SRX Services Gateway
Highlighted
SRX Services Gateway

Query regarding reth interface supporting multiple physical interfaces

‎05-22-2015 03:37 AM

Hi

 

I am trying to resolve an issue with my SRX 650 cluster. As per the information i have a reth interface is bound to one physical ethernet interface (fe-, ge- or xe- interface) on each node. This way, the reth can be active on one node or the other through the associated physical interface.

I have a configuration in place which is connecting reth1 to the switch allowing vlan21. Now the requirement is to connect a new switch and allow the traffic from vlan21 to traverse the same.

 

As such I am trying to see if there are any options available to achieve the same.

 

Kindly provide any input around this. Any help will be much appreciated.

 

6 REPLIES 6
Highlighted
SRX Services Gateway

Re: Query regarding reth interface supporting multiple physical interfaces

‎05-22-2015 03:52 AM

Hello ,

 

So I am hoping that , initially you had one switch connecting  the SRX cluster  with 2 interface ( each from each node ) connecting to switch on reth1 . Now you need to adda new switch and connect to reth1  and allow the traffc . Correct me if I am wrong .

In this case No configuration changes needed in SRX end . The Switches have to be in cluster mode so that is failover happens , no traffic drops experienced .


Thanks,
Sam

Please Mark My Solution Accepted if it Helped, Kudos are Appreciated too .....
Highlighted
SRX Services Gateway

Re: Query regarding reth interface supporting multiple physical interfaces

‎05-22-2015 05:52 AM

Hello Sam

 

Thanks for reply.

 

Yes , the switch is connected to SRX on reth1 and we want to connect a new switch  directly on SRX on different interface of firewall. So we want to allow the same set of vlans to new reth ( vlans which are already exist on reth1).There is no connection between the exisitng switch and new switch.

 

Thanks

 

 

Highlighted
SRX Services Gateway

Re: Query regarding reth interface supporting multiple physical interfaces

‎05-22-2015 06:31 AM

Hello ,

 

This setup Looks strange since the Switch is not connected  and both of them are having same VLANs . Else we can have 2 more interfaces in same reth1 ( one from each node again ) and add them in LACP .  So total 4 interfaces in the reth1.

 


Thanks,
Sam

Please Mark My Solution Accepted if it Helped, Kudos are Appreciated too .....
Highlighted
SRX Services Gateway

Re: Query regarding reth interface supporting multiple physical interfaces

‎05-27-2015 12:45 AM

HI Sam

 

Thanks for your response again. Its certainly is a bit confusing as I am trying to set up the same VLAN from two different devices to traverse the reth interface on the same Juniper device. As such I am trying to find out if that is even possible or not.

 

Also as per your last response I would request you to share any KB article that i can go througn to get a better understanding of the setup.

 

Any input will be highlt appreciated.

Highlighted
SRX Services Gateway

Re: Query regarding reth interface supporting multiple physical interfaces

‎08-08-2018 07:58 AM

Hi Karundeep,

 

Did you manage to get this setup working? I am trying to do exactly the same thing but got stuck. 

 

 

Thanks,

 

Fasih

Highlighted
SRX Services Gateway

Re: Query regarding reth interface supporting multiple physical interfaces

‎08-08-2018 04:44 PM

Hello, Karundeep

 

If I understand correctly the desired setup, it will be like this:

 

Host A in Vlan21---Switch---------(reth)-SRX-(reth)------Switch---Host B in Vlan21

 

You are looking to pass traffic from Host A to Host B, both on vlan 21 right?

 

If my understanding is correct, you need to configure the reth interfaces as L2 interfaces (family ethernet-switching) allowing vlan 21 so that the SRX acts like a L2 switch. However configuring a reth interface for family ethernet-switching is only supported Since Junos 15.1X49-D50 and your SRX 650 doesnt support this Junos version:

 

https://kb.juniper.net/InfoCenter/index?page=content&id=KB32504&cat=&actp=LIST&showDraft=false

 

On your SRX650 cluster you can try the following:

 

1. Configure a SwitchFab link between the nodes of the cluster (this acts like a trunk link between the nodes): 

 

https://www.juniper.net/documentation/en_US/junos/topics/example/chassis-cluster-swfab-enable-switch...

 

2. Configure 2 standalone interfaces (not reth), on each node, with family ethernet-switching allowing vlan21.

 

3.Create vlan 21 in the SRX cluster.

 

After this, you should be able to communicate host A with Host B over vlan 21.

Pura Vida from Costa Rica - Mark as Resolved if it applies.
Kudos are appreciated too!
Feedback