Juniper SRX 5800 HA pair with 20Gb lag

Juniper SRX 5800 HA pair with multi card, 20Gb lag

Welp…  Now you’ve gone and done it…  You Bought a hugely, massively, beast of a firewall and forgot to populate it with multiple 10 gigabit line cards.  That’s ok though.  You went out and bought some more so now you are skrate.

You may have read my previous two posts on the topic, if you haven’t, go back and check them out.

Part I

Part II

Now let’s get to the good stuff.  I think our final option here is to load these puppies up with some 10Gb line cards.  For this example I am going to use 4 in each SRX 5800.  (Remember to account for your SPCs, you can’t short change your session count either)  I am not going into the nitty gritty on SPCs here…. Just link aggregation at this point.

SO…Option 4 it is:

This option gives us 20Gb of throughput on reth0 and reth1 effectively making this a 20Gb firewall.  (assuming you have it connected to the internet and sessions coming into reth0 will egress reth1 and vice versa.)  Technically you could probably get more out of it, if each redundant ethernet interface was tagged with multiple zones and not all traffic flowed through BOTH reths.

Happy firewalling!

More to come:  Why the SRX 5800 may not make it too much longer.

Leave a Reply