Security

 View Only
last person joined: 14 days ago 

Securing your network and related platform configuration and troubleshooting with Juniper security technologies including Advance Threat Prevention, Cloud-Based Management Services, Cloud-delivered Security, Cloud Workload Protection, DDoS, Juniper Secure and other solutions.

SRX4600 cluster via EX4600 switches.

  • 1.  SRX4600 cluster via EX4600 switches.

    Posted 03-03-2022 09:24

    Hello,

    I am trying to configure dual fabric chassis cluster (Active/Passive mode)  using SRX4600 devices and connect them via stack of ex4600 switches. Devices should be connected like this:

    EX4600 = SRX4600
     | LAG |
    EX4600 = SRX4600

    According to KB and official documents there is no need to  configure much on EX switches. Main requirements are:

    -jumbo frames - MTU size minimum 9016
    -IGMP snooping off
    -vlan tagging disabled

    SRX devices are configured properly. Stack is working fine when SRX devices are connected directly but once i am connecting them via switches they start working in split brain architecture. I was trying to use only one EX4600 switch but result was the same. I tried many different ways of VLAN configuration for example separating control links and fabric links in different vlans but result was always the same. Oddly enough when I am using Cisco switch with VLANs configured to separate control and fabric links SRX stack works perfectly fine so it has to be something with EX devices. 

    I was also trying to force 1g speed on control links and operate only with one fabric link but it always ends up in split brain mode. Also I did all troubleshooting steps mentioned in KBs but it didn't resolved the issue. 

    Do you have any suggestions  what could be causing this issue?

    Thanks for your answers!



    ------------------------------
    Sebastian Chmura
    ------------------------------