Branch Office Chassis Cluster Design Considerations
Because most enterprises employ more users in distributed enterprise locations than at headquarters in the same location as data centers, they need a network infrastructure in the branch offices that performs as well as the one in the centralized headquarters with high availability and minimized disruption. Since there are multiple branch profiles that require various levels of high availability, enterprises need to identify what level they want to achieve for each specific branch office and then deploy the appropriate level of device and link redundancy that supports the high availability requirements.
In common scenarios, most branch offices connect directly to data centers through either a private WAN link, provided by service providers in the form of managed services, MPLS Layer 2 or Layer 3 virtual private network (VPN), ATM or Frame Relay links, or an IPsec VPN over the Internet. In many cases, enterprises prefer to deploy IPsec VPNs over private WAN links to add encryption and security on sensitive traffic because the private WAN networks that most service providers offer are not exclusive but actually are shared among many customers. Figure 1 shows a high-level view of Juniper Networks distributed enterprise high availability network design.
There are two types of high availability designs at most distributed enterprise locations. Each of these design profiles is discussed in detail below.
Link-level redundancy—This uses a single SRX Series device and either a single or dual private WAN or Internet connection, as seen in many small branch offices. The SRX Series device provides integrated LAN switching capability with 8 to 16 Ethernet ports. Figure 2 shows a small office home office (SOHO) or retail store link-level high availability architecture.
For connecting more devices, LAN connectivity in branch offices that use only link-level high availability can be implemented with a single fixed configuration of a Juniper Networks EX2300 Ethernet Switch or EX3200 Ethernet Switch. These Ethernet switches offer cost-efficient, complete Layer 2 and Layer 3 switching capabilities; 10/100/1000BASE-T copper port connectivity with either full or partial Power over Ethernet (PoE); and the full Junos OS feature set. Figure 3 shows the remote office link-level high availability architecture.
Device-level redundancy—This consists of two SRX Series devices. One connects to a private WAN or a managed services connection, while the other connects to the Internet, as seen in many medium-to-large branch offices. Device redundancy is achieved through a chassis cluster and redundant Ethernet groups. LAN redundancy is implemented with an EX4300 Ethernet Switch connected to both of the edge devices to provide a high availability configuration. Figure 4 shows a medium-to-large branch office device-level high availability architecture.
The solution profile types and the services they provide are derived from a basic reference architecture in which the connectivity between distributed enterprise locations (branch/campus) and data centers is provided using the public network (Internet) and private WAN/MAN networks (either using point-to-point lines, metro Ethernet, managed services, or MPLS Layer 2-/Layer 3-based VPNs).