Switching

Hi,

First my apologies if this was previously posted and or should be in the SRX community.

I am having an issue and cannot find a proper solution and or I do not like the solution.

I have an EX stack with multiple switches.  I have an SRX385 cluster.  I am trying to create 3 HA groups.  One for uplinks between the SRX cluster and the EX stack.  I am using 4 ports - 1 from each SFP+ port on each SRX and 1 from 2 switches.  So I have a link to and from both SRX units and 2 switches to cover any issues with either a SRX node or a switch.

I am trying to build out the same config for the uplink from the ISP and from a device in a DMZ.  So I have 3 Reth groups using a total of 6 interfaces on the SRX cluster and 6 interfaces on the EX stack.  The plan is to plug the DMZ device and ISP into the other 2 reth groups.  I know that if I lose a switch with say the ISP in it we will go down but will stay online if a SRX node goes offline. I am also using 10Gb links for cross connection to and from the SRX cluster to the EX stack and really do not need 40Gb and do not want to use 4 of those interfaces.

I hope that all makes sense?  I have this doc, CEC Juniper Community  which looks to me as if it requires 4 interfaces for each Reth or HA.  That would require 24 ports.  That seems excessive..  Is there a better model or idea that I am not thinking about.

Thank you in advance.

TY

------------------------------
TODD YOUNGBAUER
------------------------------

At a high level there are three general ways the SRX clustering examples are setup.  This network configuration example document goes over all three methods in detail.  You should be able to pick the one that fits your comfort for redundancy.  Note that while the examples show routers instead of switch clusters in some of the positions you can also deploy those via the EX cluster in that position as well.

https://www.juniper.net/documentation/en_US/release-independent/nce/information-products/pathway-pages/nce/nce0092-chassis-cluster-srx-configuring.pdf

------------------------------
Steve Puluka BSEET - Juniper Ambassador
IP Architect - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP - Retired)
http://puluka.com/home
------------------------------

Original Message:
Sent: 09-20-2023 09:22
From: TODD YOUNGBAUER
Subject: HA with EX stack and SRX cluster

Hi,

First my apologies if this was previously posted and or should be in the SRX community.

I am having an issue and cannot find a proper solution and or I do not like the solution.

I have an EX stack with multiple switches.  I have an SRX385 cluster.  I am trying to create 3 HA groups.  One for uplinks between the SRX cluster and the EX stack.  I am using 4 ports - 1 from each SFP+ port on each SRX and 1 from 2 switches.  So I have a link to and from both SRX units and 2 switches to cover any issues with either a SRX node or a switch.

I am trying to build out the same config for the uplink from the ISP and from a device in a DMZ.  So I have 3 Reth groups using a total of 6 interfaces on the SRX cluster and 6 interfaces on the EX stack.  The plan is to plug the DMZ device and ISP into the other 2 reth groups.  I know that if I lose a switch with say the ISP in it we will go down but will stay online if a SRX node goes offline. I am also using 10Gb links for cross connection to and from the SRX cluster to the EX stack and really do not need 40Gb and do not want to use 4 of those interfaces.

I hope that all makes sense?  I have this doc, CEC Juniper Community  which looks to me as if it requires 4 interfaces for each Reth or HA.  That would require 24 ports.  That seems excessive..  Is there a better model or idea that I am not thinking about.

Thank you in advance.

TY

------------------------------
TODD YOUNGBAUER
------------------------------

Thanks Steve.

Here is the config that is working for me.  I have 2 - 20Gb ae groups an 40Gb together.  I can pull up to 4 interfaces and still have connectivity.  I also have a sub interface on the SRX so I can add addition VLAN / Interfaces and connect them to different security zones.

Hope this can help someone else.

TY

xe-0/0/17
    gigether-options {
        redundant-parent reth1;

xe-0/0/18
    gigether-options {
        redundant-parent reth1;

xe-5/0/17
    gigether-options {
        redundant-parent reth1;

xe-5/0/18
    gigether-options {
        redundant-parent reth1;

reth1
    vlan-tagging;
    redundant-ether-options
        redundancy-group 1;

    unit 954
        vlan-id 954;
        family inet
            address x.x.x.x/30;

xe-0/2/1
    ether-options
        802.3ad ae1;

xe-0/2/2
    ether-options
        802.3ad ae2;

xe-1/2/1
    ether-options
        802.3ad ae2;
    
xe-1/2/2
    ether-options
        802.3ad ae1;

ae1
    description "Uplink to SRX Node 0";
    aggregated-ether-options
        minimum-links 1;
   
    unit 0
        family ethernet-switching
            interface-mode trunk;
            vlan
                members network-routing;

ae2
    description "Uplink to SRX Node 1";
    aggregated-ether-options
        minimum-links 1;
   
    unit 0
        family ethernet-switching
            interface-mode trunk;
            vlan
                members network-routing;

SRX xe-0/0/17  <---->  EX xe-1/2/2
SRX xe-0/0/18  <---->  EX xe-0/2/1
SRX xe-5/0/17  <---->  EX xe-0/2/2
SRX xe-5/0/18  <---->  EX xe-1/2/1

------------------------------
TODD YOUNGBAUER
------------------------------

Original Message:
Sent: 09-20-2023 20:05
From: spuluka
Subject: HA with EX stack and SRX cluster

At a high level there are three general ways the SRX clustering examples are setup.  This network configuration example document goes over all three methods in detail.  You should be able to pick the one that fits your comfort for redundancy.  Note that while the examples show routers instead of switch clusters in some of the positions you can also deploy those via the EX cluster in that position as well.

https://www.juniper.net/documentation/en_US/release-independent/nce/information-products/pathway-pages/nce/nce0092-chassis-cluster-srx-configuring.pdf

------------------------------
Steve Puluka BSEET - Juniper Ambassador
IP Architect - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP - Retired)
http://puluka.com/home

Original Message:
Sent: 09-20-2023 09:22
From: TODD YOUNGBAUER
Subject: HA with EX stack and SRX cluster

Hi,

First my apologies if this was previously posted and or should be in the SRX community.

I am having an issue and cannot find a proper solution and or I do not like the solution.

I have an EX stack with multiple switches.  I have an SRX385 cluster.  I am trying to create 3 HA groups.  One for uplinks between the SRX cluster and the EX stack.  I am using 4 ports - 1 from each SFP+ port on each SRX and 1 from 2 switches.  So I have a link to and from both SRX units and 2 switches to cover any issues with either a SRX node or a switch.

I am trying to build out the same config for the uplink from the ISP and from a device in a DMZ.  So I have 3 Reth groups using a total of 6 interfaces on the SRX cluster and 6 interfaces on the EX stack.  The plan is to plug the DMZ device and ISP into the other 2 reth groups.  I know that if I lose a switch with say the ISP in it we will go down but will stay online if a SRX node goes offline. I am also using 10Gb links for cross connection to and from the SRX cluster to the EX stack and really do not need 40Gb and do not want to use 4 of those interfaces.

I hope that all makes sense?  I have this doc, CEC Juniper Community  which looks to me as if it requires 4 interfaces for each Reth or HA.  That would require 24 ports.  That seems excessive..  Is there a better model or idea that I am not thinking about.

Thank you in advance.

TY

------------------------------
TODD YOUNGBAUER
------------------------------