This reminds me of the ScreenOS HA feature of yesteryear. Sure, you could route to the virtual IP address, but it took years of development before other features could use it. For a while you couldn't run OSPF on it, for example.
I haven't used MNHA personally, but it appears to me it allows for greater independence for the RG participants. I would venture a guess that it's intended for upstream routing path redundancy more so than trying to replace chassis cluster functionality.
I'm sorry I'm not answering your question... My suspicion is you may be able to get away without an individual address, if the virtual one supports specifying a mask, provided of course you don't need the connectivity while secondary.
------------------------------
Nikolay Semov
------------------------------
Original Message:
Sent: 05-10-2024 05:39
From: vidar.stokke
Subject: Multinode High Availability - Virtual IP and unique IP
Hi all.
This question is regarding Multinode High Availability (MNHA) setup of two Juniper SRX nodes in a hybrid deployment:
It seems that you always need to have 3 IP addresses for each VLAN; one unique for each node and one virtual IP.
For instance, lets say 10.10.0.0/24. If I have SRX1 and SRX2 both connected with interface xe-0/0/0.10 to my L2 switched network. I will then configure 10.10.0.2/24 as IP address on SRX1, 10.10.0.3/24 on SRX2 and 10.10.0.1/24 as the virtual-ip in the SRG for that network. All hosts on this VLAN will then use 10.10.0.1 as default gateway.
My question is: why do we need a unique IP address for SRX1 and SRX2 on this VLAN? My theory is that 10.10.0.0/24 will not appear as a directly connected network on the SRX-es then. And then the SRX will not be able to route traffic to that prefix.
Can anyone confirm this?
------------------------------
Best regards
Vidar Stokke
------------------------------