Juniper MX/SRX/EX High Availability Infrastructure

Description

A key factor to provide services online is a high available network infrastructure. Our preferred way of such an implementation is with a Juniper Network Stack. In Figure 1 you can see an example network diagram on how to realise such a setup:

Figure 1: Example network diagram with Juniper devices

Each hardware is redundant, and connected by at least two connections to each other, providing the required high availability. Based on the figure above we see the following components from top to bottom:

Juniper MX

The Juniper MX routers are used as border components, connecting the network to the internet. This is done by multiple eBGP sessions to different Transit Providers. This setup provides a high redundancy to the internet and provide the possibility for best-cost route engineering. The two routers are also connected to each other by a redundant interlink, talking iBGP, so both routers know all external connected transit routes.

Juniper SRX

The Juniper MX routers are connected to Juniper SRX firewalls by a OSPF3 network. This provides flexible routing and redundancy between the MX and SRX devices. The routers inject only default routes into the OSPF network, to avoid overwhelming the SRX with too many routes: Routing path engineering should be done on the routers, not the firewalls. Both Juniper SRX firewalls are configured as chassis cluster and connected with a redundant interlink.

Juniper EX

Each Juniper SRX with connected to both Juniper EX switches by redundant connections. The Juniper EX switches are configured in a virtual chassis, providing high availability and simplified configuration.

Conclusion

Such a setup provides in a high available, scalable, and flexible network infrastructure. You need VLANs directly routed by the routers and not behind the firewalls? No problem, just add the switches to the OSPF3 network. An additional Transit Provider is required? No problem, just add it to one of the MX routers, or both if needed. Want to expand to a second datacentre? No problem, connect the routers between the datacentres to each other. They will learn the routes from each other. You could also add them to the OSFP3 network for more flexibility.

back to projects
  • Juniper MX
  • Juniper SRX
  • Juniper EX
  • Virtual Chassis