[179198] in North American Network Operators' Group
Re: Question about EX - SRX redundancy
daemon@ATHENA.MIT.EDU (Hugo Slabbert)
Thu Apr 2 14:55:11 2015
X-Original-To: nanog@nanog.org
Date: Thu, 2 Apr 2015 11:55:07 -0700
From: Hugo Slabbert <hugo@slabnet.com>
To: Anurag Bhatia <me@anuragbhatia.com>
In-Reply-To: <CAJ0+aXaEPO+H-cVDKhSinYzumgwaXOQUAC=qZjywQ4kCKB8KPg@mail.gmail.com>
Cc: NANOG Mailing List <nanog@nanog.org>
Errors-To: nanog-bounces@nanog.org
--Wtrm9ATX0sn6fFKv
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
Putting the EXs in a VC and splitting your AEs across the 2x VC members=20
takes care of that.
EXVC (ae1) >> Two Patches to SRX0 (reth1)
EXVC (ae2) >> Two Patches to SRX1 (reth1)
=2E..where EXVC is a VC composed of EX0 and EX1, and ae1 and ae2 both have=
=20
one member interface from each VC member.
In a failure of EX0 or EX1, your throughput on ae1 and ae2 halves as they=
=20
each lose a LAG member, but both SRX0 and SRX1 are still reachable.
--=20
Hugo
On Thu 2015-Apr-02 23:50:46 +0530, Anurag Bhatia <me@anuragbhatia.com> wrot=
e:
>Hi
>
>
>
>Yes,
>
>
>Since SRX0 connected to EX0 and SRX1 connected to EX1 (only). Thus either
>pair - 0 will work or pair - 1 will work. I wish if criss crossing worked
>then failure of one EX would have still made both SRX available.
>
>
>In current worst case scenario - failure of EX0 and SRX1 can cause full
>outage.
>
>
>
>Thanks.
>
>On Thu, Apr 2, 2015 at 9:21 PM, Hugo Slabbert <hugo@slabnet.com> wrote:
>
>> In:
>>
>> > EX0 (ae1) >> Two Patches to SRX0 (reth1)
>>>> > EX1 (ae2) >> Two Patches to SRX1 (reth1)
>>>>
>>>
>> with:
>>
>> > that if one EX goes down then I cannot make use of other corresponding
>>>> SRX.
>>>>
>>>
>> Do you mean that e.g. if SRX0 is the chassis cluster primary and EX0 goes
>> down, then you can't use SRX0, but you would like to be able to survive =
EX0
>> going down *without* failing over the SRX chassis cluster to SRX1?
>>
>> --
>> Hugo
>>
>>
>> On Thu 2015-Apr-02 20:47:03 +0530, Anurag Bhatia <me@anuragbhatia.com>
>> wrote:
>>
>> Hi
>>>
>>>
>>> I thought cross chassis lag is supposed by the use of reth bundled at S=
RX
>>> end. I read this is basically the major difference in reth Vs ae bundle=
in
>>> SRX.
>>>
>>>
>>> Interesting factor here is that ae bundles can spread across multiple EX
>>> chassis in a virtual chassis environment but this cannot be the case wi=
th
>>> ae bundles in SRX.
>>>
>>>
>>>
>>>
>>> Thanks.
>>>
>>> On Thu, Apr 2, 2015 at 7:59 PM, Bill Blackford <bblackford@gmail.com>
>>> wrote:
>>>
>>> It's my understanding that a cross chassis LAG is not supported. If th=
ere
>>>> is a way, I'm not aware of it. I'm running the same set up as your
>>>> working
>>>> example in my locations and for now, this suits my requirements.
>>>>
>>>> Sent from my iPhone
>>>>
>>>> > On Apr 2, 2015, at 07:12, Anurag Bhatia <me@anuragbhatia.com> wrote:
>>>> >
>>>> > Hello everyone!
>>>> >
>>>> >
>>>> >
>>>> >
>>>> > I have got two Juniper EX series switches (on virtual chassis) and t=
wo
>>>> SRX
>>>> > devices on native clustering.
>>>> >
>>>> >
>>>> > I am trying to have a highly available redundancy between them with
>>>> atleast
>>>> > 2Gbps capacity all the time but kind of failing. I followed Juniper's
>>>> > official page here
>>>> > <http://kb.juniper.net/InfoCenter/index?page=3Dcontent&id=3DKB22474>=
as
>>>> well as
>>>> > this detailed forum link here
>>>> > <
>>>> http://forums.juniper.net/t5/SRX-Services-Gateway/Best-way-
>>>> of-redundancy-between-SRX-and-EX/td-p/181365
>>>> >
>>>> > .
>>>> >
>>>> >
>>>> > I wish to have a case where devices are connected criss cross and
>>>> following
>>>> > the documentation I get two ae bundles in EX side and one single reth
>>>> > bundle on SRX side. Both ae bundles on EX side have identical
>>>> configuration
>>>> > and VLAN has both ae interfaces called up.
