Redundancy between SRX and 2 core switches

raj_bjs77 · ‎05-28-2011

Hi,

We have 1 SRX 650 with 4 - gig port. we have 2 core switches below this has vrrp for the users.

I want to connect both core uplink to 2 interface on SRX so that one uplink is backup to another.

I understand this will form loop. Can this be achieved by some way using 1 SRX with 2 interfaces.

Raj

keithr · ‎09-10-2009

I may be remembering incorrectly, but I'm pretty sure the 4 onboard ports on the SRX 650 do not support "family ethernet-switching," so you can't have a layer 2 connection that uses both links, nor run spanning tree on them for loop prevention or use aggregate interfaces.

With the onboard ports only, you'll have to create 2 separate routed links to your core switches. You can then set two static default routes, one to each core switch, and you can use a qualified next-hop with a preference for one link. If it fails, it will take the secondary route to the other core/link.

-kr

---
If this solves your problem, please mark this post as "Accepted Solution."
Kudos are always appreciated.

raj_bjs77 · ‎05-28-2011

Hi,

I am going to use OSPF between the SRX and core switches for route learning. Do you have some config for the same in my scenario.

Raj

Kashif-rana · ‎01-29-2008

Hi Raj

Below is the sample configuration for your requirement. Kindly note that I am assuming that you are using the VLAN load balancing means some of the VLANS gateway is master on core switch-1 and some VLANS gateway is master on core switch-2. BUT if all the VLANS gateway IP is master on Core switch 1 or 2 then for the below OSPF configuration on core switches use metric 5 for all VLANS on core switch-1 and metric 10 for all VLANS on core switch-2.

Configuration on SRX-650

--------------------------------------

set interfaces ge-0/0/0 description "Connected to Core-SW1"
set interfaces ge-0/0/0.0 family inet address 1.1.1.2/30

set interfaces ge-0/0/1 description "Connected to Core-SW2"
set interfaces ge-0/0/1.0 family inet address 2.2.2.2/30

set protocols ospf area 0 interface ge-0/0/0.0
set protocols ospf area 0 interface ge-1/0/0.0

Configuration on Core Switch-1

------------------------------------------

set protocols ospf area 0 interface vlan.2 passive
set protocols ospf area 0 interface vlan.2 metric 5 // Assuming that for VLAN 2 core switch-1 is master so lower metric
.
.
.
.
set protocols ospf area 0 interface vlan.10 passive
set protocols ospf area 0 interface vlan.10 metric 10 // Assuming that for VLAN 2 core switch-1 is backup so higher metric

set routing-options static route 0/0 next-hop 1.1.1.2

Configuration on Core Switch-2

------------------------------------------

set interfaces ge-0/0/1 description "Connected to SRX"
set interfaces ge-0/0/1.0 family inet address 1.1.1.1/30

set protocols ospf area 0 interface vlan.2 passive
set protocols ospf area 0 interface vlan.2 metric 10 // Assuming that for VLAN 2 core switch-2 is backup so higher metric
.
.
.
.
set protocols ospf area 0 interface vlan.10 passive
set protocols ospf area 0 interface vlan.10 metric 5 // Assuming that for VLAN 2 core switch-2 is master so lower metric

set routing-options static route 0/0 next-hop 2.2.2.2

HTH

Kashif Rana
00971555962393
JNCIE-SP#1428,JNCIE-SEC#55,JNCIP(SP,ENT,SEC),JNCIS(FWV,SSL),JNCIA(IDP,AC,WX),BIG IP-F5-LTM, CCNP
----------------------------------------------------------------------------------------------------------------------------------------

If this post was helpful, please mark this post as an "Accepted Solution".Kudos are always appreciated!

raj_bjs77 · ‎05-28-2011

Thanks..will try and let u know...I am going to use /30 subnet between these interfaces.

Raj

Kashif-rana · ‎01-29-2008

Just the last note, When the interface between Core-SW1 and SRX is down then all the Master VRRP Gateway IP of VLANS should be switched to Core-SW2, So on both Core-SW1 and Core-SW2, under the VRRP instances track the interfaces connected to SRX. For example:

set interfaces vlan.2 family inet address 10.10.10.2/24 vrrp-group 2 track interface ge-0/0/0 (Interface connected to SRX)

Cheers !!

Kashif Rana
00971555962393
JNCIE-SP#1428,JNCIE-SEC#55,JNCIP(SP,ENT,SEC),JNCIS(FWV,SSL),JNCIA(IDP,AC,WX),BIG IP-F5-LTM, CCNP
----------------------------------------------------------------------------------------------------------------------------------------

If this post was helpful, please mark this post as an "Accepted Solution".Kudos are always appreciated!

Kashif-rana · ‎01-29-2008

Kindly modify the VRRP on the Both core switches as below. Support VLAN 2 is master Core Switch-1, When interface of Core Swich-1 connected to SRX is down its VRRP priority should be lower than VRRP priority on the Core Switch-2 for VLAN 2, so the VRRP would shift on the Core Switch-2:

On Core Switch-1

------------------------

set interfaces vlan.2 family inet address 10.10.10.2/24 vrrp-group 2 virtual-address 10.10.10.1 priority 200 track interface ge-0/0/0 priority-cost 100

On Core Swtich-2

-------------------------

set interfaces vlan.2 family inet address 10.10.10.2/24 vrrp-group 2 virtual-address 10.10.10.1 priority 150 track interface ge-0/0/0

HTH

Kashif Rana
00971555962393
JNCIE-SP#1428,JNCIE-SEC#55,JNCIP(SP,ENT,SEC),JNCIS(FWV,SSL),JNCIA(IDP,AC,WX),BIG IP-F5-LTM, CCNP
----------------------------------------------------------------------------------------------------------------------------------------

If this post was helpful, please mark this post as an "Accepted Solution".Kudos are always appreciated!

Redundancy between SRX and 2 core switches

Re: Redundancy between SRX and 2 core switches

Re: Redundancy between SRX and 2 core switches

Re: Redundancy between SRX and 2 core switches

Re: Redundancy between SRX and 2 core switches

Re: Redundancy between SRX and 2 core switches

Re: Redundancy between SRX and 2 core switches