SRX Services Gateway
SRX Services Gateway

OSPF Routing on SRX in active/standy

‎05-17-2017 01:32 AM

Hi,

 

I am configuring OSPF Routing on SRX 4100 in HA clustering active/standby, using sub-interfaces for VLAN IDs, I am not Junos expert. Do I need to configure OSPF on Reth interfaces only or it needs to be using VLAN IDs? I don't think it will require on physical interfaces?

 

My configuration is below :

 

set groups node0 system host-name srx-a
set groups node0 interfaces fxp0 unit 0 family inet address 192.168.1.1/24
set groups node1 system host-name srx-b
set groups node1 interfaces fxp0 unit 0 family inet address 192.168.1.2/24
set apply-groups "${node}"
set chassis cluster reth-count 5
set chassis cluster redundancy-group 0 node 0 priority 200
set chassis cluster redundancy-group 0 node 1 priority 100
set chassis cluster redundancy-group 1 node 0 priority 200
set chassis cluster redundancy-group 1 node 1 priority 100
set interfaces fab0 fabric-options member-interfaces ge-0/0/2
set interfaces fab1 fabric-options member-interfaces ge-9/0/2
set interfaces ge-0/0/3 gigether-options redundant-parent reth0
set interfaces ge-9/0/3 gigether-options redundant-parent reth0
set interfaces ge-1/0/0 gigether-options redundant-parent reth1
set interfaces ge-10/0/0 gigether-options redundant-parent reth1
set interfaces ge-1/0/1 gigether-options redundant-parent reth2
set interfaces ge-10/0/1 gigether-options redundant-parent reth2
set interfaces ge-1/0/2 gigether-options redundant-parent reth3
set interfaces ge-10/0/2 gigether-options redundant-parent reth3
set interfaces ge-1/0/3 gigether-options redundant-parent reth4
set interfaces ge-10/0/3 gigether-options redundant-parent reth4
set interfaces reth0 redundant-ether-options redundancy-group 1
set interfaces reth1 redundant-ether-options redundancy-group 1
set interfaces reth2 redundant-ether-options redundancy-group 1
set interfaces reth3 redundant-ether-options redundancy-group 1
set interfaces reth4 redundant-ether-options redundancy-group 1
set security zones security-zone Trusted
set security zones security-zone Untrusted
set security zones security-zone DMZ_1

set security zones security-zone DMZ_2

set security zones security-zone DMZ_3

set security zones security-zone DMZ_4
set security zones security-zone 3rd_Party
set security zones security-zone Trusted host-inbound-traffic system-services all
set interfaces reth1 unit 1 family inet address 10.1.1.1/24
set security zones security-zone Trusted interfaces reth1.1
set interfaces reth1 vlan-tagging
set interfaces reth1 unit 1 vlan-id 1
set interfaces reth0 unit 2 family inet address 10.1.2.1/24
set security zones security-zone DMZ_1 interfaces reth0.2
set interfaces reth0 vlan-tagging
set interfaces reth0 unit 2 vlan-id 2
set interfaces reth0 unit 3 family inet address 10.1.3.1/24
set security zones security-zone DMZ_2 interfaces reth0.3
set interfaces reth0 vlan-tagging
set interfaces reth0 unit 3 vlan-id 3
set interfaces reth0 unit 4 family inet address 10.1.4.1/24
set security zones security-zone DMZ_3 interfaces reth0.4
set interfaces reth0 vlan-tagging
set interfaces reth0 unit 4 vlan-id 4
set interfaces reth0 unit 5 family inet address 10.1.5.1/24
set security zones security-zone DMZ_4 interfaces reth0.5
set interfaces reth0 vlan-tagging
set interfaces reth0 unit 5 vlan-id 5
set interfaces reth4 unit 0 family inet address 10.1.5.1/24
set security zones security-zone Untrusted interfaces reth4.0

 

If I only configure OSPF on Reth interface?

 

set protocols ospf area 0.0.0.0 interface reth0.0

set protocols ospf area 0.0.0.0 interface reth1.0

set protocols ospf area 0.0.0.0 interface reth2.0

set protocols ospf area 0.0.0.0 interface reth4.0

 

or 

 

set protocols ospf area 0.0.0.0 interface reth0.0

set protocols ospf area 0.0.0.0 interface reth0.1

set protocols ospf area 0.0.0.0 interface reth0.2

set protocols ospf area 0.0.0.0 interface reth0.3

set protocols ospf area 0.0.0.0 interface reth0.4

set protocols ospf area 0.0.0.0 interface reth0.5

set protocols ospf area 0.0.0.0 interface reth1.0

set protocols ospf area 0.0.0.0 interface reth1.1

set protocols ospf area 0.0.0.0 interface reth2.0

set protocols ospf area 0.0.0.0 interface reth3.0

set protocols ospf area 0.0.0.0 interface reth4.0

 

do I need something else as well?

 

1 REPLY 1
SRX Services Gateway

Re: OSPF Routing on SRX in active/standy

‎05-17-2017 01:38 AM
set protocols ospf area 0.0.0.0 interface reth0.0
set protocols ospf area 0.0.0.0 interface reth0.1
set protocols ospf area 0.0.0.0 interface reth0.2
set protocols ospf area 0.0.0.0 interface reth0.3
set protocols ospf area 0.0.0.0 interface reth0.4
set protocols ospf area 0.0.0.0 interface reth0.5
set protocols ospf area 0.0.0.0 interface reth1.0
set protocols ospf area 0.0.0.0 interface reth1.1
set protocols ospf area 0.0.0.0 interface reth2.0
set protocols ospf area 0.0.0.0 interface reth3.0
set protocols ospf area 0.0.0.0 interface reth4.0


And enable protocols OSPF under security zones corresponding to these interfaces.

For example " set security zones security-zone DMZ_4 host-inbound-traffic protocols ospf"
Thanks,
Suraj
Please Mark My Solution Accepted if it Helped, Kudos are Appreciated too