[j-nsp] One router/two firewalls config question
Chuck Anderson
cra at WPI.EDU
Tue Mar 11 11:01:13 EDT 2008
Any my switch has multiple switch fabrics, multiple CPUs, multiple fan
trays, and multiple power supplies :-)
On Tue, Mar 11, 2008 at 10:30:19AM -0400, John Center wrote:
> Hi Chuck,
>
> Our M120 has multiple REs, FEBs, FPCs, etc. just to avoid that scenario.
> ;-) It is the most redundant piece of equipment we have. It's funny,
> but it looks like it might have been better to have 2 separate boxes!
> Then, we could have done VRRP, etc.
>
> Chuck Anderson wrote:
> > The switch would have a single VLAN/subnet for both interfaces to be
> > on.
> >
> > Yes, there would be a single point-of-failure for the switch, but the
> > links themselves would still be redundant. Simple switches are
> > usually less prone to failure than a complex router. I think most of
> > the failures we have are human error or software-related (bugs),
> > rather than actual hardware failures. If the switch had a very low
> > churn of changes, this would be mitigated.
> >
> > You can think of IRB as being just an integrated switch inside the
> > router--you still have only a single router/switch. So in your
> > original scenario, there was a single point-of-failure of the router
> > itself.
> >
> > On Fri, Mar 07, 2008 at 04:16:12PM -0500, John Center wrote:
> >> To reply to my own message, the PIX standby interfaces have to be on the
> >> same subnet as their corresponding primary interfaces.
> >>
> >> John Center wrote:
> >>> Hi Chuck,
> >>>
> >>> The only problem with using a switch is it's a single point of failure.
> >>> I'm not sure how failover would work with each PIX on separate routed
> >>> subnet. I'm looking into this now.
More information about the juniper-nsp
mailing list