SRX Services Gateway
Reply
Contributor
husni1984
Posts: 119
Registered: ‎06-10-2009
0

Deleting Management Interface on Clustered SRX(fxp0) Impact

Hi All,

 

Is there any impact if I deleted the fxp0 (Management Interface) on clustered SRX 650 , because I need to build another reth... so far I only have 4 interfaces fix which is ge-0/0/0 by default -> fxp0, ge-0/0/1, fxp1 -> ge-0/0/1 (control link) and fab -> ge-0/0/2 (fabric)..... and I only have 1 port to build reth for each box (ge-0/0/3)...

 

as far as I know for clustering needs 2 minimum reth interface and each reth minimum has 2 physical ports...

 

 

Please advice..

 

 

Thanks

 

 

Cunny

Trusted Contributor
supcourt
Posts: 47
Registered: ‎11-10-2009
0

Re: Deleting Management Interface on Clustered SRX(fxp0) Impact

in a cluster, ge-0/0/0 and ge-9/0/0 are management ports. they cannot be provisioned for other things.

 

a stock 650 can have one reth port (using ge-0/0/3 and ge-9/0/3).

 

"clustering needs 2 minimum reth interface"

 

this doesn't make any sense -- clustering is having the two 650's talking to each other, shared config, etc. you can build a cluster with no reth ports if you want (doesn't make sense, but you can). the stock 650 only allows one reth port since the other ports are used by the cluster itself, but that doesn't make it any less a cluster.

 

 

Contributor
husni1984
Posts: 119
Registered: ‎06-10-2009
0

Re: Deleting Management Interface on Clustered SRX(fxp0) Impact

Thanks for your reply, My goal is to make minimum downtime or even zero downtime if one of the box is failed, thats why I build a cluster on SRX and I build with "clustering needs 2 minimum reth interface", first for the untrust zone and the other for the DMZ zone.....

 

You said that it is not possible if I delete the fxp0...

 

 

Please advice..

 

 

Thanks

 

Cunny

Trusted Contributor
supcourt
Posts: 47
Registered: ‎11-10-2009
0

Re: Deleting Management Interface on Clustered SRX(fxp0) Impact

add the 16 or 24 port cards to the 650's. essentially, you must have the extra interfaces with a 650 cluster to have anything at all work, unless you want to run vlans over that single reth the stock 650 gives you.

 

run the reths from the card and ignore the 0/0/3|9/0/3 port. juniper, someday, may allow us to bond multiple interfaces for the fabric link so hold that port for the eventuality.

 

reth1 (outside zone) -- 2/0/0 and 11/0/0

reth2 (dmz) -- 2/0/1 and 11/0/1

 

if you can't add the ports, you'll need to vlan the single reth.

 

reth1 -- 0/0/3 and 9/0/3

reth1.100 (outside) vlan 100, have your (hopefully clustered/redundant) switch run it to the outside.

reth1.200 (dmz) vlan 200, again, have your switch run it to the dmz.

Contributor
husni1984
Posts: 119
Registered: ‎06-10-2009
0

Re: Deleting Management Interface on Clustered SRX(fxp0) Impact

Hi Supcourt,

 

Thanks for your explanation, so theres no any solution except vlan the reth interface?

 

Please Advice..

 

Thanks and Regards,

 

 

Cunny

Contributor
Sloefke
Posts: 29
Registered: ‎07-16-2008
0

Re: Deleting Management Interface on Clustered SRX(fxp0) Impact

Either install the extra interfaces, or trunk the one port you have left.

Trusted Contributor
supcourt
Posts: 47
Registered: ‎11-10-2009
0

Re: Deleting Management Interface on Clustered SRX(fxp0) Impact

 


Thanks for your explanation, so theres no any solution except vlan the reth interface?

 


two solutions, add ports or use vlans. you've pointed out that you don't have the ports to add additional reths, so you understand what's required. you have a 650, didn't you expect to be using those bays for ports? load 'em up...

Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.