[j-nsp] SRX vs J-Series for HA over Layer2
Ben Dale
bdale at comlinx.com.au
Tue Mar 8 04:32:39 EST 2011
Hi Pierre,
Yes this can be done - control link traffic on the branch SRXs is actually sent 802.1Q tagged in VLAN 4094, so you'll need to make the interface you plug into the control link a trunk on your EX.
I would also recommend that you increase the MTU size of both your fabric links (and the transport network in between the SRXs), as you'll need to be able to carry the largest frame your revenue interfaces can receive wrapped in a header (if traffic ingresses via one SRX and needs to egress the other). So if you're just using 1500 byte MTUs on your revenue ports, you'll need a PMTU of 1632 over the links in between.
I'm sure in reality it's a lot less that this (132 bytes for a header seems excessive), but these are what Juniper recommend right now.
Actually a quick google brings up this document which is quite comprehensive:
http://kb.juniper.net/library/CUSTOMERSERVICE/GLOBAL_JTAC/technotes/3500165-EN.pdf
Cheers,
Ben
On 08/03/2011, at 3:42 AM, Pierre-Yves Maunier wrote:
> Hello all,
>
> I've been able to setup HA between two J2320 having the control and fabric
> link in two separate vlans over EX switches and it works fine. It's even
> told in the documentation : � "Define the interfaces used for the FAB
> connection. These interfaces must be connected back to back, or through a
> Layer 2 infrastructure, as shown in Figure 2".
>
> I tried to do the same with a pair of SRX-240 without any success (tested in
> 10.3R2.11 and 10.3R3.7). The interfaces must be connected back-to-back.
>
> Anybody already succeded in doing control/fabric link over a layer 2
> infrastructure with SRX hardware ? How did you do it ?
>
> Thanks.
>
> Regards,
>
> --
> Pierre-Yves Maunier
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>
More information about the juniper-nsp
mailing list