SRX

last person joined: yesterday 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.

  • 1.  SRX switching functionality

    Posted 03-01-2010 03:32

    Can i use SRX240 as a switch ,

    lets say i have 10 servers ,5 connected to SRX1 and 5 connected to SRX2.

    Each SRX has its own ISP connection and range of public addresses(which are to be mapped back to the servers behind SRX,and IP from both ISPs might end up on same server for redundancy).

    to put things very straight forward, i am looking into something like this

     

                        SRX1        SRX2

                           |                 |

                           |                 |

                   ==== SWITCH====

                               |        |

                             SERVERS

     

    =================================

    In the above diagram i want to remove the switch and utilize the internal ports of SRX by interconnecting its ports.

    Would that offer  a similar functinality as above.

     

                        SRX1        SRX2

                           |_______|

                           |                |

                           SERVERS

     

     

     

    Thanks

     

     

     



  • 2.  RE: SRX switching functionality

    Posted 03-01-2010 22:09

    any comments !!!



  • 3.  RE: SRX switching functionality
    Best Answer

    Posted 03-02-2010 02:28

    The answer is "yes" with a "but" at the end.

     

    Yes, you can configure the SRX as a switch. You can put various ports is separate VLANs and route between them. Example:

     

    # connection to other SRX

    set interfaces ge-0/0/0 unit 0 family ethernet-switching port-mode trunk

    set interfaces ge-0/0/0 unit 0 family ethernet-switching vlan members all

    # connections to servers
    set interfaces interface-range MyServers member ge-0/0/1

    set interfaces interface-range MyServers member ge-0/0/2

    set interfaces interface-range MyServers member ge-0/0/3

    set interfaces interface-range MyServers member ge-0/0/4

    set interfaces interface-range MyServers unit 0 family ethernet-switching vlan members ServerVLAN

    set interfaces vlan unit 10 family inet address 172.16.10.1/24

    set vlans ServerVLAN l3-interface vlan.10

    set security zones security-zone trust interfaces vlan.10

     

    But, keep in mind the SRX240 only supports a max throughput of 1.5 Gbps (1.5G for large packets and 500M for mix). I don't know what your current switch backplane capacity is but you MAY be introducing a bottleneck if you go that route. I would be interested to hear about your results.

     

    Warm regards,

    John

    JNCIS-ER et al.

     



  • 4.  RE: SRX switching functionality

    Posted 03-02-2010 09:34

    AFAIK the L2 switching is performed at wirespeed by the SRX240 ge ports. The performance penalty comes when you "route" (packet/flow forwarding) the IP packets.

     

    But keep in mind that L2 swicthing features are not available when you join to individual SRX240 in a single "Chassis Cluster"



  • 5.  RE: SRX switching functionality

    Posted 03-02-2010 14:00

    So you can probably have good throughput on all devices that are in all the same VLAN but if you add a second or thrid VLAN you will get the performance hit for traffic between VLANs.

     

    xhome, I am not sure what you mean by a "single chassis cluster" but I do have a customer that is using the switching feature on a single SRX240 chassis. What are the limtations? 

     

    John



  • 6.  RE: SRX switching functionality

    Posted 03-02-2010 21:42

    thanks jmistichelli and xhoms for your valuable input.

     



  • 7.  RE: SRX switching functionality

    Posted 03-03-2010 06:43

    "Chassis Cluster" is an SRX software features that allow you to join to SRX240 devices into a single "cluster unit".

     

    A Single SRX240 is a FW that has 5 slots

    - slot 0: the base slot

    - slot 1: the first miniPIM

    - slot 2: the second miniPIM

    - slot 3: the third miniPIM

    - slot 4: the fourth miniPIM

     

    A SRX240 "Chassis Cluster" is a FW (setup by 2 SR240 units) that has 10 slots

    - slot 0: the base slot of the node 0

    - slot 1: the first miniPIM  of the node 0

    - slot 2: the second miniPIM  of the node 0

    - slot 3: the third miniPIM  of the node 0

    - slot 4: the fourth miniPIM of the node 0

    - slot 5: the base slot of the node 1

    - slot 6: the first miniPIM  of the node 1

    - slot 7: the second miniPIM  of the node 1

    - slot 8: the third miniPIM  of the node 1

    - slot 9: the fourth miniPIM of the node 1

     

    More info at http://www.juniper.net/techpubs/software/junos-security/junos-security10.1/junos-security-swconfig-security/cc-chapter.html#cc-chapter



  • 8.  RE: SRX switching functionality

    Posted 03-10-2010 09:05

    Can anyone confirm if this http://forums.juniper.net/t5/SRX-Services-Gateway/DHCP-discover-fails-in-a-RVI-bridge-group/m-p/30999 is still a problem on 10.1?

     

    I currently have 10.0r2 on a SRX-100 and whilst the other ports in the RVI / bridge group pass most traffic fine, they never get a response to a DHCP discover. The problem is definitely the SRX-100, since I can connect to an upstream switchport and get a DHCP lease with no problem.

     

    I'll try out 10.1 in the next few days... fingers crossed.