HI All,
I need some guidance. I have a client we are replacing a Palo Alto single unit with and SRX cluster. They also have dual ISP's. The ISP feeds are currently connected to their own Cisco router with BGP that is setup and functioning.
We built the cluster with 3 reth interfaces. Once for ISP A and one for ISP B and the other for the LAN, then the control anf fabric links.
We had the 2 ISP feeds uplinked from the routers into a Layer 2 swicth so that traffic could flow and when BGP kicked in that ISP B could route that IP subect through reth2.
We went into prodcution and after 2 days they called with issues. We determined that we were dropping packets every 5 to 10 minutes.
We believe the issue is due to both ISP feeds being in the same VLAN. When we seperate the ISP feeds and reth into seperate VLANs all works clean expect we don't have any way to route traffic from ISP A to the ISP B reth in a BGP failover situation.
So not sure how to get that traffic to move from ISP A to ISP B in a BGP failover. Also I considered moving BGP and the ISP feeds into the SRX units and remove the Cisco routers. But that seems like a bigger undertaking at this point since BGP is working accross the Cisco routers.
Help would be GREATLY apprechiated.
Thanks
Todd