SRX Services Gateway
SRX Services Gateway

Potential issues with multihoming SRX650

09.30.10   |  
‎09-30-2010 09:18 AM

Hi all!

 

I have a scenario with an SRX650 that receives a full bgp table from an upstream. I am now about to add a second upstream and receive a second full-feed. I'm thinking of what issues I might bump into in this scenario, mainly related to asymmetric routing, ie. sending a packet out one interface and getting the reply back on the other interface. Should this work OK as long as the two upstreams are in the same zone? I'm running in flow mode so a session is created upon egress.

 

I have tried to find the answer to this in the documentation but the closest I've gotten is "Flow mode does not support asymmetric routing for stateful sessions" - this in the documentation for 10.0 (I'm running 10.0R2.10) but this is not mentioned from 10.1 and on. Does that mean that restriction is resolved?

 

Thanks in advance!

2 REPLIES
SRX Services Gateway

Re: Potential issues with multihoming SRX650

10.05.10   |  
‎10-05-2010 01:25 AM

If you have the two ISP interfaces in the same zone (untrust), it should work fine.

However, I'm not 100% sure; we have a bit more advanced setup, and it doesn't work at the moment (we have a case with JTAC).

 

Cheers,

Tamas

 

JNCIA-ER,-EX, JNCIS-ES, MCSA, CCNA and all that jazz...
SRX Services Gateway

Re: Potential issues with multihoming SRX650

10.05.10   |  
‎10-05-2010 10:48 AM

It should work as long as the two interfaces are in the same zone. I've done a similar setup (but only accepting default route instead of full tables)