SRX Services Gateway
Showing results for 
Search instead for 
Do you mean 
Reply
Highlighted
Visitor
Posts: 3
Registered: ‎12-06-2013
0 Kudos

SRX Cluster acting as a Switch for VRRP connected Devices doesn't work

I have a connection to an Service Providor that uses VRRP to enable High Availablity connections, so they require to be connected to a switch.

 

I have connected each one of their routers into a pair of SRX devices acting as a cluster (added the SWFAB interfaces), condifured a VLAN that includes both ports and a l3interface and I can now ping each of thier physical addresses from within my network.

 

When the primary SP router is up and working all good, but in the event it fails or reboots, even though the VIP address switches to the Secondary, the SRX Cluster can't contact the VIP address.

 

I have moved both connections onto the primary firewall in the Cluster and that works, however when its one link on the primary and one on the secondary I get cut off if the VIP address switches.

 

Has anyone done this ? Should it work ?

 

As an aside I am finding very hard to fault this as, I would expect the VIP MAC address to appear in the Firewall somewhere, it appear in the arp table and the forwarding a table as pointing towards vlan.xx, but I would have expected to see it in the show ethernet-switch table so I could tell which interface it thinks it is out of.

Visitor
Posts: 3
Registered: ‎12-06-2013
0 Kudos

Re: SRX Cluster acting as a Switch for VRRP connected Devices doesn't work

What was found was that the MAC table was never updating with the MAC address of the VIP. This was fixed by using JUNOS 12.1X46D65.1