Juniper SRX High Availability Cluster
Here is a brief outline of SRX Cluster configuration:
- Connect physical interfaces
- On SRX100, 210, 220
- fe-0/0/6 -> fxp0 (OOB Management)
- fe-0/0/7 -> fxp1 (Chassis cluster Control)
- For SRX240, 550, 660
- ge-0/0/0 -> fxp0 (OOB Management)
- ge-0/0/1 -> fxp1 (Chassis cluster Control)
- On SRX100, 210, 220
- Enable cluster on both devices
- Cluster ID should be the same, the node id should be different
- > set chassis cluster cluster-id <0-15> node <0-1> reboot
- Cluster ID should be the same, the node id should be different
- Configure fxp0 management interfaces and host names on each node
- #set groups node0 system host-name <name-node0>
- #set groups node0 interface fxp0 uni0 family inet...
- Apply on individual nodes
- #set apply-groups “${node}”
- Option 2: Configure shared IP which will point only to the master node:
- # set interfaces fxp0.0 family inet address 192.168.56.200/24 master-only
- Create fab links (data-link control)
- # set interfaces fab0 fabric-options member-interfaces ge-0/0/1
- Set up redundancy groups, optionally enable preemt
- # set chassis cluster redundancy-group 0 node 0 priority 200
- # set chassis cluster redundancy-group 0 node 1 priority 100
- # set chassis cluster redundancy-group 1 node 1 priority 200
- # set chassis cluster redundancy-group 1 node 0 priority 100
- # set chassis cluster redundancy-group 1 preempt
- Configure interfaces or IP monitoring
- Interface monitoring – only physical (note the weight is subtracted from 255)
- # set chassis cluster redundancy-group 1 interface-monitor fe-2/0/2 weight 255
- IP moinitoring – ping to remote address (optionally set global weight, threshold, ping retry interval and count)
- # set chassis cluster redundancy-group 1 ip-monitoring family inet 10.32.235.1 weight 255
- Interface monitoring – only physical (note the weight is subtracted from 255)
- Set up reth (redundant interfaces)
- Set maximum reth count
- #set chassis cluster reth-count 2
- Configure Phisical interaces to be part of reth ( Note: speed and duplex have to be configured on the child interface)
- # set interfaces fe-0/0/4 set speed 100m link-mode full-duplex
- #set interfaces fe-0/0/4 fastether-options redundant-parent reth2
- #set interfaces fe-2/0/4 fastether-options redundant-parent reth2
- Specify reth member and configure IPs
- #set interfaces reth1 redundant-ether-options redundancy-group 1
- #set interfaces reth1 unit 0 family inet address 1.2.0.233/24
- Assign interface to a zone
- #set security zones security-zone untrust interfaces reth1.0
- Set maximum reth count
Manual failover to test the cluster. Specify the new primary node:
> request chassis cluster failover node 0 redundancy-group 0
Reset the cluster to normal state:
> request chassis cluster failover reset redundancy-group 0
Disabling the cluster (on each node):
>set chassis cluster disable reboot
Login to secondary cluster member:
>request routing-engine login node 1
Login to secondary cluster member:
>request routing-engine login node 1
Verification
show chassis cluster status
show chassis cluster interfaces
show chassis cluster statistics
show chassis cluster ip-moinitoring status
show log jsrpd
show system core-dumps
show system core-dumps
...The hidden command that shows it all:
>show chassis cluster information details
