LACP on LAG in ICOS and reth in Juniper SRX series firewalls.

A typical trouble when connecting an ICOS-loaded switch to a couple of Juniper SRX series firewalls is that reth interface connected to a LAG group doesn’t provide load balancing and redundancy.

This usually happens due to an unsupported topology by Juniper, as in the Example A.

Example A:

ICOS Config:

interface 0/1-0/2
addport lag 1
interface lag 1
no port-channel static
switchport mode trunk

SRX Config:

set interfaces ge-3/0/0 gigether-options redundant-parent reth1
set interfaces ge-15/0/0 gigether-options redundant-parent reth1
set interfaces reth1 redundant-ether-options redundancy-group 1
set interfaces reth1 redundant-ether-options minimum-links 1
set interfaces reth1 redundant-ether-options lacp passive
set interfaces reth1 redundant-ether-options lacp periodic slow

Topology:

SRX (ge-3/0/0) is connected to Aurora (interface 0/1)
SRX (ge-15/0/0) is connected to Aurora (interface 0/2)

 

lacp_icos_juniper_1

 

Explanation:

The Aurora switch interfaces are in one LACP group and it is supposed to load balance; which means that it will send one packet to ge-3/0/0 and the next packet to ge-15/0/0, towards the SRX.

Assume that Node0 is active, the first packet sent to ge-3/0/0 will go through and the packet to ge-15/0/0 will be dropped as Node1 is passive.

 

Example B:

ICOS Config:

interface 0/1-0/2
addport lag 1
interface lag 1
no port-channel static
switchport mode trunk


interface 0/3-0/4
addport lag 2
interface lag 2
no port-channel static
switchport mode trunk

SRX Config:

set interfaces ge-3/0/0 gigether-options redundant-parent reth1
set interfaces ge-3/0/1 gigether-options redundant-parent reth1
set interfaces ge-15/0/0 gigether-options redundant-parent reth1
set interfaces ge-15/0/1 gigether-options redundant-parent reth1
set interfaces reth1 redundant-ether-options redundancy-group 1
set interfaces reth1 redundant-ether-options lacp passive
set interfaces reth1 redundant-ether-options lacp periodic slow

Topology:

LAG1:
SRX (ge-3/0/0) is connected to Aurora (interface 0/1)
SRX (ge-3/0/1) is connected to Aurora (interface 0/2)

LAG2:
SRX (ge-15/0/0) is connected to Aurora (interface 0/3)
SRX (ge-15/0/1) is connected to Aurora (interface 0/4)

lacp_icos_juniper_2

NEWS

Latest news

Netberg launches Aurora 810 platform for next-generation networks

Taipei, Taiwan, 14th of November 2022. Netberg announced the new Aurora 810 400G model programmable switch with Intel Tofino 2 Intelligent Fabric Processors (IFPs) at its heart. The new platform has 32x 400G QSFP-DD Ethernet ports and a 12.8Tbps switching capacity.

Fast Forward Initiative 2022.

Taipei, Taiwan, 24th of October 2022. Netberg participates in the new round of the Fast Forward Initiative by Intel (FFI'22). The program supports academic and research organizations today, aiming at accelerating tomorrow's best network programmability research.

Launch of SONiC distribution by Netberg.

Taipei, Taiwan 13th of July 2022. Netberg launches its hardened SONiC distribution for Intel Tofino and Marvell Teralynx platforms.

Official SONiC support for the Innovium Teralynx platforms.

Taipei, Taiwan 8th of November 2021. Netberg’s SONiC platform code for Aurora 715 and Aurora 615 Innovium Teralynx-based switches is accepted into the official GitHub repository.

Netberg introduces Innovium Teralynx-based platforms

Taipei, Taiwan 1st of June 2021. Netberg, a leading open networking vendor, announces two new Aurora 715 and Aurora 615 models - high-performance 25/100G switches for future-proof Cloud, Enterprise, and Edge data centers.

Netberg Launches Custom Networking Solutions

Taipei, Taiwan 17th of November 2020. Netberg announces new services - custom networking software and hardware development.

Address: 10F, No. 111-3, Xiyuan Road, Zhongli District, Taoyuan City, 320 Taiwan R.O.C.
Tel: + 886-3-2609203
Email: sales@netbergtw.com