SD-WAN

 View Only

  • 1.  SSR Static Addressing

    Posted 18 days ago

    Hello Everyone, 

    I am attempting to setup 2 SSR130's in an HA Pair with statically assigned addresses through Mist. I am wanting to know if it is possible to set these up with a single IP address as have them sit behind a firewall. I have attached a diagram of what I am attempting to do. 

    I have looked through Juniper Documentation but have had no luck getting these devices setup. If this is not possible, is it possible to have the SSR's at 2 different IP Addresses and have a VIP which then gets NAT'd through the firewall?

    Any sort of information helps. Thank you!



    ------------------------------
    NATHAN GUESS
    ------------------------------


  • 2.  RE: SSR Static Addressing

    Posted 17 days ago

    Are you using Juniper MIST to manage these SSR's? If yes then configure firewall ports as a redundant and configure vlan with single ip



    ------------------------------
    JEEVAK MUKADAM
    ------------------------------



  • 3.  RE: SSR Static Addressing

    Posted 17 days ago

    Then assign vlan network on the same window, i can see that when you scroll down



    ------------------------------
    JEEVAK MUKADAM
    ------------------------------



  • 4.  RE: SSR Static Addressing

    Posted 17 days ago

    Do you have diagram?



    ------------------------------
    JEEVAK MUKADAM
    ------------------------------

    Original Message


  • 5.  RE: SSR Static Addressing

    Posted 17 days ago

    This a quick diagram I put together with what I am assuming needs to be setup for our environment. We are pretty new to Juniper and are coming from Cisco Meraki's so definitely a learning curve and I appreciate the support.



    ------------------------------
    NATHAN GUESS
    ------------------------------

    Original Message


  • 6.  RE: SSR Static Addressing

    Posted 17 days ago

    Assuming your SSR WAN interface is connected to the firewall on the same subnet through the core over an L2 VLAN, you can configure the WAN interface as redundant. However, make sure the SSR primary node and the primary core switch are connected back-to-back.

    For example, if SSR node 0 is the primary node, then Core 1 should be the primary core. Otherwise, an HA link dependency issue may occur if SSR node 0 is primary while Core 2 is primary.



    ------------------------------
    JEEVAK MUKADAM
    ------------------------------

    Original Message


  • 7.  RE: SSR Static Addressing

    Posted 17 days ago

     is it possible to have the SSR's at 2 different IP Addresses and have a VIP which then gets NAT'd through the firewall?

    Jeevak: SSR wont support this kind of setup, redundant port is the option only. If primary node went down, backup device will take over with same ip.



    ------------------------------
    JEEVAK MUKADAM
    ------------------------------



  • 8.  RE: SSR Static Addressing

    Posted 17 days ago

    I apologize as my earlier Diagram is missing 2 devices. 

    The SSR's uplinks will be connected to 2 Different EX4400-24x's. 

    Node 0: Will be connected to Core 0
    Node 1: Will be connected to Core 1 

    These Core's have routes to the Firewall. 



    ------------------------------
    NATHAN GUESS
    ------------------------------

    Original Message


  • 9.  RE: SSR Static Addressing

    Posted 14 days ago

    "The SSR's uplinks will be connected to 2 Different EX4400-24x's. "

    That's not an issue. What SSR does is a VRRP on Layer 2 basis with only one IP. (Rather than Cisco where you would have 3 addresses, primary, secondary and master). Both SSR uplink ports need to reach each other via Layer 2, then you are good to go. 



    ------------------------------
    Kevin Kueper
    ------------------------------

    Original Message


  • 10.  RE: SSR Static Addressing

    Posted 13 days ago
    I believe I understand the intended design, but I'm still experiencing an issue with my current setup.
    SSR node0 is physically connected to an EX4400-24x switch configured as an access port with a single VLAN member.
    SSR node1 is connected to a separate EX4400-24x with the same access port configuration.

    The two EX4400 switches are interconnected and now properly passing Layer 2 traffic, as I can see MAC addresses learned across the inter-switch link.

    In the Hub Profile, I have defined a WAN where ge-0/0/0 and ge-1/0/0 are configured as redundant interfaces, with IPv4 static addressing (including gateway) configured under the WAN settings, and the profile is correctly applied to the site. However, even after confirming Layer 2 adjacency and bouncing the switch interfaces, both SSR nodes continue to bring up their physical interfaces independently and obtain DHCP addresses, showing Address Mode as Dynamic instead of using the configured static IP for the shared WAN.


    ------------------------------
    NATHAN GUESS
    ------------------------------

    Original Message


  • 11.  RE: SSR Static Addressing

    Posted 5 days ago
    Sorry Nathan I was busy. Will get back to you.

     Thanks & Regards,

     

    Jeevak Mukadam 

    Subject Matter Expert

     

    Mob. +91 9987082323

    jeevak.mukadam@orange.com

    9th Floor, Building Q2,Q Park Ghansoli, Navi Mumbai-400710, India..
    www.orange-business.com

     


    Orange Restricted



    Original Message