[j-nsp] Full mesh with SRX cluster for L2 devices downstream
Ben Dale
bdale at comlinx.com.au
Fri Sep 14 08:50:00 EDT 2012
Hi Morgan,
> Just curious if anybody knew of a way to create a full mesh on SRX clusters
> that don't support layer 2 RSTP, ie SRX3400 cluster?
Yes, but it requires your switches to be a virtual-chassis, or support some equivalent like MC-LAG.
> At present, a reth1 group we use hosts gateways for different environments,
> and there is a 10gig port on node 0 and a 10gig port on node 1. Considering
> we have mesh links everywhere else, and have two core switches downstream
> from the SRX cluster, this is a bit of a bottle neck and makes it so we
> have Node 0 to switch a, node 1 to switch b with no mesh.
Is this all that different from a meshed STP design?
If one of your switches is the root (or it's in that general direction) only a single link will be in a forwarding state from the firewall anyway (to either a OR b depending which is the root bridge or closest to it), and only the primary firewall will be performing L3 (and thus forwarding)
LACP and sub-lags seem more intuitive to me - no STP blocking and you can mesh to your heart's content without wasting as much capacity, provided your downstream devices are logically unified.
Ben
More information about the juniper-nsp
mailing list