[j-nsp] SRX vs J-Series for HA over Layer2

Ben Dale bdale at comlinx.com.au
Tue Mar 8 17:48:35 EST 2011


No - the fabric link is untagged, so you can drop it into any VLAN on the switch side - just remember to adjust MTU as necessary.

Cheers,

Ben

On 08/03/2011, at 8:50 PM, Pierre-Yves Maunier wrote:

> Hello, 
> 
> thanks for the infos, 
> 
> I was trying to find out which vlan to us in the first link Laurens gave me but the infos is not in the document.
> My first tests was with igmp snooping disabled but with the switch ports in access mode in a standard vlan.
> 
> Using trunk mode with vlan 4094 now works well for the control link, thanks again for the tip.
> 
> Is there any specific vlan for the fabric link or any standard vlan will work (using access mode) ?
> 
> Regards, 
> 
> --
> Pierre-Yves
> 
> 
> 2011/3/8 Ben Dale <bdale at comlinx.com.au>
> Almost forgot - make sure IGMP snooping is turned off on both VLANs as well.
> 
> On 08/03/2011, at 7:32 PM, Ben Dale wrote:
> 
> > Hi Pierre,
> >
> > Yes this can be done - control link traffic on the branch SRXs is actually sent 802.1Q tagged in VLAN 4094, so you'll need to make the interface you plug into the control link a trunk on your EX.
> >
> > I would also recommend that you increase the MTU size of both your fabric links (and the transport network in between the SRXs), as you'll need to be able to carry the largest frame your revenue interfaces can receive wrapped in a header (if traffic ingresses via one SRX and needs to egress the other).  So if you're just using 1500 byte MTUs on your revenue ports, you'll need a PMTU of 1632 over the links in between.
> >
> > I'm sure in reality it's a lot less that this (132 bytes for a header seems excessive), but these are what Juniper recommend right now.
> >
> > Actually a quick google brings up this document which is quite comprehensive:
> >
> > http://kb.juniper.net/library/CUSTOMERSERVICE/GLOBAL_JTAC/technotes/3500165-EN.pdf
> >
> > Cheers,
> >
> > Ben
> >
> > On 08/03/2011, at 3:42 AM, Pierre-Yves Maunier wrote:
> >
> >> Hello all,
> >>
> >> I've been able to setup HA between two J2320 having the control and fabric
> >> link in two separate vlans over EX switches and it works fine. It's even
> >> told in the documentation :   "Define the interfaces used for the FAB
> >> connection. These interfaces must be connected back to back, or through a
> >> Layer 2 infrastructure, as shown in Figure 2".
> >>
> >> I tried to do the same with a pair of SRX-240 without any success (tested in
> >> 10.3R2.11 and 10.3R3.7). The interfaces must be connected back-to-back.
> >>
> >> Anybody already succeded in doing control/fabric link over a layer 2
> >> infrastructure with SRX hardware ? How did you do it ?
> >>
> >> Thanks.
> >>
> >> Regards,
> >>
> >> --
> >> Pierre-Yves Maunier
> >> _______________________________________________
> >> juniper-nsp mailing list juniper-nsp at puck.nether.net
> >> https://puck.nether.net/mailman/listinfo/juniper-nsp
> >>
> >
> 
> 



More information about the juniper-nsp mailing list