Hey guys, So I run SRX as my core firewalls, with EX8200's doing core switching and EX3300's doing access switching. I have two SRX's, two 8208's, and two 3300's at every cabinet. Spanning tree is a pain in my ass, especially since I have other environments setup the same way, just with smaller switches. Right now the SRX reth interfaces only come down as legs, not full mesh. The top of rack switches have only one link active at a time, legs. The interconnects between the core switches of different environments are legs, not full mesh due to spanning tree constraints (it closes the lag center trunk between the core switches).
It would be a lot easier if I could just VC the core and VC the access switch pairs so that multi-chassis lags can be run everywhere and I can for the most part cut spanning tree out of the picture and have greater link fault tolerance. How reliable is VC? I've really done my best to avoid it up to this point as I try to keep redundant systems as separate as possible so one doesn't take down the other. Then again, when it comes down to it my edge and core firewalls are all SRX clusters, so... :) lol I'm not really sure what kind of information I'm looking for here. I would just run 20G lags eveywhere instead of having 10G forward/blocking STP pairs. I don't really know how things work when a device fails, how fast convergence is, split brain scenarios etc. Any major lessons learned with this technology? I am aware that with the 8200's I would need the external SRE. Thanks, Morgan _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
