[j-nsp] SRX cluster and VC Lags
Per Granath
per.granath at gcc.com.cy
Thu Nov 7 02:59:24 EST 2013
The EX4550 supports up to 8 interfaces in each LAG, while you have 12.
http://www.juniper.net/techpubs/en_US/junos/topics/concept/interfaces-lag-overview.html
However, that's not an issue there, since even though on the SRX side you should have one RETH with all 12 interfaces, on the EX-VC since you should have two separate AE interfaces, with 6 physical interfaces in each.
A couple of good exampls...
http://juniperguru.wordpress.com/2013/08/04/srx-chassis-cluster-with-redundant-lacp-lag-trunk/
http://cooperlees.com/blog/?p=401
The hashing for load balancing is not configurable on the EX.
For IPv4 it is based on source/destination, IP/port.
http://kb.juniper.net/InfoCenter/index?page=content&id=KB22943 (probably needs an account to be viewed).
-----Original Message-----
From: juniper-nsp [mailto:juniper-nsp-bounces at puck.nether.net] On Behalf Of Fahad Khan
Sent: Thursday, November 07, 2013 7:05 AM
To: Mike Devlin
Cc: juniper-nsp at puck.nether.net
Subject: Re: [j-nsp] SRX cluster and VC Lags
Since your Primary SRX-firewall will be connecting with the switch through
6 interfaces hence the load balancing will done over this aggregate interface , perhaps per packet level by default. The other 6 interface of the other (secondary) firewall will be disabled in your A/P design.
Muhammad Fahad Khan
JNCIE-M # 756
Lead Network and Security Consultant - IBM
+92-301-8247638
Skype: fahad-ibm
http://pk.linkedin.com/in/muhammadfahadkhan
On Thu, Nov 7, 2013 at 3:17 AM, Mike Devlin <mikecdevlin at gmail.com> wrote:
> is the load distribution going to be in some fashion even on 12
> interfaces? Or even 6? Cisco i know has funky load-balancing across
> aggregated links if its not 2, 4 or 8 interfaces. Is Junipers
> load-balancing going to be any different/better?
>
>
> On Wed, Nov 6, 2013 at 4:19 AM, Fahad Khan <fahad.khan at gmail.com> wrote:
>
>> Yeah , you can do so....You don't need any explicit configuration on
>> SRX Side, while you would need to enable LACP on Switch port level.
>>
>> All the 6 interfaces/Firewall will participate in one reth interface
>> and then you can enable vlan-tagging to provision inter-vlan routing.
>> You will be having interface like (e.g) reth1.100, reth1.110,
>> reth1.120 as per your VLANs configuration.
>>
>> Muhammad Fahad Khan
>> JNCIE-M # 756
>> Lead Network and Security Consultant - IBM
>> +92-301-8247638
>> Skype: fahad-ibm
>> http://pk.linkedin.com/in/muhammadfahadkhan
>>
>>
>> On Mon, Oct 28, 2013 at 2:28 AM, Mohammed Shafi <mshafi at abc.com.qa>
>> wrote:
>>
>> > Dear experts, I have query regarding SRX (650)cluster lag between
>> > and
>> > ex-4550 virtual chassis. I have 6 physical link from each member VC
>> > to wards each node in the srx cluster . I have multiple vlans in
>> > ex switch and planing to host the L3 interface in srx cluster . Now
>> > the question
>> is
>> > can i build a lag between ex and srx with a SINGLE reth interface ,
>> > say reth 1 and associate all physical interfaces from ex switch ( 6
>> interface ,
>> > total 12 ) and enable vlan tagging under reth 1 with unit
>> > interfaces
>> for l3
>> > interfaces .
>> >
>> > Is there any limitation for reth interface such that it can only
>> > have a pair of physical interfaces from each node ?
>> >
>> > Sent from my iPad
>> > _______________________________________________
>> > juniper-nsp mailing list juniper-nsp at puck.nether.net
>> > https://puck.nether.net/mailman/listinfo/juniper-nsp
>> >
>> _______________________________________________
>> juniper-nsp mailing list juniper-nsp at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/juniper-nsp
>>
>
>
_______________________________________________
juniper-nsp mailing list juniper-nsp at puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
More information about the juniper-nsp
mailing list