[j-nsp] SRX Active/Active
Aaron Dewell
aaron.dewell at gmail.com
Sun Jun 26 14:19:57 EDT 2016
You are correct - RG0 will always be active/passive. A full control plane failover will always be painful.
SRX active/active is more about the interfaces in use. You can arrange for half of your traffic to prefer FW1 vs. FW2 and achieve active/active in that way so you’ll take less of a hit when an interface fails (or a neighbor device goes down). So that’s really what you are protecting against, which seems like you’ve done that.
> On Jun 26, 2016, at 12:15 PM, Brian Spade <bitkraft at gmail.com> wrote:
>
> Hi,
>
> I'm trying to figure out the best way to setup an SRX cluster as
> active/active. I have attached a diagram of the topology, but it's a
> full mesh of links. The ISP links are local interfaces and the
> southbound interfaces to the core routers are reth's. Core1 is HSRP
> primary for all VLANs. FW1 is primary for RG1 and FW2 is primary for
> RG2. The IGP is OSPF but have many VRFs that are connected to the FW
> with transit VLANs to bind the sub-interface to virtual router & zone.
>
> The issue I have is Core2 has no active OSPF neighbors in this setup.
> Therefore, if Core1 fails, there will be a control outage as Core2
> establishes OSPF adjacencies.
>
> So I'm thinking it might be better to remove the reth's and use local
> interfaces on the FW/CORE links. This way I can have a full mesh of
> OSPF adjacencies and no control plane loss when Core1 fails.
>
> Does anyone have thoughts on this or recommend the best way to achieve
> this active/active full mesh setup? If there's good reason to not use
> active/active, I'd welcome the feedback.
>
> Thanks.
> /bs
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
More information about the juniper-nsp
mailing list