ScreenOS Firewalls (NOT SRX)
ScreenOS Firewalls (NOT SRX)

OSPF/BGP with multiple VSYSs

07.21.08   |  
‎07-21-2008 12:01 PM
I have a culster of ISG1000s on which I'm have configured multiple VSYSs, as well as OSPF and BGP (routing between the VSYSs as well as to the internet connection), and am running into some problems.  After going through the documentation, I'm reading that in order to run a routing protocol in conjunction with NSRP, I need to run NSRP in VSD-less mode.  I'm also reading that in order to run NSRP with multiple VSYSs, I need a VSD/VSI for each VSYS.  These two seem to be in conflict with each other.  Has anyone done this successfully or is this not possible?
5 REPLIES
ScreenOS Firewalls (NOT SRX)

Re: OSPF/BGP with multiple VSYSs

07.23.08   |  
‎07-23-2008 05:49 PM

Hi John,

 

What version of code are you running on the ISG?

 

Have a look at this KB and should give you the information you need.

 

http://kb.juniper.net/CUSTOMERSERVICE/index?page=kbdetail&article_id=KB11197

 

With the latest versions you can run NSRP and dynamic routing without using VSD-less.

 

Regards

 

Andy

 

 

JNCIS-FWV
JNCIA-WX
JNCIA-SSL
JNCIA-ER
ScreenOS Firewalls (NOT SRX)

Re: OSPF/BGP with multiple VSYSs

07.24.08   |  
‎07-24-2008 04:24 AM

Thanks Andy,

 

For a variety of reasons, we're running 5.4, but this may be a reason to upgrade.  I'll have to check into this more and see what impact it might have on other things.

 

John

ScreenOS Firewalls (NOT SRX)

Re: OSPF/BGP with multiple VSYSs

07.24.08   |  
‎07-24-2008 04:32 AM

No problem, what are your reasons for running 5.4? 6.x has been around for awhile now so pretty stable, 6.0 is the recommend release on Juniper's site at the moment.

 

Let me know if I can help

 

Andy

JNCIS-FWV
JNCIA-WX
JNCIA-SSL
JNCIA-ER
ScreenOS Firewalls (NOT SRX)

Re: OSPF/BGP with multiple VSYSs

07.24.08   |  
‎07-24-2008 06:10 AM
The biggest reason is that, from what I'm told, our management platform hasn't been upgraded to support 6.x yet, and there are too many other devices to just upgrade it without prior testing.  I think I'm going to push them to upgrade.
Highlighted
ScreenOS Firewalls (NOT SRX)

Re: OSPF/BGP with multiple VSYSs

07.24.08   |  
‎07-24-2008 07:08 AM

One more question Andy.

 

Is is indeed true that failover for custom VSYSs will not work in VSD-less mode?

 

Thanks for the help.

John