[j-nsp] SRX650 cluster - ethernet switching issue
Ben Dale
bdale at comlinx.com.au
Mon Jan 2 05:18:11 EST 2012
Hi John,
>
> My issue is that I have 2 trunk links on each firewall passing completely different VLAN's but when I enable any form of spanning tree, I'm seeing one of those links blocked (3 out of the 4 links get blocked by STP). I've tried rstp, stp and mstp - all with the same issue.
This is expected behaviour. Neither RSTP nor STP are VLAN-aware, so they simply see a topology containing 3 bridges (SRX, EX, EX-VC) in a loop and block the port "furtherest" from the root bridge.
A simple fix would be VSTP (per-VLAN Spanning-Tree), but the SRX platform didn't support it last time I checked.
You can use MSTP can solve this issue by allowing multiple forwarding topologies, but it will require specific configuration all three devices - if you simply enable it with defaults, it will behave exactly the same way as RSTP.
Plenty of info on the specifics of MSTP can be found here:
http://www.juniper.net/techpubs/en_US/junos9.4/topics/example/spanning-trees-ex-series-mstp-configuring.html
http://kb.juniper.net/library/CUSTOMERSERVICE/technotes/8010065-001-EN.pdf
Good luck!
Ben
More information about the juniper-nsp
mailing list