This message was posted by a user wishing to remain anonymous
    Posted 05-18-2022 05:48
    This message was posted by a user wishing to remain anonymous

    We are currently running a router on a stick setup where all IRBs reside on the SRX running global switching mode and terminate on their respective security zone. I am doing this due to the nature of the environment and understand it is not a standard deployment pattern. I need to ensure that the network is in a HA state.  Right now we only have a single SRX1500 and EX4300 and multiple access switches which works perfectly. Fortunately or unfortunately the customer went ahead and purchased an additional SRX1500 and EX4300 before I was working with them and it is too late to pull the pin on the order.

    With reference to- https://www.juniper.net/documentation/us/en/software/junos/chassis-cluster-security-devices/topics/topic-map/security-chassis-cluster-ethernet-switching.html

    It says that AE/LAG is unsupported with the SRX in switching mode. I am trying to figure out what the best way forward for a HA setup using the above design would be if LAG is not available in a clustered switching mode? The diagram is what I initially hoping to achieve.

    For context, this is a multi-tenant environment supporting multiple research projects. There is a need to use Security Policies with multiple different identity providers to enforce zone to zone communication along with other SRX specific features. I agree that the EX4300 handling L3 is the obvious option here, but it not suited for our environment.

    Any help would be much appreciated.