Saturday, March 14, 2020

Juniper vSRX clustering between two hypervisors - confusion around Fabric and Control links

Hi, I am in the process of setting up a cluster of Juniper vSRX Firewalls. In order to provide HA each node of the cluster will be running on a separate hypervisor.

This is where the confusion arises. I've seen a similar deployment where one of the links was provided over a GRE tunnel between the two hypervisors, but I cannot remember if it was the Fabric or Control link?

Do both the links send large amounts of broadcast traffic or is one unicast that can be ran over the network rather than a tunnel?

If both are run over the tunnel, does this risk a split brain situation if the tunnel goes down?

Whats the best practise for this setup?

Cheers



No comments:

Post a Comment