Routing

------------------------------
SIVA PRABHALA VENKATA
------------------------------

I guess i need four individual BGP sessions on all four links for this failover to work.

------------------------------
SIVA PRABHALA VENKATA
------------------------------

Original Message:
Sent: 04-15-2024 16:28
From: SIVA PRABHALA VENKATA
Subject: Design Question on EX Series switches.

Note: EX's are connected to Distribution switch for rest of the subnets in that site, and DST have all irb's terminated. DST will get default from both cores but with current setup, only Path  is from DST -> Core-1 and Palo-1 and we are trying to get redundancy setup here.

I have two EX devices which are standalones and I'm trying to connect each Juniper box to Palo Pair (Active and Passive)(option-2 in diagram) so that Palo do not need to failover until (1/23 and /24 on Active Palo goes down), and we can use both EX's at same time instead of one having on backup. I guess I can not do ae interfaces here as per the setup (because I cannot bundle on Palo) and VRRP won't work in this case. What's the best option here? Is there a way that I can setup one VIP on EX-1 and one VIP on Ex-2 over those two physical interface (xe-0/0/32 and xe-0/0/33)so Palo can BGP peer over that single VIP IP, and even if Palo fails over, BGP peering neighbor IP's remain same?

 

I can have EX-2 on standby, connected to the passive and connect EX-1 to Active (single straight links) and make this work, Let's say all routing happens over EX-1 and Core-1  and if that link goes down, Passive can take over and BGP comes up between EX-2 and Palo-2, Now they can exchange routes and traffic forwards using link between EX-2 and Palo-2. (option-1) but this is last option. Thanks!

anks!!

------------------------------
SIVA PRABHALA VENKATA
------------------------------

It's been a long time since I setup Palo Alto failover, but I'm pretty sure that in active/passive you only have peers running on the active device and the peering also fails over when the switch occurs.

I would think your best option with the BGP would be to run a multi hop peer from the PAN to the core switch and skip the individual peers with the EX in between.

------------------------------
Steve Puluka BSEET - Juniper Ambassador
IP Architect - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP - Retired)
http://puluka.com/home
------------------------------

Original Message:
Sent: 04-16-2024 12:43
From: SIVA PRABHALA VENKATA
Subject: Design Question on EX Series switches.

I guess i need four individual BGP sessions on all four links for this failover to work.

------------------------------
SIVA PRABHALA VENKATA

Original Message:
Sent: 04-15-2024 16:28
From: SIVA PRABHALA VENKATA
Subject: Design Question on EX Series switches.

Note: EX's are connected to Distribution switch for rest of the subnets in that site, and DST have all irb's terminated. DST will get default from both cores but with current setup, only Path  is from DST -> Core-1 and Palo-1 and we are trying to get redundancy setup here.

I have two EX devices which are standalones and I'm trying to connect each Juniper box to Palo Pair (Active and Passive)(option-2 in diagram) so that Palo do not need to failover until (1/23 and /24 on Active Palo goes down), and we can use both EX's at same time instead of one having on backup. I guess I can not do ae interfaces here as per the setup (because I cannot bundle on Palo) and VRRP won't work in this case. What's the best option here? Is there a way that I can setup one VIP on EX-1 and one VIP on Ex-2 over those two physical interface (xe-0/0/32 and xe-0/0/33)so Palo can BGP peer over that single VIP IP, and even if Palo fails over, BGP peering neighbor IP's remain same?

 

I can have EX-2 on standby, connected to the passive and connect EX-1 to Active (single straight links) and make this work, Let's say all routing happens over EX-1 and Core-1  and if that link goes down, Passive can take over and BGP comes up between EX-2 and Palo-2, Now they can exchange routes and traffic forwards using link between EX-2 and Palo-2. (option-1) but this is last option. Thanks!

anks!!

------------------------------
SIVA PRABHALA VENKATA
------------------------------