[j-nsp] Layer 2 ethernet redundancy?

Tony Frank tfrank at optushome.com.au
Wed Jan 21 06:52:37 EST 2004 

Hi there,
As I'm not having much joy from other sources I'm appealing to
the wisdom of the list. 

I'm looking into a scenario where we have a single Juniper (m20)
providing traffic aggregation & tunnel endpoints for customers.
Specifically I'm interested in ideas on how to best achieve 
redundancy.

There are two separate uplink routers, each via a separate GE PIC.
On the incoming side we have multiple 'customer routers' connecting
into two layer2 switches (Cisco 6500).

Presently there is a separate FE PIC interface into each switch.
We run BGP between the m20 and each of the routers.

See an attempt at ascii diagram below:

customers - Router 1  --- l2switch1 --- fe-0/0/0 ip x.x.x.5
customers - Router 2  --- l2switch1             
                              |||
customers - Router 3  --- l2switch2 --- fe-1/0/0 ip x.x.x.6
customers - Router 4  --- l2switch2 

The two switches are trunked and all traffic is within the same vlan.

Currently we have configured a separate IP address on each of the FE ports.
For BGP 'redundancy' mode we have following neighbour setup:

router1 <-> m20 x.x.x.5
router2 <-> m20 x.x.x.5
router3 <-> m20 x.x.x.6
router4 <-> m20 x.x.x.6
        
While the solution seems to 'work' I get the feeling it is more 
by accident rather than by design.

There has been a suggestion recently to use 802.3ad link aggregation instead.
Ie both fe interfaces become part of a virtual ae0 interface with just the
one IP address.
Unfortuantely the proposed design does this just on the m20 end and does not
configure anything in the switches for 802.3ad.
While a test seems to work we did notice that the virtual ethernet address
bounces around the l2switch ports (to/from the trunking port and direct port)

I have read through many of the Junos documents but am yet to find any
good recommendations on how to best implement redundancy in this environment.

Requirement really is to eliminate single point of failure.
Currently if a l2switch fails we lose "comms" from m20 to two routers but
since customer side can in theory reroute through other router group it should 
be ok.
Basically our active interface into the vlan fails, which subsequently fails
two of the BGP sessions.
The second interface 'takes over' the connection into local lan and the BGP
sessions using the remaining interface as the local address keep going and
our traffic reroutes through the remaining connected routers.

Can anyone offer any suggestions on any of the following:
- where to find examples of 'best practice'?
- how to improve/optimise the above discussed items?

Please be gentle.

Thanks,

Tony

More information about the juniper-nsp mailing list