[j-nsp] Interconnect two VRFs via L2 security box with redundant path
Clarke Morledge
chmorl at wm.edu
Tue Apr 24 13:48:53 EDT 2012
Stefan,
I was just hunting through your blog for ideas when I saw your post :-)
Thanks for jumping in. A few responses in-line below.....
On Tue, 24 Apr 2012, Stefan Fouant wrote:
> If that adjacency goes down, a simple floating static (static route w/ higher
> preference than the dynamic BGP/IS-IS route) can be used pointing to
> next-table will do the trick. No need to used Logical-Tunnels or use
> auto-export.
If my two routers were directly connected all of the time, this would be
fine. But I'm also thinking of the case of when there might be another L3
hop between the two routers. I guess I could insert another floating
static on the third router, but that just seemed to add a little more
complexity to me. I was hoping for a way to just let the dynamic routing
protocols do the work for me instead of fooling with a bunch of statics
with filter-based forwarding. Don't get me wrong, I like FBF. I was
just hoping to leverage dynamic routing more.
> Of course, in your case you've got not just two VRFs but also an East and
> West path which further complicates things - why not just connect the MX West
> device into your L2 Packet Scrubber as well and keep things the same on both
> the East and West device so that you can take full advantage of two planes.
> This will keep configurations uniform regardless of whether traffic comes in
> on the East or West devices.
I should have given the reason why I do not put the L2 scrubber between
the two routers: conservation of fiber. I already have fiber connecting
the routers in different wiring centers for traffic that does not need to
be scrubbed. Chewing up another set of strands is much more expensive
than simply connecting both sides of the L2 scrubber to just one router in
the same rack.
Clarke Morledge
College of William and Mary
Information Technology - Network Engineering
Jones Hall (Room 18)
Williamsburg VA 23187
More information about the juniper-nsp
mailing list