SRX

Hi,

I am confused as to whether trunking is supported on a SRX240 (version 10.3R8) cluster or not. Some documentation states switching is not supported when running in cluster mode whereas other posts say it is supported. However the scenario or models in the examples are different from our setup.

I am fairly new to Juniper. The Cluster I have setup is working fine. I have setup a IPSec VPN which is also working fine. No other fancy stuff there. I would like to setup an etherchannel or aggregated link to a Cisco 3750 stack using a dot1q  trunk. We use 5 layer 3 interfaces and currently they are bound to logical interfaces ge-0/0/5.0 to ge-0/0/10.0. I would obviously rather use 5 vlan interfaces to terminate the layer 3 subnets and trunk then to the switch.

I would expect the above example to work but I as I was reading though the different posts I got confused whether such configuration is supported or not.

Any advice would be much appreciated!

Thanks

Hi,

Ethernet Switching is indeed not supported in cluster mode. On the other hand, you can of course have vlan tags on your l3 interfaces to terminate more than one vlan.

EXAMPLE:

interfaces {
    ge-0/0/0 {
        vlan-tagging;
        unit 10 {
            vlan-id 10;
            family inet {
                address 10.0.10.1/24;
            }
        }
        unit 20 {
            vlan-id 20;
            family inet {
                address 10.0.20.1/24;
            }
        }
    }

}

You can also assign the different units (ge-0/0/0.10 und .20) to different security zones, routing instances etc.

Regards,

Dominik

Thanks for the quick reply!

So in our case with the SRX240 cluster we would implement something like;

set interfaces reth1 VLAN-tagging
set interfaces reth1 redundant-ether-options redundancy-group 1
set interfaces reth1 unit 10 VLAN-id 10
set interfaces reth1 unit 10 family inet address 10.10.0.1/24
set interfaces reth1 unit 11 VLAN-id 11
set interfaces reth1 unit 11 family inet address 10.11.0.1/24
set interfaces reth1 unit 12 VLAN-id 12
set interfaces reth1 unit 12 family inet address 10.12.0.1/24

set interfaces ge-0/0/5 gigether-options redundant-parent reth1
set interfaces ge-5/0/5 gigether-options redundant-parent reth1

set security zones security-zone zone-10 interfaces reth1.10
set security zones security-zone zone-10 interfaces reth1.11
set security zones security-zone zone-10 interfaces reth1.12

set interfaces ge-0/0/5 unit 0 family ethernet-switching port-mode trunk
set interfaces ge-0/0/5 unit 0 family ethernet-switching vlan members vlan10
set interfaces ge-0/0/5 unit 0 family ethernet-switching vlan members vlan11
set interfaces ge-0/0/5 unit 0 family ethernet-switching vlan members vlan12

set interfaces ge-5/0/5 unit 0 family ethernet-switching port-mode trunk
set interfaces ge-5/0/5 unit 0 family ethernet-switching vlan members vlan10
set interfaces ge-5/0/5 unit 0 family ethernet-switching vlan members vlan11
set interfaces ge-5/0/5 unit 0 family ethernet-switching vlan members vlan12

The above example is supported on a SRX240 cluster?

And finally I guess no etherchannels/aggregated ports?

Thanks!

Close

First - yes. No layer 2 features like link aggregation groups, etc.

The redundand interfaces are configured differently. You don't configure any family et all but bind it to the aggregated ethernet interfaces.

For a good tutorial, see this KB article:

http://kb.juniper.net/KB15650

Regards,

Dominik

Alright close 😉

So no link aggregation groupslink and the like, pitty, would have been great...

I used the article you suggest to get the cluster up and running. The article however does not describe vlan trunking in a clustered environment. Also in the article physical interfaces are bound to redundant interfaces and any layer 3 information is configured on the reth interfaces.

The example config I posted came from here
http://www.juniper.net/us/en/local/pdf/implementation-guides/8010046-en.pdf

Page 15 and up...

See, this is why I am getting confused on how to approach this...

So I guess I am looking for an example for setting up a trunk in a clustered environment supported by the SRX240.

I appreciate your help, thank you.

