View Only
last person joined: 2 days ago 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.
  • 1.  Reth interfaces on Untrust zone

    Posted 03-22-2022 09:50
    Hi all,

    Based on the the following  Juniper TEchLibrary document  -Configuring an Active/Active Layer 3 Cluster Deployment,  I understand that there are only 2 Reth interfaces  that are associated with the Trust zone.  I have some questions about why this design hasn't got any  Reth interface(s) on the Untrust zone whilst Full Mech Chassis Cluster ( 2nd link below) has 2 reth interfaces on the Untrust zone..... 

    And  advice please?

    Example: Configuring an Active/Active Layer 3 Cluster Deployment

    Example: Configuring an SRX Series Services Gateway as a Full Mesh Chassis Cluster


  • 2.  RE: Reth interfaces on Untrust zone

    Posted 03-23-2022 09:47
    The difference is in the active/active diagram the two ISP are connected directly to single SRX node in the cluster.  So in that case there is no reth interface. 

    The reth interface allows a port on  each of the cluster members to back each other up using redundant ethernet protocol.  When the ISP is connected upstream like the second example then only one of the two srx at a time is connecting.

    Steve Puluka BSEET - Juniper Ambassador
    IP Architect - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP)