SRX Services Gateway
SRX Services Gateway

SRX switching functionality

03.01.10   |  
‎03-01-2010 03:32 AM

Can i use SRX240 as a switch ,

lets say i have 10 servers ,5 connected to SRX1 and 5 connected to SRX2.

Each SRX has its own ISP connection and range of public addresses(which are to be mapped back to the servers behind SRX,and IP from both ISPs might end up on same server for redundancy).

to put things very straight forward, i am looking into something like this

 

                    SRX1        SRX2

                       |                 |

                       |                 |

               ==== SWITCH====

                           |        |

                         SERVERS

 

=================================

In the above diagram i want to remove the switch and utilize the internal ports of SRX by interconnecting its ports.

Would that offer  a similar functinality as above.

 

                    SRX1        SRX2

                       |_______|

                       |                |

                       SERVERS

 

 

 

Thanks

 

 

 

7 REPLIES
SRX Services Gateway

Re: SRX switching functionality

03.01.10   |  
‎03-01-2010 10:09 PM

any comments !!!

SRX Services Gateway

Re: SRX switching functionality

[ Edited ]
03.02.10   |  
‎03-02-2010 02:27 AM

The answer is "yes" with a "but" at the end.

 

Yes, you can configure the SRX as a switch. You can put various ports is separate VLANs and route between them. Example:

 

# connection to other SRX

set interfaces ge-0/0/0 unit 0 family ethernet-switching port-mode trunk

set interfaces ge-0/0/0 unit 0 family ethernet-switching vlan members all

# connections to servers
set interfaces interface-range MyServers member ge-0/0/1

set interfaces interface-range MyServers member ge-0/0/2

set interfaces interface-range MyServers member ge-0/0/3

set interfaces interface-range MyServers member ge-0/0/4

set interfaces interface-range MyServers unit 0 family ethernet-switching vlan members ServerVLAN

set interfaces vlan unit 10 family inet address 172.16.10.1/24

set vlans ServerVLAN l3-interface vlan.10

set security zones security-zone trust interfaces vlan.10

 

But, keep in mind the SRX240 only supports a max throughput of 1.5 Gbps (1.5G for large packets and 500M for mix). I don't know what your current switch backplane capacity is but you MAY be introducing a bottleneck if you go that route. I would be interested to hear about your results.

 

Warm regards,

John

JNCIS-ER et al.

 

Highlighted
SRX Services Gateway

Re: SRX switching functionality

03.02.10   |  
‎03-02-2010 09:34 AM

AFAIK the L2 switching is performed at wirespeed by the SRX240 ge ports. The performance penalty comes when you "route" (packet/flow forwarding) the IP packets.

 

But keep in mind that L2 swicthing features are not available when you join to individual SRX240 in a single "Chassis Cluster"

SRX Services Gateway

Re: SRX switching functionality

[ Edited ]
03.02.10   |  
‎03-02-2010 01:59 PM

So you can probably have good throughput on all devices that are in all the same VLAN but if you add a second or thrid VLAN you will get the performance hit for traffic between VLANs.

 

xhome, I am not sure what you mean by a "single chassis cluster" but I do have a customer that is using the switching feature on a single SRX240 chassis. What are the limtations? 

 

John

SRX Services Gateway

Re: SRX switching functionality

03.02.10   |  
‎03-02-2010 09:41 PM

thanks jmistichelli and xhoms for your valuable input.

 

SRX Services Gateway

Re: SRX switching functionality

03.03.10   |  
‎03-03-2010 06:42 AM

"Chassis Cluster" is an SRX software features that allow you to join to SRX240 devices into a single "cluster unit".

 

A Single SRX240 is a FW that has 5 slots

- slot 0: the base slot

- slot 1: the first miniPIM

- slot 2: the second miniPIM

- slot 3: the third miniPIM

- slot 4: the fourth miniPIM

 

A SRX240 "Chassis Cluster" is a FW (setup by 2 SR240 units) that has 10 slots

- slot 0: the base slot of the node 0

- slot 1: the first miniPIM  of the node 0

- slot 2: the second miniPIM  of the node 0

- slot 3: the third miniPIM  of the node 0

- slot 4: the fourth miniPIM of the node 0

- slot 5: the base slot of the node 1

- slot 6: the first miniPIM  of the node 1

- slot 7: the second miniPIM  of the node 1

- slot 8: the third miniPIM  of the node 1

- slot 9: the fourth miniPIM of the node 1

 

More info at http://www.juniper.net/techpubs/software/junos-security/junos-security10.1/junos-security-swconfig-s...

SRX Services Gateway

Re: SRX switching functionality

03.10.10   |  
‎03-10-2010 09:05 AM

Can anyone confirm if this http://forums.juniper.net/t5/SRX-Services-Gateway/DHCP-discover-fails-in-a-RVI-bridge-group/m-p/3099... is still a problem on 10.1?

 

I currently have 10.0r2 on a SRX-100 and whilst the other ports in the RVI / bridge group pass most traffic fine, they never get a response to a DHCP discover. The problem is definitely the SRX-100, since I can connect to an upstream switchport and get a DHCP lease with no problem.

 

I'll try out 10.1 in the next few days... fingers crossed.