Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
ON THIS PAGE
 

Device Redundancy Support Overview

Contrail Service Orchestration (CSO) provides support for spoke device redundancy for large enterprise SD-WAN branch sites. You can configure an SD-WAN site with two CPE devices to act as primary and secondary devices and protect the site against device and link failures. If the primary device fails, the secondary device takes over the traffic processing.

Note:

You must use the same device model for both primary and secondary devices and the devices must have the same version of Junos OS installed.

The following SD-WAN features are not supported for device redundancy:

  • LTE WAN backup link

  • Service chain support

Note:

Device redundancy is supported only on SD-WAN deployments.

Prerequisites for SRX Series Firewalls

The prerequisites to configure an SD-WAN site with dual CPE SRX Series Firewalls are as follows:

  • For SRX Series, you need to form the cluster manually by connecting two SRX Series Firewalls together using a pair of the same type of Ethernet connections. To create an SRX cluster, see Chassis Cluster Feature Guide for SRX Series Devices.

  • Log in to any one of the SRX Series Firewalls, copy the Stage-1 configuration from the Sites page and paste it into the console screen and commit the configuration.

Supported Connection Plans

The following connection plans are supported for device redundancy:

  • Dual NFX250 as SD-WAN CPEs—Supports dual CPE NFX Series devices on an SD-WAN site.

  • Dual SRX as SD-WAN CPEs—Supports dual CPE SRX Series Firewalls on an SD-WAN site.

  • Dual SRX4x00 as SD-WAN CPEs—Supports SRX 4100, SRX4200, and SRX4600 devices as dual CPE devices in an SD-WAN site.

Create and Configure an SD-WAN Site

You can create and configure an SD-WAN site with dual CPE devices and the two devices back up each other, with one node acting as the primary device and the other as the secondary device. The workflow to add and configure a site with dual CPE devices is similar to the single CPE device. For more information about creating and configuring a site with dual CPE devices, see Add a Branch Site with SD-WAN Capability.

Dual CPE Devices Logical Topology for NFX Network Services Platform

Figure 1 shows the logical topology of the NFX Series dual CPE devices.

Figure 1: Dual CPE Device Topology - NFX Network Services PlatformDual CPE Device Topology - NFX Network Services Platform

You can form a cluster using two NFX Series devices. The front panel ports of the NFX Series devices are used to interconnect two NFX Series devices and to carry the control and fabric interconnect traffic between the two NFX250 devices.

The Junos Control Plane (JCP) component acts as a switch, controls the front panel ports, and sends the traffic which arrives from the LAN or WAN to the NFX Series devices. On the LAN, the active/backup mechanism is used and if the primary device fails, the secondary device takes over processing of traffic. On the WAN, the active/active mechanism is used and all four WAN links are active and distributed across two NFX Series devices.

Dual CPE Devices Logical Topology for SRX Series Gateway Devices

Figure 2 shows the logical topology of the SRX Series dual CPE devices.

Figure 2: Dual CPE Device Topology - SRX Series FirewallsDual CPE Device Topology - SRX Series Firewalls

You can form a cluster using two SRX Series Firewalls. A chassis cluster is formed between these nodes and performs as a single logical router. On the LAN, the active/backup mechanism is used and if the primary device fails, the secondary device takes over traffic processing. On the WAN, the active/active mechanism is used and all four WAN links are active and distributed across two SRX Series Firewalls.

Related Documentation