SRX Services Gateway
Showing results for 
Search instead for 
Do you mean 
Reply
Contributor
Posts: 73
Registered: ‎02-17-2009
0 Kudos
Accepted Solution

SRX switching functionality

Can i use SRX240 as a switch ,

lets say i have 10 servers ,5 connected to SRX1 and 5 connected to SRX2.

Each SRX has its own ISP connection and range of public addresses(which are to be mapped back to the servers behind SRX,and IP from both ISPs might end up on same server for redundancy).

to put things very straight forward, i am looking into something like this

 

                    SRX1        SRX2

                       |                 |

                       |                 |

               ==== SWITCH====

                           |        |

                         SERVERS

 

=================================

In the above diagram i want to remove the switch and utilize the internal ports of SRX by interconnecting its ports.

Would that offer  a similar functinality as above.

 

                    SRX1        SRX2

                       |_______|

                       |                |

                       SERVERS

 

 

 

Thanks

 

 

 

Contributor
Posts: 73
Registered: ‎02-17-2009
0 Kudos

Re: SRX switching functionality

any comments !!!

Contributor
Posts: 14
Registered: ‎02-18-2010
0 Kudos

Re: SRX switching functionality

[ Edited ]

The answer is "yes" with a "but" at the end.

 

Yes, you can configure the SRX as a switch. You can put various ports is separate VLANs and route between them. Example:

 

# connection to other SRX

set interfaces ge-0/0/0 unit 0 family ethernet-switching port-mode trunk

set interfaces ge-0/0/0 unit 0 family ethernet-switching vlan members all

# connections to servers
set interfaces interface-range MyServers member ge-0/0/1

set interfaces interface-range MyServers member ge-0/0/2

set interfaces interface-range MyServers member ge-0/0/3

set interfaces interface-range MyServers member ge-0/0/4

set interfaces interface-range MyServers unit 0 family ethernet-switching vlan members ServerVLAN

set interfaces vlan unit 10 family inet address 172.16.10.1/24

set vlans ServerVLAN l3-interface vlan.10

set security zones security-zone trust interfaces vlan.10

 

But, keep in mind the SRX240 only supports a max throughput of 1.5 Gbps (1.5G for large packets and 500M for mix). I don't know what your current switch backplane capacity is but you MAY be introducing a bottleneck if you go that route. I would be interested to hear about your results.

 

Warm regards,

John

JNCIS-ER et al.

 

Highlighted
Juniper Employee
Posts: 33
Registered: ‎08-20-2009
0 Kudos

Re: SRX switching functionality

AFAIK the L2 switching is performed at wirespeed by the SRX240 ge ports. The performance penalty comes when you "route" (packet/flow forwarding) the IP packets.

 

But keep in mind that L2 swicthing features are not available when you join to individual SRX240 in a single "Chassis Cluster"

Contributor
Posts: 14
Registered: ‎02-18-2010
0 Kudos

Re: SRX switching functionality

[ Edited ]

So you can probably have good throughput on all devices that are in all the same VLAN but if you add a second or thrid VLAN you will get the performance hit for traffic between VLANs.

 

xhome, I am not sure what you mean by a "single chassis cluster" but I do have a customer that is using the switching feature on a single SRX240 chassis. What are the limtations? 

 

John

Contributor
Posts: 73
Registered: ‎02-17-2009
0 Kudos

Re: SRX switching functionality

thanks jmistichelli and xhoms for your valuable input.

 

Juniper Employee
Posts: 33
Registered: ‎08-20-2009
0 Kudos

Re: SRX switching functionality

"Chassis Cluster" is an SRX software features that allow you to join to SRX240 devices into a single "cluster unit".

 

A Single SRX240 is a FW that has 5 slots

- slot 0: the base slot

- slot 1: the first miniPIM

- slot 2: the second miniPIM

- slot 3: the third miniPIM

- slot 4: the fourth miniPIM

 

A SRX240 "Chassis Cluster" is a FW (setup by 2 SR240 units) that has 10 slots

- slot 0: the base slot of the node 0

- slot 1: the first miniPIM  of the node 0

- slot 2: the second miniPIM  of the node 0

- slot 3: the third miniPIM  of the node 0

- slot 4: the fourth miniPIM of the node 0

- slot 5: the base slot of the node 1

- slot 6: the first miniPIM  of the node 1

- slot 7: the second miniPIM  of the node 1

- slot 8: the third miniPIM  of the node 1

- slot 9: the fourth miniPIM of the node 1

 

More info at http://www.juniper.net/techpubs/software/junos-security/junos-security10.1/junos-security-swconfig-s...

Contributor
Posts: 19
Registered: ‎12-03-2009
0 Kudos

Re: SRX switching functionality

Can anyone confirm if this http://forums.juniper.net/t5/SRX-Services-Gateway/DHCP-discover-fails-in-a-RVI-bridge-group/m-p/3099... is still a problem on 10.1?

 

I currently have 10.0r2 on a SRX-100 and whilst the other ports in the RVI / bridge group pass most traffic fine, they never get a response to a DHCP discover. The problem is definitely the SRX-100, since I can connect to an upstream switchport and get a DHCP lease with no problem.

 

I'll try out 10.1 in the next few days... fingers crossed.