>>>> >
>>>> >
>>>> > If I do not go for criss cross connectivity like this:
>>>> >
>>>> >
>>>> >
>>>> > EX0 (ae1) >> Two Patches to SRX0 (reth1)
>>>> > EX1 (ae2) >> Two Patches to SRX1 (reth1)
>>>> >
>>>> >
>>>> > Then it works all well and redundancy works fine. In this case as lo=
ng
>>>> as 1
>>>> > out of 4 patch is connected connectivity stays live but this has tra=
de
>>>> off
>>>> > that if one EX goes down then I cannot make use of other correspondi=
ng
>>>> SRX.
>>>> >
>>>> > If I do criss connectivity, something like:
>>>> >
>>>> >
>>>> > EX0 (ae1) >> Two Patches to SRX0 (reth1)
>>>> > EX0 (ae1) >> One patch to SRX1 (reth1)
>>>> >
>>>> > EX1 (ae2) >> Two Patches to SRX1 (reth1)
>>>> > EX1 (ae2) >> One patch to SRX0 (reth1)
>>>> >
>>>> >
>>>> > In this config system behaves very oddly with one ae pair (and it's
>>>> > corresponding physical ports) working well while failover to other ae
>>>> > bundle fails completely.
>>>> >
>>>> >
>>>> >
>>>> > I was wondering if someone can point me out here.
>>>> >
>>>> >
>>>> >
>>>> >
>>>> > Appreciate your time and help!
>>>> >
>>>> >
>>>> >
>>>> >
>>>> >
>>>> > --
>>>> >
>>>> >
>>>> > Anurag Bhatia
>>>> > anuragbhatia.com
>>>> >
>>>> > Linkedin <http://in.linkedin.com/in/anuragbhatia21> | Twitter
>>>> > <https://twitter.com/anurag_bhatia>
>>>> > Skype: anuragbhatia.com
>>>> >
>>>> > PGP Key Fingerprint: 3115 677D 2E94 B696 651B 870C C06D D524 245E 58=
E2
>>>>
>>>>
>>>
>>>
>>> --
>>>
>>>
>>> Anurag Bhatia
>>> anuragbhatia.com
>>>
>>> Linkedin <http://in.linkedin.com/in/anuragbhatia21> | Twitter
>>> <https://twitter.com/anurag_bhatia>
>>> Skype: anuragbhatia.com
>>>
>>> PGP Key Fingerprint: 3115 677D 2E94 B696 651B 870C C06D D524 245E 58E2
>>>
>>
>
>
>--=20
>
>
>Anurag Bhatia
>anuragbhatia.com
>
>Linkedin <http://in.linkedin.com/in/anuragbhatia21> | Twitter
><https://twitter.com/anurag_bhatia>
>Skype: anuragbhatia.com
>
>PGP Key Fingerprint: 3115 677D 2E94 B696 651B 870C C06D D524 245E 58E2
--Wtrm9ATX0sn6fFKv
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCgAGBQJVHZCLAAoJEJqxD/2xeDE+Y7cP/1eXZCjaeoQWFQzY9p8zQ0OV
jkk1plWZ9a/z2n4bX15ueFff9/lBpIAvlkY0tZYbmzpg0jPn4gbpqZVVNOZf91qJ
Lfm3qsubrkq1xdyL342lYjllZyDsx1srRFMa3x1FRgh/saV+wyDbI3N7QqtjajLP
jWoieLOdk+/WqXDsXR/MbP7dPmOVKTFoPqElQD0XbvHQaSWV/+R9x84I7Y1RkrBs
ogTBCIYPFjaBCGVLgflycu/8fOlg3cyxp/Rqb5QbwhKAMNEZczqXoRRO1kqhU1JO
OKK/rTHWMqQiJRoADa+3h5yYsqJsAGxmomQkW2I1p9ak2lKIuA1SJtcLehyET5Jq
Yo+Gj50RucOnearqPfSbkfUBdu7TEkZPIKYl4yuRSif65k8fPK/4hbjuYXnEW6su
nV6Hb5wtyV0MkZoZ7P4Vr01szJxk8FjqYMXW15tddw2paR/uo1o/qezQz6/dJt5A
Xlz6+46on4qa5d/roQ+aVDQ8nPiin6o8SMkovEkbq5MXfHm99G3rhavfYBDWl4VM
884Nd4wtMp9VgPAFXaj263Zwvo9RYo1H4FHORVwTTLCjQ/JY1h0OdlZxqRlJjdFM
nmKqu9ox8NG/5vwQM69yaOtlPC8pJ9P3my4cG8WY1/q53SiBwlF3T9jat3QzGIAU
FPI9v6VlFDTsX2PaOBXY
=hyxw
-----END PGP SIGNATURE-----
--Wtrm9ATX0sn6fFKv--
