[j-nsp] SRX Active/Active
Brian Spade
bitkraft at gmail.com
Sun Jun 26 14:33:30 EDT 2016
Hi Alexandre,
On Sun, Jun 26, 2016 at 11:19 AM, Alexandre Guimaraes
<alexandre.guimaraes at ascenty.com> wrote:
> Brian,
>
> Sorry about my cent, do not use active/active scenario.
>
> My recomendation is active/backup
>
> Att.
> AŁexandre
Ya, I'm thinking of going to A/P, but due to bandwidth requirements,
we'd really like to use both ISP circuits at the same time. I know we
won't be able to achieve a perfect balance. Are there particular
reasons you recommend A/P over A/A? I know some of the normal
arguments, like it's harder to troubleshoot and perhaps harder on the
firewalls.
Thanks.
/bs
>
>> Em 26 de jun de 2016, às 15:16, Brian Spade <bitkraft at gmail.com> escreveu:
>>
>> Hi,
>>
>> I'm trying to figure out the best way to setup an SRX cluster as
>> active/active. I have attached a diagram of the topology, but it's a
>> full mesh of links. The ISP links are local interfaces and the
>> southbound interfaces to the core routers are reth's. Core1 is HSRP
>> primary for all VLANs. FW1 is primary for RG1 and FW2 is primary for
>> RG2. The IGP is OSPF but have many VRFs that are connected to the FW
>> with transit VLANs to bind the sub-interface to virtual router & zone.
>>
>> The issue I have is Core2 has no active OSPF neighbors in this setup.
>> Therefore, if Core1 fails, there will be a control outage as Core2
>> establishes OSPF adjacencies.
>>
>> So I'm thinking it might be better to remove the reth's and use local
>> interfaces on the FW/CORE links. This way I can have a full mesh of
>> OSPF adjacencies and no control plane loss when Core1 fails.
>>
>> Does anyone have thoughts on this or recommend the best way to achieve
>> this active/active full mesh setup? If there's good reason to not use
>> active/active, I'd welcome the feedback.
>>
>> Thanks.
>> /bs
>> _______________________________________________
>> juniper-nsp mailing list juniper-nsp at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/juniper-nsp
More information about the juniper-nsp
mailing list