Hi Morgan, > Just curious if anybody knew of a way to create a full mesh on SRX clusters > that don't support layer 2 RSTP, ie SRX3400 cluster?
Yes, but it requires your switches to be a virtual-chassis, or support some equivalent like MC-LAG. > At present, a reth1 group we use hosts gateways for different environments, > and there is a 10gig port on node 0 and a 10gig port on node 1. Considering > we have mesh links everywhere else, and have two core switches downstream > from the SRX cluster, this is a bit of a bottle neck and makes it so we > have Node 0 to switch a, node 1 to switch b with no mesh. Is this all that different from a meshed STP design? If one of your switches is the root (or it's in that general direction) only a single link will be in a forwarding state from the firewall anyway (to either a OR b depending which is the root bridge or closest to it), and only the primary firewall will be performing L3 (and thus forwarding) LACP and sub-lags seem more intuitive to me - no STP blocking and you can mesh to your heart's content without wasting as much capacity, provided your downstream devices are logically unified. Ben _______________________________________________ juniper-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/juniper-nsp
