@Wall-ED wrote:
Dear all
I have a question regarding Swfab and Fab
In Jncia-sec study guide it is mentioned that Fab is the link for data plane between two cluster nodes, while swfab is switching data link between two nodes in a layer two environment?
I'm sorry for confusion, but if they're directly connected, aren't they already layer 2? why do they need addresses?
Also, in what situation would I need both fab and swfab?
Thanks in advance
Best regards
WHile the cables are connected to physically link the interfaces, they can be used for different protocols such as family ethernet-switching of family inet for layer 3 routing.
You have to remember the architecture of the Juniper devices. Separation of Control plane (CP) and data plane (DP). Now reemember that the SRX is a sohpisticated router/firewall (so we are talking about Layer 3). So the fxp1 is the internal link that provides communication between the CP and the PFE in the DP. So since we create a cluster, it is now two devices connected as one. The control plane is always in an active/backup state. So we need a way to connect the DP and the CP of both devices. So to connect the two CP JSRP use the a physical interface and configure them as fxp1 between the the two devices/nodes to send HA control data, heartbeats and configuration synchronization information. Then to connect the two DP between the two devices to allow transit/data plane communication, you would use fab (fabric) interfaces which are again two physical ethernet interfaces on both devices. The cluster's Packet Forwarding Engines use them to carry RTOs (real time objects) that contain the session states and carry the user data. All session and service states are maintained on the data plane. The fab interface is used for routing traffic, as you will observere they are assigned an IP by the system.
>show interfaces terse | match fab
In most SRX Series devices in a chassis cluster, you can configure any pair of Gigabit Ethernet interfaces or any pair of 10-Gigabit interfaces to serve as the fabric between nodes. Interfaces on SRX210 devices are Fast Ethernet or Gigabit Ethernet (the paired interfaces must be of a similar type) and all interfaces on SRX100 devices are Fast Ethernet interfaces.
Now we are talking about Layer 2 -Local switching. Ethernet-switching in SRX chassis cluster was not supported on the SRX till version 11.1. To ensure that Layer 2 switching works seamlessly across chassis cluster nodes, a dedicated physical link to connect the nodes is required. This type of link is termed as a switching fabric interface (swfab).
swfab, switch fabric interfaces connects the switching fabrics on both nodes and are used to enable switching across the nodes configuring family ethernet-switching
>show chassis cluster ethernet-switching interfaces
>show chassis cluster ethernet-switching status