I'm going do deploy a couple of customer connections at two different sites. Each site will have two SRX210 and two leased lines, running BGP for failover functionality.
At site1 the two SRX210 will be sitting in the same rack and my plan was to use JSRP-cluster between them. One reth on the the inside so the customer gets one IP-adress and then one interface against each leased line (no reth).
At site2 the SRX210 will be separated by some distance and what I have read jsrp-cluster don't work if there is a switch between them (fabric, control link). What can I use here to receive some kind of redundancy but still give the customer one address on the inside that they can route via?
Does the suggestion at site1 make sense?
You can run VRRP and offer that VIP-address for your clients. You might also find running normal BGP+VRRP a lot more stable than the SRX/J-series cluster function. Also in cluster mode you will lose most of the features available in non-cluster mode.
Thanks for the reply.
So one BGP per SRX and IBGP between them and VRRP against the internal network, correct?
Yeah that work's fine. I have that kind of setup with J-series here. I have also configured BFD between the BGP-peers so they notice faster if the link has dropped.
Are those SRX in packet or flow-based mode? If the former, I agree in that it's a simple and elegant solution.
However, if in flow-based mode, all established-flow related information is lost whenever traffic is rerouted, is that correct?
Regarding having a cluster over a layer 2 ethernet network, there are some tips to make this work (where's the FAQ on HA for Juniper products?). "SRX Services Gateway Cluster Deployments Across Layer Two Networks"
Then you are one of the lucky ones to have a stable J-Series/SRX cluster. Can you please share a config so we can learn from it.