Hi,

In the guide you linked there is an exact example of what we like to achieve (page 15):

First you create a redundant interface by binding the two physical interfaces to it:

set interfaces xe-3/1/0 gigether-options redundant-parent reth1
set interfaces xe-9/1/0 gigether-options redundant-parent reth1
set interfaces reth1 redundant-ether-options redundancy-group 1

(of course your SRX 210 doesn't have 10 GBit interfaces, you have to substitute that with ge-0/0/x and ge-5/0/y).

Then you configure reth1:

set interfaces reth1 VLAN-tagging
set interfaces reth1 redundant-ether-options redundancy-group 1
set interfaces reth1 unit 10 VLAN-id 10
set interfaces reth1 unit 10 family inet address 10.10.0.1/24
set interfaces reth1 unit 11 VLAN-id 11
set interfaces reth1 unit 11 family inet address 10.11.0.1/24

You can do this just if reth1 would be an ordinary interface (like ge-0/0/0 in my previous example).

Regards,

Dominik

The problem is you can not define port mode trunk on reth interaces since it is termintating vlans nor can you put logical units on the physical interfaces.

Without the port mode trunk, no happy trunking 😉

interfaces {
    ge-0/0/4 {
        vlan-tagging;
        gigether-options {
            ##
            ## Warning: Tagging is not allowed on redundant-ethernet member
            ## Warning: Logical unit is not allowed on redundant-ethernet member
            ##
            redundant-parent reth5;
        }
        unit 0 {
            ##
            ## Warning: An interface cannot have both family ethernet-switching and vlan-tagging configured
            ##
            family ethernet-switching {
                port-mode trunk;
                vlan {
                    members [ vlan10 vlan11 vlan12 ];
                }
            }
        }
    }

or (obviously not and)

    reth5 {
        vlan-tagging;
        redundant-ether-options {
            redundancy-group 1;
        }
        unit 0 {
            ##
            ## Warning: An interface cannot have both family ethernet-switching and vlan-tagging configured
            ##
            family ethernet-switching {
                port-mode trunk;
                vlan {
                    members [ vlan10 vlan11 vlan12 ];
                }
            }
        }

any clues as to what is the last piece of this puzzle?

Hi,

on the contributing ge- interfaces that are linked to the redundant interfaces there should be NO config except the redundand-parent option:

All RED stuff has to be deleted

interfaces {
    ge-0/0/4 {
        vlan-tagging
        gigether-options {
            ##
            ## Warning: Tagging is not allowed on redundant-ethernet member
            ## Warning: Logical unit is not allowed on redundant-ethernet member
            ##
            redundant-parent reth5;
        }

        unit 0 {
            ##
            ## Warning: An interface cannot have both family ethernet-switching and vlan-tagging configured
            ##
            family ethernet-switching {
                port-mode trunk;
                vlan {
                    members [ vlan10 vlan11 vlan12 ];
                }
            }
        }

}

Also you have to configure your redundand interface this way:

Add the GREEN stuff instead and of course adaptet VLAN ID, unit number and IP address according to your needs:

reth5 {
        vlan-tagging;
        redundant-ether-options {
            redundancy-group 1;
        }
        unit 0 {
            ##
            ## Warning: An interface cannot have both family ethernet-switching and vlan-tagging configured
            ##
            family ethernet-switching {
                port-mode trunk;
                vlan {
                    members [ vlan10 vlan11 vlan12 ];
                }
            }

            vlan-tagging;
            unit 10 {
                vlan-id 10;
                family inet {
                    address 10.0.10.1/24;
                }
            }
            unit 20 {
                vlan-id 20;
                family inet {
                   address 10.0.20.1/24;
                }
            }
       }             

}

Hi,

got it.Thanks!

The only advise you didn't give was to look for type-o's on my switch

The example you gave is what I tried first. Because of the type-o I was confinced the trunk wasn't working because of the missing port mode trunk statement. 

Case closed!

Hi there,

I'm now trying to set up the exact same scenario.

Is it true then that we do no need the "port mode trunk" statement for this to work?

Regards,

Paul