[j-nsp] SRX650 cluster - ethernet switching issue

Павел Лунин plunin at senetsy.ru
Fri Jan 6 05:45:58 EST 2012


BTW, never could understand people running L2 on srx650 coupled with a
normal switch. Especially in srx-cluster + ex-vc. What for?
03.01.2012 16:07 пользователь "Paulhamus, Jon" <jpaulhamus at iu17.org>
написал:

> Thank you Ben.  I did configure MSTP and saw other issues with the config,
> but I don't believe that I tried VSTP.  I'll give that a go this coming
> weekend.  I appreciate your input!
>
>
> ------------------------
>
>
>
>
>
> -----Original Message-----
> From: Ben Dale [mailto:bdale at comlinx.com.au]
> Sent: Monday, January 02, 2012 5:18 AM
> To: Paulhamus, Jon
> Cc: juniper-nsp at puck.nether.net
> Subject: Re: [j-nsp] SRX650 cluster - ethernet switching issue
>
> Hi John,
>
> >
> > My issue is that I have 2 trunk links on each firewall passing
> completely different VLAN's but when I enable any form of spanning tree,
> I'm seeing one of those links blocked (3 out of the 4 links get blocked by
> STP).  I've tried rstp, stp and mstp - all with the same issue.
>
> This is expected behaviour.  Neither RSTP nor STP are VLAN-aware, so they
> simply see a topology containing 3 bridges (SRX, EX, EX-VC) in a loop and
> block the port "furtherest" from the root bridge.
>
> A simple fix would be VSTP (per-VLAN Spanning-Tree), but the SRX platform
> didn't support it last time I checked.
>
> You can use MSTP can solve this issue by allowing multiple forwarding
> topologies, but it will require specific configuration all three devices -
> if you simply enable it with defaults, it will behave exactly the same way
> as RSTP.
>
> Plenty of info on the specifics of MSTP can be found here:
>
>
> http://www.juniper.net/techpubs/en_US/junos9.4/topics/example/spanning-trees-ex-series-mstp-configuring.html
> http://kb.juniper.net/library/CUSTOMERSERVICE/technotes/8010065-001-EN.pdf
>
> Good luck!
>
> Ben
>
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>


More information about the juniper-nsp mailing list