Aruba & ProVision-based
1748051 Members
4980 Online
108757 Solutions
New Discussion юеВ

Re: Dual 5412zl solution

 
iTekz
Occasional Contributor

Dual 5412zl solution

Hello everyone,

One of our clients has got a new HP solution with 2 5412zl core switches and 2920 for access layer switching.

Our client is pushing their standards of network configuration and also providing for the firewalls. They have 2 pair of Juniper Firewalls in HA mode.

The problem is they don't want the 5412 to apply routing at all as they are going to do so inside the Juniper devices.

My question is, as they got 2 5412 and want redundancy, what other options rather than VRRP I have to do so?

VRRP requires that 5412 deploy routing and also I need IP addresses setup in VLAN interfaces. What other redundancy solution can I provide for them with this equipment.

 

THank you,

4 REPLIES 4
parnassus
Honored Contributor

Re: Dual 5412zl solution

Redundancy to what (and where) exactly?


I'm not an HPE Employee
Kudos and Accepted Solution banner
Ian Vaughan
Honored Contributor

Re: Dual 5412zl solution

Hi 

Are the switches the new 5412R type?

If so you may have a clustering option with VSF 

Have a look here 

Thanks

Ian

Hope that helps - please click "Thumbs up" for Kudos if it does
## ---------------------------------------------------------------------------##
Which is the only cheese that is made backwards?
Edam!
Tweets: @2techie4me
iTekz
Occasional Contributor

Re: Dual 5412zl solution

Redundancy between the 2 5412 and the Juniper firewalls.

One Firewall will be connected to each of the 2 5412. But the client doesn't want to deploy routing in the switches, they want to do it with the Juniper Firewalls.

Basing on that, what would be the best way to squeeze the equipment?

As they don't want to route in the 5412's I cannot apply VRRP.

parnassus
Honored Contributor

Re: Dual 5412zl solution

Each Juniper Firewall HA's member should be concurrently connected to both the two downstram 5412 zl Switches (provided that those two downstream Switches can form a sort of HA cluster too...so they can be seen from the Juniper Firewall HA stack as a single logical virtual switch <- that's because @Ian Vaughan asked you by mentioning a possible VSF Virtual Switching Framework implementation on HPE/Aruba 5400R zl2 with v3 Modules)...because, if you physically connect then only one Juniper Firewall HA's member - as you've written - to both the downstream Switches leaving the other HA member out-of-the-picture...and the connected member (actual Active) eventually fails, then the physical connectivity to the new elected Active member (the Juniper Firewall HA's member that is/become the new active or the Juniper Firewall HA's member to which the failover happens) will not be available...because it wasn't physically deployed...so any good proposition to set up an HA scenario between the Juniper Firewall HA stack and the downstream Switches stack will fail very shortly...isn't that right?


I'm not an HPE Employee
Kudos and Accepted Solution banner