SRX Services Gateway
Blogs
Discussion Forums
Programs & Events
turn on suggestions Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Reply
Topic Options
smgg
Visitor
smgg
Posts: 6
Registered: ‎01-06-2010
Accepted Solution

SRX650 A/P Cluster Question

[ Edited ]
Options

‎03-09-2010 11:23 AM - edited ‎03-09-2010 06:13 PM

Hello All,

 

I am configuring my first SRX cluster, and have a question about setting the system default router and routing for the reth interfaces.

 

I have used the SRX650 Cluster KB15503 and TN79 as my guides for the base setup.  However it is unclear to me, given my environment (shown in the attached JPG), how to set the system backup-router statements for the nodes.

 

Should the system backup-router statement (as shown in TN79) be configured with the IP address of the EX4200VC (10.x.x.20/22 in the diagram)?

 

Do I need a separate VR to contain the routing for the reth 0.0 network to ensure proper routing for the machines in the Trust Zone.

 

Any suggestions would be greatly appreciated.  

Attachment SRX650-cluster-implementation.jpg ‏98 KB
Message 1 of 4 (6,014 Views)
 
Reply
Distinguished Expert Distinguished Expert
Distinguished Expert
Raheel
Posts: 414
Registered: ‎06-18-2008
0

Re: SRX650 A/P Cluster Question

Options

‎03-09-2010 04:10 PM

JPG is missing, please attach.

 

thanks

raheel

Follow me on Twitter @anwar_raheel

--
If this post was helpful, please mark this post as an "Accepted Solution".
Kudos are always appreciated!
Message 2 of 4 (6,010 Views)
 
Reply
Distinguished Expert Distinguished Expert
Distinguished Expert
rkim
Posts: 755
Registered: ‎11-06-2007

Re: SRX650 A/P Cluster Question

Options

‎03-18-2010 09:07 PM

Firstly the backup-router statement only applies to the secondary node for RG0 as secondary does not own rpd thus cannot perform route lookup. If managing from 10.x.x.x/22 network then backup-router statement is not needed. But if managing from a remote network, then you would need backup-router configuration. Based on your diagram, you would configure something like below:

 

set system backup-router 10.x.x.20 destination <remote-ip-subnet>

 

Also since your trust network seems to overlap your fxp0 network, then you will need to have reths in a separate virtual router type routing-instance. Just remember that you cannot terminate an IPSec tunnel from an interface in a routing-instance at this time.

 

-Richard

Message 3 of 4 (5,896 Views)
 
Reply
erdinc
Regular Visitor
erdinc
Posts: 8
Registered: ‎11-21-2007
0

Re: SRX650 A/P Cluster Question

Options

‎03-20-2010 05:18 AM

What if , I am not using an overlap network for fxp's but it has to be reached remote network which is doesnt reachable by any forwarding interface (fxp 172.16.0.1-2/24  nsm 192.168.168.1/24 ) .

passive nodes  RE wil be  reachable but first node will not (cause of the working active RE  didnt know 192.168.168.1 is will sent to the default   route ) 

 

I am doing a POC and facing this issue recently 

 

erdinc

Message 4 of 4 (5,860 Views)
 
Reply
Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.