Security

 View Only
last person joined: 18 hours ago 

Ask questions and share experiences with Juniper Connected Security. Discuss Advanced Threat Protection, SecIntel, Secure Analytics, Secure Connect, Security Director, and all things related to Juniper security technologies.

SRX4600 cluster via EX4600 switches.

  • 1.  SRX4600 cluster via EX4600 switches.

    Posted 03-03-2022 09:24

    Hello,

    I am trying to configure dual fabric chassis cluster (Active/Passive mode)  using SRX4600 devices and connect them via stack of ex4600 switches. Devices should be connected like this:

    EX4600 = SRX4600
     | LAG |
    EX4600 = SRX4600

    According to KB and official documents there is no need to  configure much on EX switches. Main requirements are:

    -jumbo frames - MTU size minimum 9016
    -IGMP snooping off
    -vlan tagging disabled

    SRX devices are configured properly. Stack is working fine when SRX devices are connected directly but once i am connecting them via switches they start working in split brain architecture. I was trying to use only one EX4600 switch but result was the same. I tried many different ways of VLAN configuration for example separating control links and fabric links in different vlans but result was always the same. Oddly enough when I am using Cisco switch with VLANs configured to separate control and fabric links SRX stack works perfectly fine so it has to be something with EX devices. 

    I was also trying to force 1g speed on control links and operate only with one fabric link but it always ends up in split brain mode. Also I did all troubleshooting steps mentioned in KBs but it didn't resolved the issue. 

    Do you have any suggestions  what could be causing this issue?

    Thanks for your answers!



    ------------------------------
    Sebastian Chmura
    ------------------------------