Tuesday, September 29, 2009

Deploy SRX Cluster Across Layer 2 Network


The SRX3400/3600 and the SRX5600/5800 can be deployed over a layer2 network. For this there is a nice guide line available by juniper. (SRX Series Services Gateways Cluster Deployment Acrosss Layer 2 Networks)

I did this with srx3400 on a layer2 cisco network and had some problems. The cisco l3 switches seem to check l3 traffic even if there are in a layer2 deployment. There the jsrp uses ip header for there traffic, these switches can block this traffic.

This means your jsrp will not work.

Here the commands you have to do, to disable these layer3 checks on cisco.

On a Cat 6500

- no mls verify ip checksum
- no mls verify ip length
- no mls verify ip same-address

For other cisco switches it seems the following command:

- no ip verify header vlan all

Kind Regards,