[j-nsp] Full mesh with SRX cluster for L2 devices downstream
Morgan McLean
wrx230 at gmail.com
Fri Sep 14 13:56:52 EDT 2012
I'm trying to avoid using a VC between my 8208's.
I think this is different than an STP setup because the ports on the SRX
cluster aren't in any sort of bridging mode so they don't create a loop.
Right now, both ports up to the SRX's are in forwarding state, and the SRX
cluster determines which port it sends traffic to and from etc based on
link state, icmp reachability etc. Technically, yes the design would act
like an STP setup, but it wouldn't be really.
The question is how can I instead of having two ports on different nodes,
have two ports on one node, and two ports on the second node, and prefer
them in the order node 0 port 0, node 0 port 1, node 1 port 0, node 1 port
1?
I can't run layer 2 on the SRX cluster, and for now I can't create a VC
between those switches. What else do I have?
Morgan
On Fri, Sep 14, 2012 at 5:50 AM, Ben Dale <bdale at comlinx.com.au> wrote:
>
> Hi Morgan,
>
> > Just curious if anybody knew of a way to create a full mesh on SRX
> clusters
> > that don't support layer 2 RSTP, ie SRX3400 cluster?
>
> Yes, but it requires your switches to be a virtual-chassis, or support
> some equivalent like MC-LAG.
>
> > At present, a reth1 group we use hosts gateways for different
> environments,
> > and there is a 10gig port on node 0 and a 10gig port on node 1.
> Considering
> > we have mesh links everywhere else, and have two core switches downstream
> > from the SRX cluster, this is a bit of a bottle neck and makes it so we
> > have Node 0 to switch a, node 1 to switch b with no mesh.
>
> Is this all that different from a meshed STP design?
>
> If one of your switches is the root (or it's in that general direction)
> only a single link will be in a forwarding state from the firewall anyway
> (to either a OR b depending which is the root bridge or closest to it), and
> only the primary firewall will be performing L3 (and thus forwarding)
>
> LACP and sub-lags seem more intuitive to me - no STP blocking and you can
> mesh to your heart's content without wasting as much capacity, provided
> your downstream devices are logically unified.
>
> Ben
>
More information about the juniper-nsp
mailing list