A reth interface is essentially an aggregated ethernet interface except only half are active at any one time. So the difference is (almost, practically) zero.
As to loopback termination, I've not actually tried it. I believe (without trying or any actual data) that it requires the actual physical outbound interface (or reth). Aaron On Apr 3, 2013, at 2:12 PM, OBrien, Will wrote: > Hey guys, I'm building a new cluster of SRX 5800s and prepping to move > several VPN tunnels to it. All of them are ike/ipsec. > > I built a test site on a SRX210 and configured a tunnel between it and my > cluster. My tunnels aren't coming up on the 5800 side at all. > I'm using Agg Eth interfaces on each chassis cluster member since they are in > diverse locations and the ciscos they connect to aren't configured for VPC > pairing. > > Basically, I've got a 20Gb Agg link up and down from each cluster member. Up > heads to my DMZ/Internet and Down goes to the client core. (and a 20Gb lane > between the cluster members) > > In checking my documentation on VPN tunnels, I found this gem: > http://kb.juniper.net/InfoCenter/index?page=content&id=KB19829&actp=search&viewlocale=en_US&searchid=1365002153257 > > Apparently, high end SRX isn't supporting IKE unless it's via a RETH > interface. <RANT> WHAT THE FREAKING HELL</RANT> > > So, after some work with JTAC to validate my working plan, we configured our > agg links as reth interfaces, which have two members off the same chassis to > work around the restriction. > > I now have tunnels talking to my new "reth" interfaces, but I'm incredibly > displeased that I can't just terminate those on a loopback. > > > Are there any angles I'm missing on this? I can mostly live with the altered > configuration. Luckily I planned to transition my vpn tunnels first, so I was > able to reconfigure my DMZ uplinks without incurring an outage. > > > > _______________________________________________ > juniper-nsp mailing list juniper-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/juniper-nsp _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
