Discussion:
[j-nsp] srx with ethernet switching and chassis clustering
Richard Zheng
2011-08-01 02:28:03 UTC
Permalink
Hi,

We have a configuration with multiple VR to support multiple customers. Vlan
is used to trunk traffic into and out of SRX. While trying to do chassis
clustering, it seems vlan is not supported. How do you do chassis cluster
with multiple customers? Do you have dedicated interfaces for each customer?

Thanks,
Richard
Jonathan Lassoff
2011-08-01 02:39:05 UTC
Permalink
Post by Richard Zheng
Hi,
We have a configuration with multiple VR to support multiple customers. Vlan
is used to trunk traffic into and out of SRX. While trying to do chassis
clustering, it seems vlan is not supported. How do you do chassis cluster
with multiple customers? Do you have dedicated interfaces for each customer?
If it's truly just a trunk and used to carry traffic to another switch
for access, there is another way to configure a trunk that doesn't
require "ethernet-switching".

Configure an interface like:

interfaces {
ge-0/0/0 {
vlan-tagging;
unit 10 {
vlan-id 10;
family inet {
address 10.0.0.1/24;
}
}
}

Now, your IP interface could be ge-0/0/0.10 instead of vlan.10.

Cheers,
jof
Richard Zheng
2011-08-01 07:04:55 UTC
Permalink
Post by Richard Zheng
Post by Richard Zheng
Hi,
We have a configuration with multiple VR to support multiple customers.
Vlan
Post by Richard Zheng
is used to trunk traffic into and out of SRX. While trying to do chassis
clustering, it seems vlan is not supported. How do you do chassis cluster
with multiple customers? Do you have dedicated interfaces for each
customer?
If it's truly just a trunk and used to carry traffic to another switch
for access, there is another way to configure a trunk that doesn't
require "ethernet-switching".
interfaces {
ge-0/0/0 {
vlan-tagging;
unit 10 {
vlan-id 10;
family inet {
address 10.0.0.1/24;
}
}
}
Now, your IP interface could be ge-0/0/0.10 instead of vlan.10.
Cheers,
jof
Thanks jof. I see, in production we can make other switches handle the
access and only use srx for firewall. So after setting up reth interface, we
should be able to add vlan-tagging to it, right?
Jonathan Lassoff
2011-08-01 20:41:01 UTC
Permalink
Post by Richard Zheng
Thanks jof. I see, in production we can make other switches handle the
access and only use srx for firewall. So after setting up reth interface, we
should be able to add vlan-tagging to it, right?
I believe so, but honestly I do this with multiple independent SRXes
rather than reth interfaces. I would presume vlan-tagging will work
with reth interfaces, but I'm not 100% sure.

--j
Stefan Fouant
2011-08-01 21:31:36 UTC
Permalink
Post by Jonathan Lassoff
Post by Richard Zheng
Thanks jof. I see, in production we can make other switches handle the
access and only use srx for firewall. So after setting up reth interface, we
should be able to add vlan-tagging to it, right?
I believe so, but honestly I do this with multiple independent SRXes
rather than reth interfaces. I would presume vlan-tagging will work
with reth interfaces, but I'm not 100% sure.
Yup, reth interfaces can easily handle VLAN-tagging, and in fact can be
configured as either family inet interfaces with tagging (in which case
they will be terminating the Layer 3 for each respective VLAN), or they
can be configured as family bridge with trunking enabled in which case
the device will be operating in transparent mode (a-la bump-in-the-wire
for pure Layer 2 firewalling of the respective VLANs).

HTHs.

Stefan Fouant
JNCIE-ER, JNCIE-M, JNCIE-SEC, JNCI
Technical Trainer, Juniper Networks
http://www.shortestpathfirst.net
http://www.twitter.com/sfouant

nebu thomas
2011-08-01 11:08:29 UTC
Permalink
Hi ,
?
?Reference ?KB KB21422?
Layer 2 Ethernet switching, on SRX240 and SRX650 devices, is supported in chassis cluster mode from Junos OS Release 11.1 or later.
?
Thanks .


From: Richard Zheng <rzheng at gmail.com>
To: juniper-nsp at puck.nether.net
Sent: Monday, August 1, 2011 7:58 AM
Subject: [j-nsp] srx with ethernet switching and chassis clustering

Hi,

We have a configuration with multiple VR to support multiple customers. Vlan
is used to trunk traffic into and out of SRX. While trying to do chassis
clustering, it seems vlan is not supported. How do you do chassis cluster
with multiple customers? Do you have dedicated interfaces for each customer?

Thanks,
Richard
_______________________________________________
juniper-nsp mailing list juniper-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
Loading...