[j-nsp] SRX cluster and VC Lags

Fahad Khan fahad.khan at gmail.com
Thu Nov 7 00:05:12 EST 2013


Since your Primary SRX-firewall will be connecting with the switch through
6 interfaces hence the load balancing will done over this aggregate
interface , perhaps per packet level by default. The other 6 interface of
the other (secondary) firewall will be disabled in your A/P design.

Muhammad Fahad Khan
JNCIE-M # 756
Lead Network and Security Consultant - IBM
+92-301-8247638
Skype: fahad-ibm
http://pk.linkedin.com/in/muhammadfahadkhan


On Thu, Nov 7, 2013 at 3:17 AM, Mike Devlin <mikecdevlin at gmail.com> wrote:

> is the load distribution going to be in some fashion even on 12
> interfaces?  Or even 6?  Cisco i know has funky load-balancing across
> aggregated links if its not 2, 4 or 8 interfaces.  Is Junipers
> load-balancing going to be any different/better?
>
>
> On Wed, Nov 6, 2013 at 4:19 AM, Fahad Khan <fahad.khan at gmail.com> wrote:
>
>> Yeah , you can do so....You don't need any explicit configuration on SRX
>> Side, while you would need to enable LACP on Switch port level.
>>
>> All the 6 interfaces/Firewall will participate in one reth interface and
>> then you can enable vlan-tagging to provision inter-vlan routing. You will
>> be having interface like (e.g) reth1.100, reth1.110, reth1.120 as per your
>> VLANs configuration.
>>
>> Muhammad Fahad Khan
>> JNCIE-M # 756
>> Lead Network and Security Consultant - IBM
>> +92-301-8247638
>> Skype: fahad-ibm
>> http://pk.linkedin.com/in/muhammadfahadkhan
>>
>>
>> On Mon, Oct 28, 2013 at 2:28 AM, Mohammed Shafi <mshafi at abc.com.qa>
>> wrote:
>>
>> > Dear experts, I have query regarding SRX (650)cluster lag between and
>> > ex-4550 virtual chassis. I have 6 physical link from each member VC to
>> > wards each node in the srx cluster .  I have multiple vlans in ex switch
>> > and planing to host the L3 interface in srx cluster . Now the question
>> is
>> > can i build a lag between ex and srx with a SINGLE reth interface , say
>> > reth 1 and associate all physical interfaces from ex switch ( 6
>> interface ,
>> > total 12 ) and enable vlan tagging under reth 1 with unit interfaces
>> for l3
>> > interfaces .
>> >
>> > Is there any limitation for reth interface such that it can only have a
>> > pair of physical interfaces from each node ?
>> >
>> > Sent from my iPad
>> > _______________________________________________
>> > juniper-nsp mailing list juniper-nsp at puck.nether.net
>> > https://puck.nether.net/mailman/listinfo/juniper-nsp
>> >
>> _______________________________________________
>> juniper-nsp mailing list juniper-nsp at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/juniper-nsp
>>
>
>


More information about the juniper-nsp mailing list