Juniper SRX Chassis Cluster + LACP Redundant Eth Interfaces

So a co-worker and I spent some time playing around with JunOS 11’s (I believe it came in with 11 – correct me if wrong) reth’s ability to now be LACP interfaces, as well as just plain redundant. It was not immediately clear how the switch was required to be set up in order to facilitate this new, awesome feature.

– This was used with a ex4200 virtual chassis cluster and SRX Chassis Cluster –

Here is how we got it happily working (assuming you have a chassis cluster up and running):

SRX Config:

set interfaces ge-2/0/0 gigether-options redundant-parent reth1
set interfaces ge-2/0/1 gigether-options redundant-parent reth1
set interfaces ge-2/0/2 gigether-options redundant-parent reth1
set interfaces ge-2/0/3 gigether-options redundant-parent reth1
set interfaces ge-11/0/0 gigether-options redundant-parent reth1
set interfaces ge-11/0/1 gigether-options redundant-parent reth1
set interfaces ge-11/0/2 gigether-options redundant-parent reth1
set interfaces ge-11/0/3 gigether-options redundant-parent reth1

set interfaces reth1 redundant-ether-options redundancy-group 1
set interfaces reth1 redundant-ether-options lacp passive

EX Config:

set interfaces ge-0/0/0 ether-options 802.3ad ae1
set interfaces ge-0/0/1 ether-options 802.3ad ae2
set interfaces ge-0/0/2 ether-options 802.3ad ae1
set interfaces ge-0/0/3 ether-options 802.3ad ae2

set interfaces ge-1/0/0 ether-options 802.3ad ae2
set interfaces ge-1/0/1 ether-options 802.3ad ae1
set interfaces ge-1/0/2 ether-options 802.3ad ae2
set interfaces ge-1/0/3 ether-options 802.3ad ae1

set interfaces ae1 aggregated-ether-options lacp active
set interfaces ae2 aggregated-ether-options lacp active

Now we have LACP bandwidth and redundancy – Either the switch or SRX can die, in theory.

* Have not tested the failover yet – But will before this set up goes to production – Will update the post *

 

Author: cooperlees

Nerd @ instagram

9 thoughts on “Juniper SRX Chassis Cluster + LACP Redundant Eth Interfaces”

  1. We tried same configuration between SRX650 cluster and EX3200 switch but have not succeeded. Agreegated interfaces never came up. Can you suggest anything?

    Like

  2. Hi Baris,

    You will need two AE’s (ae0 for one SRX and a ae1 for the other SRX). on your ex3200. What does ‘show lacp interfaces’ show? That may also help. Also make sure your ae’s on the EX and the reth on the SRX has lacp enabled and is in active mode.

    Like

  3. Hi cooper,

    I’ve just implemented this on using JunOS 11 on a pair of clustered SRX240s.
    The config seems to apply OK but I can’t get the lacp links to come up. (Connected to EX2200s)

    I don’t know if it’s because I have vlan-tagging enabled on the reth interface. I had this configured with a single physical link and was doing inter-VLAN routing on the single interface. Ideally I’d then like to add more links to increase bandwidth but keep the inter-VLAN routing.

    Have you tried this?

    Thanks for a very helpful post anyway. Much appreciated.

    Like

  4. Cooper – just to let you know I got it going…
    It was the EX config that was letting me down. I had not configured the: set chassis aggregated-devices ethernet device-count X
    correctly on the switches so the “other” ae on the switch wasn’t coming up, so the SRX had no chance! 🙂

    Like

  5. Hi Cooper,

    I have 2 SRX650, Active/passive would like to aggregate the ports connecting to my 2 cisco switch (3560)

    FW1 – ge2/0/1, ge2/0/9 –0– connected to sw1 gi0/1, gi0/2
    FW2 – ge11/0/1, ge11/0/9 –0– connected to sw2 gi0/1, gi0/2

    ports will be under in reth6 and WAN security zone.

    Will this work? Will fw build the ether-channel according per node? whenever which firewall is active.

    —–fw1/fw2 cluster———-
    set interfaces ge-2/0/1 gigether-options redundant-parent reth6
    set interfaces ge-2/0/9 gigether-options redundant-parent reth6
    set interfaces ge-11/0/1 gigether-options redundant-parent reth6
    set interfaces ge-11/0/9 gigether-options redundant-parent reth6

    set interfaces reth6 redundant-ether-options redundancy-group 1
    set interfaces reth6 redundant-ether-options lacp active
    set interfaces reth6 unit 0 family inet address 10.163.14.81/28

    set security zones security-zone Regional-WAN screen All-Zone-screen
    set security zones security-zone Regional-WAN host-inbound-traffic system-services all
    set security zones security-zone Regional-WAN host-inbound-traffic protocols all
    set security zones security-zone Regional-WAN interfaces reth6.0

    —-cisco switch——

    sw1
    interface GigabitEthernet0/1
    description Uplink To fw1 ge2/0/1
    switchport access vlan 100
    switchport mode access
    speed 1000
    duplex full
    channel-group 1 mode active
    !
    interface GigabitEthernet0/2
    description Uplink To fw1 ge2/0/9
    switchport access vlan 100
    switchport mode access
    speed 1000
    duplex full
    channel-group 1 mode active

    sw2
    interface GigabitEthernet0/1
    description Uplink To fw2 ge11/0/1
    switchport access vlan 100
    switchport mode access
    speed 1000
    duplex full
    channel-group 1 mode active
    !
    interface GigabitEthernet0/2
    description Uplink To fw2 ge11/0/9
    switchport access vlan 100
    switchport mode access
    speed 1000
    duplex full
    channel-group 1 mode active

    Like

  6. Hi Cooper,

    i have almost same setup 2x srx650 active standby and connected to 2 x cisco switch i would like to enable etherchannel.

    fw1 – ge2/0/0, ge2/0/9 –0– sw1 gi0/1 gi0/2
    fw2 – ge11/0/0, ge11/0/9 –0– sw2 gi0/1 gi0/2

    each 2 port is assigned reth 6 and WAN Zone

    my question is juniper will able to detect which group of ports will form the etherchannel connected to switches?

    —fw1/fw2 cluster———-
    set interfaces ge-2/0/1 gigether-options redundant-parent reth6
    set interfaces ge-2/0/9 gigether-options redundant-parent reth6
    set interfaces ge-11/0/1 gigether-options redundant-parent reth6
    set interfaces ge-11/0/9 gigether-options redundant-parent reth6

    set interfaces reth6 redundant-ether-options redundancy-group 1
    set interfaces reth6 redundant-ether-options lacp active
    set interfaces reth6 unit 0 family inet address 10.163.14.81/28

    set security zones security-zone Regional-WAN screen All-Zone-screen
    set security zones security-zone Regional-WAN host-inbound-traffic system-services all
    set security zones security-zone Regional-WAN host-inbound-traffic protocols all
    set security zones security-zone Regional-WAN interfaces reth6.0

    Like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s