SRX Services Gateway
Reply
Contributor
GustavO
Posts: 72
Registered: ‎04-29-2009
0

Potential issues with multihoming SRX650

Hi all!

 

I have a scenario with an SRX650 that receives a full bgp table from an upstream. I am now about to add a second upstream and receive a second full-feed. I'm thinking of what issues I might bump into in this scenario, mainly related to asymmetric routing, ie. sending a packet out one interface and getting the reply back on the other interface. Should this work OK as long as the two upstreams are in the same zone? I'm running in flow mode so a session is created upon egress.

 

I have tried to find the answer to this in the documentation but the closest I've gotten is "Flow mode does not support asymmetric routing for stateful sessions" - this in the documentation for 10.0 (I'm running 10.0R2.10) but this is not mentioned from 10.1 and on. Does that mean that restriction is resolved?

 

Thanks in advance!

Contributor
TimotiSt
Posts: 30
Registered: ‎11-18-2009
0

Re: Potential issues with multihoming SRX650

If you have the two ISP interfaces in the same zone (untrust), it should work fine.

However, I'm not 100% sure; we have a bit more advanced setup, and it doesn't work at the moment (we have a case with JTAC).

 

Cheers,

Tamas

 

JNCIA-ER,-EX, JNCIS-ES, MCSA, CCNA and all that jazz...
Super Contributor
motd
Posts: 221
Registered: ‎12-16-2008
0

Re: Potential issues with multihoming SRX650

It should work as long as the two interfaces are in the same zone. I've done a similar setup (but only accepting default route instead of full tables)

Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.