SRX

Greetings,

I'm working on a SRX3600 HA Active/Passive setup.  I've been following best-practice guides from Juniper, but have yet find a clear answer to the following question:

In setting up redundant fabric links, what criteria determines whether it's recommended to utilize gigabit vs. 10-gigabit interfaces?  

I would think the amount of ingress/egress traffic would impact the design-decision there for session traffic being transferred upon a failover scenario.  Are there any stated thresholds or best-practice recommendations that drive the design-decision one way or the other?  I haven't been able to find anything.

I would appreciate your input.

Hi,

The choice between  ge (1gig) and Xe (10gig) is based on the traffic through the device.

The amount of traffic you expect the interface to handle.

As such there is no real recommendations.

Regards,

c_r 

Thanks for the response.  

I've actually been engaged with JTAC on the matter.  First off, they admitted that there's no official documentation that states/provides a given recommendation to inform a design decision on the fabric links (regarding 1G vs. 10G in my scenario).  

Secondly, and most-importantly - in a failover scenario concerning an Active/Passive setup, it's not really the amount of traffic being handled by the active node that's important.  What's important is the number of sessions.  The fabric link on the active node regularly communicates RTO/session data to the passive node and in a failover scenario if you have a massive amount of sessions, theoretically you could saturate the 1G fabric link as the 'failing' node commincates the failover RTO/session data to the new active node.  

So the next question is - where is that baseline or benchmark that helps to determine the number of concurrent sessions you anticipate maintaining that would then inform the design decision?  Burning a 10G revenue port that would be rough if you have a relatively low amount of sessions on a regular basis.

Per Juniper's product literature on the SRX3600: 

• Maximum concurrent sessions   2.25/ 6 million sessions *
  • * Additional Extreme License required for 6M sessions 

• New sessions/second (sustained, TCP, 3-way)     270,000

I'm working with JTAC in investigating this last question.  If anyone out there has real-world experience with this design question, I'd appreciate some input.  I'll be updating this thread with my findings.

Thanks

I received my official answer from JTAC.  They researched a couple theoretical scenarios I posed to them regarding my situation.  

May I have a recommendation on the proper interface size (1G or 10gig) to use for the 
following Active/Passive failover scenarios:

Scenario 1:
560,000 active sessions

Scenario 2:
1.69 million active sessions

560K active sessions is 25% of stated capability under default license, and 1.69 million sessions is 75% of stated capability under default license for this product.  I chose these values because as I stated in my previous post, JTAC wanted values to work with before providing a recommendation - and I was trying to establish a baseline.

JTAC ended up telling me that a 1G fabric link will be quite sufficient in an Active/Passive HA configuration.  So for me, I'll be running a 1G fabric link and another for redundancy in case the first were to suffer a failure for some reason.

10G is recommended in an Active/Active HA configuration where you would be handling a large amount of sessions and traffic (Ex.: you could have traffic ingressing one node--> traversing the fabric link--> egressing another node - AKA: Z-Mode traffic).

I hope this is helpful to someone.