High Availability

Dynamic routing protocol support for IPsec VPN in Multinode High Availability (SRX1500, SRX4100, SRX4200, SRX4600, SRX5400, SRX5600, SRX5800, and vSRX3.0)—Starting in Junos OS Release 23.2R1, you can enable dynamic routing protocols for IPsec VPN in a Multinode High Availability setup by configuring node-local tunnels.

To configure node-local tunnels, you must specify the set security ike gateway <name> node-local statement in the IKE gateway configuration on both the SRX Series Firewalls in a Multinode High Availability setup.

With dynamic routing protocols, you can add and remove IP prefixes in the network and automatically redistribute the prefixes to the network peers without changing the traffic selector configuration.

See [IPsec VPN Support in Multinode High Availability].

Configure BFD size to support large packets (MX204, MX240, MX480, MX960, MX10003, MX10004, MX10008, MX10016, and MX2008)—Starting in Junos OS Release 23.2R1, you can adjust the size of the BFD protocol data units (PDUs) with the pdu-size configuration statement at the [edit protocols ospf area area interface interface bfd-liveness-detection] hierarchy level. You can configure the BFD PDU size from the default of 24 bytes up to a maximum of 9000 bytes.

[See Understanding How BFD Detects Network Failures.]

MPLS fast reroute for SR tunnels using S-BFD (MX240, MX480, MX960, MX10003, MX10004, and MX10008)—Starting in Junos OS Release 23.2R1, we support MPLS fast reroute for segment routing (SR) tunnels configured with Seamless BFD (S-BFD). When S-BFD detects a path failure for an SR tunnel, the MPLS FRR feature provides fast traffic recovery. Use the sbfd-frr configuration statement at the [edit protocols source-packet-routing] hierarchy level to enable S-BFD FRR support.

[See Fast Reroute Overview.]