Switching with a pair of 240s (and 650s) is supported in 11.1R3 and
later, but it does not work with the smaller branch boxes. You need (at
least) one extra cable between the boxes dedicated to switch traffic.
Have not tried it myself, but it is in the release notes.
Is this extra cable b/t the boxes a "fabric" or "stacking" connector of sorts?
In the application I had in mind, I will be using (2) NICs from each server
using the Intel Pro/1000 ET's VMLB (virtual machine load balancing) feature.
VMLB requires a "stacked switch" to work properly when you distribute the
connections across multiple switches (that is, they must "look" like a single
switch).
- Can the SRX be used as a multi-tenant firewall to provide distinct
L3 public IP subnets on VLAN interfaces, with their own set of unique
firewall rules, and the possibility of overlapping Untrust IP networks
(e.g. multiple customers have 192.168.1.0/24), AND the ability to
terminate IPSEC VPN tunnels on these VLAN interfaces? (I'm looking for
something to provide multi-tenant firewall services to a small Cloud
hosting infrastructure)
Most of these things I have done extensively without problems, but for
one item, which I have not been able to verify. In 10.2 it was not
possible to terminate an IPsec VPN tunnel on an RVI (Routed VLAN
interface), only on normal interfaces. I do not know if that limitation
has been lifted.
The vSYS (or whatever the SRX calls them) would work well for my application,
but I just wish it supported more than 20 (and the SRX 650 is very expensive for
just an increase in the # of vSYS).
--Mike
_______________________________________________
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
