Log in to ask questions, share your expertise, or stay connected to content you value. Don’t have a login? Learn how to become a member.
We are currently running a router on a stick setup where all IRBs reside on the SRX running global switching mode and terminate on their respective security zone. I am doing this due to the nature of the environment and understand it is not a standard deployment pattern. I need to ensure that the network is in a HA state. Right now we only have a single SRX1500 and EX4300 and multiple access switches which works perfectly. Fortunately or unfortunately the customer went ahead and purchased an additional SRX1500 and EX4300 before I was working with them and it is too late to pull the pin on the order.
With reference to- https://www.juniper.net/documentation/us/en/software/junos/chassis-cluster-security-devices/topics/topic-map/security-chassis-cluster-ethernet-switching.html
It says that AE/LAG is unsupported with the SRX in switching mode. I am trying to figure out what the best way forward for a HA setup using the above design would be if LAG is not available in a clustered switching mode? The diagram is what I initially hoping to achieve.For context, this is a multi-tenant environment supporting multiple research projects. There is a need to use Security Policies with multiple different identity providers to enforce zone to zone communication along with other SRX specific features. I agree that the EX4300 handling L3 is the obvious option here, but it not suited for our environment.
Any help would be much appreciated.