03-01-2010 03:32 AM
Can i use SRX240 as a switch ,
lets say i have 10 servers ,5 connected to SRX1 and 5 connected to SRX2.
Each SRX has its own ISP connection and range of public addresses(which are to be mapped back to the servers behind SRX,and IP from both ISPs might end up on same server for redundancy).
to put things very straight forward, i am looking into something like this
In the above diagram i want to remove the switch and utilize the internal ports of SRX by interconnecting its ports.
Would that offer a similar functinality as above.
Solved! Go to Solution.
03-02-2010 02:27 AM - edited 03-02-2010 08:46 AM
The answer is "yes" with a "but" at the end.
Yes, you can configure the SRX as a switch. You can put various ports is separate VLANs and route between them. Example:
# connection to other SRX
set interfaces ge-0/0/0 unit 0 family ethernet-switching port-mode trunk
set interfaces ge-0/0/0 unit 0 family ethernet-switching vlan members all
# connections to servers
set interfaces interface-range MyServers member ge-0/0/1
set interfaces interface-range MyServers member ge-0/0/2
set interfaces interface-range MyServers member ge-0/0/3
set interfaces interface-range MyServers member ge-0/0/4
set interfaces interface-range MyServers unit 0 family ethernet-switching vlan members ServerVLAN
set interfaces vlan unit 10 family inet address 172.16.10.1/24
set vlans ServerVLAN l3-interface vlan.10
set security zones security-zone trust interfaces vlan.10
But, keep in mind the SRX240 only supports a max throughput of 1.5 Gbps (1.5G for large packets and 500M for mix). I don't know what your current switch backplane capacity is but you MAY be introducing a bottleneck if you go that route. I would be interested to hear about your results.
JNCIS-ER et al.
03-02-2010 09:34 AM
AFAIK the L2 switching is performed at wirespeed by the SRX240 ge ports. The performance penalty comes when you "route" (packet/flow forwarding) the IP packets.
But keep in mind that L2 swicthing features are not available when you join to individual SRX240 in a single "Chassis Cluster"
03-02-2010 01:59 PM - edited 03-02-2010 02:06 PM
So you can probably have good throughput on all devices that are in all the same VLAN but if you add a second or thrid VLAN you will get the performance hit for traffic between VLANs.
xhome, I am not sure what you mean by a "single chassis cluster" but I do have a customer that is using the switching feature on a single SRX240 chassis. What are the limtations?
03-03-2010 06:42 AM
"Chassis Cluster" is an SRX software features that allow you to join to SRX240 devices into a single "cluster unit".
A Single SRX240 is a FW that has 5 slots
- slot 0: the base slot
- slot 1: the first miniPIM
- slot 2: the second miniPIM
- slot 3: the third miniPIM
- slot 4: the fourth miniPIM
A SRX240 "Chassis Cluster" is a FW (setup by 2 SR240 units) that has 10 slots
- slot 0: the base slot of the node 0
- slot 1: the first miniPIM of the node 0
- slot 2: the second miniPIM of the node 0
- slot 3: the third miniPIM of the node 0
- slot 4: the fourth miniPIM of the node 0
- slot 5: the base slot of the node 1
- slot 6: the first miniPIM of the node 1
- slot 7: the second miniPIM of the node 1
- slot 8: the third miniPIM of the node 1
- slot 9: the fourth miniPIM of the node 1
03-10-2010 09:05 AM
Can anyone confirm if this http://forums.juniper.net/t5/SRX-Services-Gateway/DHCP-discover-fails-in-a-RVI-bridge-group/m-p/3099... is still a problem on 10.1?
I currently have 10.0r2 on a SRX-100 and whilst the other ports in the RVI / bridge group pass most traffic fine, they never get a response to a DHCP discover. The problem is definitely the SRX-100, since I can connect to an upstream switchport and get a DHCP lease with no problem.
I'll try out 10.1 in the next few days... fingers crossed.