Tip for Juniper SRX Dual WAN I

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
Torro values have done here welcome to stallion tips and tricks video series today we are going to discuss jeany perez r ex deal one configuration techniques as we all know the old one is worry spreaded configuration across whole countries many of customers use they their backup internet connection in case the primary connection fails like for the backup traffic also I decide with Ian's GRE and all other kinds of traffic may fail over to the backup connection in case the primary connection is lost and many vendors like Gina Francisco checkpoint follow-up networks and many more they have solutions for deal 1 configurations already built-in and their routers and firewalls some some of them don't and they post those solutions in configuration templates in knowledgebase and their internet web pages and juniper juniper also has the open configuration posted in the the knowledge base but we in Stallion discovered that this configuration has many disadvantages and so this tips and tricks video idea is to show you guys proper configuration for dual one technique what you see here is the dual one configuration example for JC RS and this reacts firewalls without the use of dynamic routing protocols ok juniper has 4 interfaces first one interface belongs to the trust zone Network second one belongs to DMZ zone network and also there are two internet service provider interfaces if Fast Ethernet 0:06 and fast ism at 0:07 the requirements we have in here is that engage the Internet service provider one interface goes down the trust DMZ zone should address out ISP - instead if it returns then trust in DMZ zone should revert back for using the sp1 again well here's the posted solution and as we see in here the way juniper solves the issue is that it configures several rotating instances right here we have free rotating instances first rotating instance is at the default routing instance that and this one is not listed in here default routing instance is configured a bow here it is and it has static wrote pointing to the primary next hope Internet service provider one default gateway and it has also the qualified next hope pointing to the internet service provider to default gateways preference 10 as we know the static Road preference by default is 5 so the lowest preference is chosen in case the interface is alive so the ISP one interface is actually belongs to the default routing instance and this is the core of the problem juniper juniper has second internet service provider instance is defined explicitly it has the interface it has routing options and it also has vice versa vice versa static route configuration the static Road in here is pointing to the internet service provider to default gateway and it also has qualified next hope with preference 10 pointing to the Internet service provider one default gateway in the default rolling instance internal network interfaces LAN interface and DMZ interface recite and explicitly defined instance ID virtual routing instance interface roads are populated into the inside routing instance table so the other ISPs do have those direct roads in virtual instances we also have one forwarding grouting instance but actually this routing instance is not necessary in case you don't have any additional roads in the inside routing instance the problem with this configuration is that the DHCP cannot be used in internal network I mean that s Rick's firewall cannot provide the HTTP server because the DHCP server can be configured only in the default routing instance and as we have seen the default routing instance belongs to the Internet service provider one interface and virtual router also you cannot manage firewall from both IP addresses simultaneously if the ISP one link is top then the author ISP is unresponsive all module one configuration should be symmetric enhance that most ISPs interfaces and virtual routers should be explicitly defined as we see here we have to wrote in instances well actually they're pretty rugged instances first one is for Internet service provider one in case Internet service provider interface pointing directly to the default gateway it has the same it explicitly defined a static wrote default default route with whole default gateway from the ISP and the qualified next hope at the same preference as the cheaper solution does to the second ice P and ice P 2 is the same as in the junipers example what we have rotating options this is the this is the default routing instance and all other interfaces which are not explicitly defined in the previous rolling instances belong here for example we have 6 interfaces first one is the one interface local item network other one is the DMZ interface then we have internet service provided warnings are facing to the service part and to interface loopback interface and the secure tunnel interface for their weekend long games it looked back and secure tunnel interface the long term default routing instance ice P one interface blocks to the ice P 1 virtual rotor and ice be to interface belong to them in ice 2 virtual roller so basically in rolling options for the people rolling interface we have a static road pointing to the next table is p1 I net 0 this means that all traffic should go into the is p1 virtual rotor in case it is available if the is p1 interface is offline then the traffic goes to the next table anyway what we see in here is that qualified next hope is now active and the qualified next hope transfer to traffic to the high-speed to virtual router and it has own default gateway pointing to the Internet if they interface those online again then the traffic will never reach is p2 it will go directly to the ISP one default gateway we have only one exception and this is exception is for the directly connected roles so here is the routing table this is the i-90 routing table as we see here next table I'm at zero all other are directly and direct and local rules so for directly connected routes in case we want to reach for instance these address then we have the local connection where the fact is an IDE interface so if you want to reach subnet then we have the direct connection through the fast isn't as 0:07 interface and how it works I will show you
Info
Channel: Stallion AS
Views: 8,050
Rating: 4.0588236 out of 5
Keywords: Movie
Id: J8wrwe1qOcA
Channel Id: undefined
Length: 10min 21sec (621 seconds)
Published: Mon Apr 11 2011
Related Videos
JNO-333 Part 21: Chassis Cluster configuration on juniper vSRX frewall
m c
2.2K
Beginner's Guide to Christmas Lights - and LED Shows for Every Holiday
DrZzs
729K
Cisco router and 2 ISP
Viatcheslav Lokhturov
707
The Junos CLI | Introduction to Juniper and JNCIA Part 2
Network Direction
7.1K
Configuring Load Balancing Using J Web
JuniperNetworks
899
5 Years Living Off Grid Building A Sustainable Smallholding
Kris Harbour Natural Building
2.6M
What is SD-WAN?
Silver Peak
171K
20 Disney Rides That Had to Close (and Why)
DFBGuide
460K
Dual WAN Configuration on RV0xx Series Routers
Cisco
135K
How to Install Central Air Conditioning
alpinehomeair
718K
Juniper Networks Certification Program Overview
JuniperNetworks
6.3K
Another one from the 2021 US Trials
Gavin Wolpert
732
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.