[j-nsp] SRX vs J-Series for HA over Layer2

Pierre-Yves Maunier j-nsp at maunier.org
Tue Mar 8 08:55:23 EST 2011


Just for info about the fabric link if this could help someone,

After my tests, any standard vlan work for the fabric link (configured in
access mode on the switches) with a mtu which allow jumbo frames (I put
9216).
igmp-snooping disabled too.

Thanks all for your replies.

Regards,

--
Pierre-Yves

2011/3/8 Pierre-Yves Maunier <j-nsp at maunier.org>

> Hello,
>
> thanks for the infos,
>
> I was trying to find out which vlan to us in the first link Laurens gave me
> but the infos is not in the document.
> My first tests was with igmp snooping disabled but with the switch ports in
> access mode in a standard vlan.
>
> Using trunk mode with vlan 4094 now works well for the control link, thanks
> again for the tip.
>
> Is there any specific vlan for the fabric link or any standard vlan will
> work (using access mode) ?
>
> Regards,
>
> --
> Pierre-Yves
>
>
> 2011/3/8 Ben Dale <bdale at comlinx.com.au>
>
> Almost forgot - make sure IGMP snooping is turned off on both VLANs as
>> well.
>>
>> On 08/03/2011, at 7:32 PM, Ben Dale wrote:
>>
>> > Hi Pierre,
>> >
>> > Yes this can be done - control link traffic on the branch SRXs is
>> actually sent 802.1Q tagged in VLAN 4094, so you'll need to make the
>> interface you plug into the control link a trunk on your EX.
>> >
>> > I would also recommend that you increase the MTU size of both your
>> fabric links (and the transport network in between the SRXs), as you'll need
>> to be able to carry the largest frame your revenue interfaces can receive
>> wrapped in a header (if traffic ingresses via one SRX and needs to egress
>> the other).  So if you're just using 1500 byte MTUs on your revenue ports,
>> you'll need a PMTU of 1632 over the links in between.
>> >
>> > I'm sure in reality it's a lot less that this (132 bytes for a header
>> seems excessive), but these are what Juniper recommend right now.
>> >
>> > Actually a quick google brings up this document which is quite
>> comprehensive:
>> >
>> >
>> http://kb.juniper.net/library/CUSTOMERSERVICE/GLOBAL_JTAC/technotes/3500165-EN.pdf
>> >
>> > Cheers,
>> >
>> > Ben
>> >
>> > On 08/03/2011, at 3:42 AM, Pierre-Yves Maunier wrote:
>> >
>> >> Hello all,
>> >>
>> >> I've been able to setup HA between two J2320 having the control and
>> fabric
>> >> link in two separate vlans over EX switches and it works fine. It's
>> even
>> >> told in the documentation :   "Define the interfaces used for the FAB
>> >> connection. These interfaces must be connected back to back, or through
>> a
>> >> Layer 2 infrastructure, as shown in Figure 2".
>> >>
>> >> I tried to do the same with a pair of SRX-240 without any success
>> (tested in
>> >> 10.3R2.11 and 10.3R3.7). The interfaces must be connected back-to-back.
>> >>
>> >> Anybody already succeded in doing control/fabric link over a layer 2
>> >> infrastructure with SRX hardware ? How did you do it ?
>> >>
>> >> Thanks.
>> >>
>> >> Regards,
>> >>
>> >> --
>> >> Pierre-Yves Maunier
>> >> _______________________________________________
>> >> juniper-nsp mailing list juniper-nsp at puck.nether.net
>> >> https://puck.nether.net/mailman/listinfo/juniper-nsp
>> >>
>> >
>>
>>
>


More information about the juniper-nsp mailing list