Our mission is to bring seamless networking and data services to global users, and to do that our system, network, and security engineering teams constantly work to ensure that our global network–which stretches from multiple nodes in Europe to the US East Coast to Asia Pac via the Gulf–is highly available, resilient, and adaptable.
A truly global robust network, of course, isn’t just about connectivity; it’s about reliability. Our clients depend on us for everything from direct connectivity, data backhaul, content partnerships, SIM testing, network design, and remote testing.
To meet their needs, we maintain a fully encrypted Multiprotocol Label Switching (MPLS) core, with IPsec security (in transition to MACSec) to keep their data secure. Our network architecture features full path and device redundancy, designed for sub-second failover and session consistency—critical for our high-availability (HA) requirements.
A family of key technology partners
For years we’ve been doing that in collaboration with Juniper Networks. Juniper’s not our sole supplier, but we do tend to favour its solutions; for example, we have over 110 Cisco devices (including a Nexus 9K for datacentre switch fabric and several ASR 1K – BGP routers), and other equipment from other vendors.
But Juniper predominates; we have about 140 Juniper devices, starting with the MX104/204 (mainly as MPLS P-routers; we’re starting to move from these to ACX) some SRX 34x/1500 (as we’re about to see, almost all in cluster/MNHA [Multi-Node High Availability] deployments, many integrated as PE-routers. For smaller switch fabrics or offices switches we have a set of EX 4000 Series (EVPN-VXLAN, MC-LAG) or QFX 5120 (MACSec, MC-LAG).
The core of our availability strategy revolves around Juniper SRX clusters in Multi-Node High Availability (MNHA) deployments, where dual nodes provide fast failover and increased network resilience. This is especially relevant in our smaller Points of Presence (PoPs), where Juniper EX switches and SRX chassis clusters connect customers and partners to our MPLS core, the internet, and other partner networks. Within these SRX clusters, both nodes share active interfaces (Ae interfaces), allowing services to continue with minimal disruption in case of a node failure.
By deploying Juniper’s SRX 34x/1500 devices in almost all cluster or MNHA setups and integrating many of these as Provider Edge (PE) routers, we’ve been able to enhance redundancy and resilience across our network. Additional support from Juniper’s EX 4000 Series for smaller switch fabrics (EVPN-VXLAN, MC-LAG) and the QFX 5120 for MACSec and MC-LAG enables SNS to deploy secure, reliable connections in diverse use cases, such as SIM testing and direct customer connectivity.
Which has been great, but we had started to run into some issues with this stack with Juniper SRX firewalls in cluster mode:
- Single Control Plane Limitation Our SRX clusters use a single control plane, which initially resulted in high convergence times, requiring adjustments for faster failovers
- GRE Tunnelling for MPLS To support MPLS, GRE tunnels were necessary, which caused QoS challenges and increased failover times. Although a workaround, it required significant engineering to implement
- Active/Active Constraints Using an active/active setup would have required twice the number of links, leading us to opt for a different configuration for efficiency.
- Interface Naming and Configuration Synchronisation We had also encountered naming conventions that had to match between nodes, creating minor setup delays, though we’ve now standardised these configurations across all clusters.
Multi-Node High Availability (MNHA) with Juniper SRX Clusters
SNS is addressing these limitations with a move to MNHA (Multi-Node High Availability) from the company. While Juniper’s SRX devices have enhanced our network, achieving MNHA did present a few initial challenges, which we think worth sharing in case anyone else is looking at going MNHA.
The good news is that--in close partnership with Juniper--by working through these challenges and taking quick advantage of the updates in recent versions, we’re achieving optimal performance while also maintaining a simpler configuration.
Specifically, the Multi-Node High Availability we’ve architected together allows:
- Faster, More Graceful Failover For essential Service Redundancy Groups (SRGs), failover times have dramatically reduced—from around two minutes to virtually zero for the primary group, and from one second to a fraction of a second for secondary groups
- Accelerated Disaster Failover Should an unexpected event occur, our disaster failover time for SRG0 dropped from nearly two minutes to under 10 seconds, with secondary groups achieving similar reductions
- Reinstated QoS Functionality Quality of Service (QoS) is now functioning as required within our setup, ensuring smooth and prioritized data flows across the network
- Improved MTU Handling Reassembly for Maximum Transmission Units (MTUs) is now much more streamlined, reducing packet fragmentation issues.
A Stronger, More Resilient Network for the Future
Swiss Network Solutions' partnership with Juniper Networks has enabled us to build a network that not only meets our current availability, and resiliency needs but is poised to adapt to future demands.
Thanks to the advancements in SRX clusters and the MNHA framework, we think we are now well-positioned to deliver the level of performance and reliability that our clients depend on.
Check in with us today if you’d like to learn more about what MNHA from SNS can do for you.
