Example: IDP Series HA Design for IDP8200 with 10 Gigabyte Interfaces (STP)

Due to a hardware limitation, we do not support interface signaling or peer port modulation for IDP8200 10 gigabyte fiber interfaces. You can deploy these devices in a redundant path deployment that uses Spanning Tree Protocol (STP). The following sections provide details:

Topoloogy

Figure 12 shows a switch deployment with redundant paths to the Internet. One path is active and the other is passive.

Figure 12: Redundant Path Design: IDP8200 in a Switch Deployment

Image g036669.gif

If the IDP Series device becomes a point of failure, the switches participating in STP can detect this and send traffic along the alternate path.

Note: This is the same topology as Example: IDP Series HA Design with a Juniper Networks EX Series Switch.

Deployment Steps

To deploy this solution, follow these basic steps:

  1. Set up and configure the EX Series devices using the documentation that came with your switch. Note the following requirements.

    Table 11: Switch Configuration Guidelines

    Component

    Guideline

    Switch

    Connect IDP Series traffic interface pairs to the EX switch ports so that the IDP Series deployment is transparent to the original network path. For example, assume the switches are configured so that Switch 1 interface ge-0/0/24 is connected to Switch 2 interface ge-0/0/23. Assume you place the active IDP Series device between Switch 1 and Switch 2. In this case, you connect IDP Series eth2 to one side and eth3 to the other. For example, you connect the IDP Series eth2 to ge-0/0/24 and eth3 to ge-0/0/23.

    Failure detection mechanism

    Implement STP. For information on Junos OS spanning tree protocol, see the EX Series documentation.

    Do we have a configuration we can show here?
  2. Set up and configure the IDP Series devices. Note that interface signaling and peer port modulation must be disabled when deploying the IDP8200 with 10 gigabyte fiber interfaces.

    Table 12: IDP Series Configuration Guidelines

    Component

    Guideline

    IDP Series device hardware

    Use a cross-over cable to connect one device HA port to the other HA port.

    Cluster

    Same as in the firewall topic. I will copy after incorporating review comments.

    State sync

    Same as in the firewall topic. I will copy after incorporating review comments.

    Layer 2 bypass

    Use ACM to enable Layer 2 bypass.

    Interface signaling

    Must be disabled.

    In the user_funcs file, comment the ha_interface_signal setting or change it to 0, as highlighted in the following example:

     #########################################################################
    #                             VARIABLES
    #########################################################################
    
    [...]
    #Enable or disable interface based third-party HA signaling
    
    #Enable or disable interface based third-party HA signaling
    #Setting this variable to 1,indicated that interface based
    #HA signaling should be used, and setting it to 1 indicates
    #to block STP and similar kind of traffic to enable traffic
    #switch-over by third-party HA devices.
    
    export ha_interface_signal=0
    
    # 'max_intf_recv_failed_cnt_nicbypass' - The maximum count value for any
    # data interface indicating the number of times the packet could not
    # be received by that interface. If the count for any interface reaches
    # this value nicBypass gets triggered.
    #  **WARNING**: Changing the value would require running 'idp.sh restart'.
    
    export max_intf_recv_failed_cnt_nicbypass=18
    
    # Define SCIO
    SCIO=/usr/idp/device/bin/scio
    

    Peer port modulation

    In ACM, ensure PPM is disabled.

Related Documentation