Hello,
Background: I have two datacenters, located 300km apart each with a Juniper MX240 router connected over a DWDM 10GE link. The latency is the range of 5ms RTT.
In each datacenter, I have one firewall from a third-party vendor configured in an active/stand-by fashion. Each firewall is connected to one router and only one firewall is globally active between both locations, meaning I could have traffic entering from DC1, moving to firewall in DC2 to end up in DC1.
I will configure two VPLS or L2circuits between my Juniper MX, so the firewall can exchange and synchronize across the network, that is absolutely fine.
However, if one firewall fails, the other should take over, but they will have absolutely the same settings, so I need to have the same IP address on both sides and on my two Juniper MX240. I assume, my option is VRRP, but this needs to happen in a VLAN. Unless I am missing something, as my Juniper is doing the transport, it cannot be part of the L2 domain.
Is there a way to configure VRRP with an IRB, or am I looking at this issue, the wrong way? Any idea, any feedback or any constructive remark would be greatly appreciated.
I am attaching a visual representation of my network.