In this post we are going to learn how to configure chassis cluster in Juniper SRX series devices. SRX Series Services gateways can be configured to operate in cluster mode, where a pair of devices can be connected together and configured to operate like a single device to provide high availability.
When configured as a chassis cluster, the two nodes back up each other, with one node acting as the primary device and the other as the secondary device, ensuring stateful failover of processes and services in the event of system or hardware failure. If the primary device fails, the secondary device takes over processing of traffic. Below are the requirements for Active / Passive chassis cluster configuration.
Network Diagram
Prerequisites:
- Physically connect the two devices and ensure that they are the same models, same JUNOS version. On the SRX345 Services Gateway, connect control port (which is fixed port by juniper) on node 0 ge-0/0/1 to ge-0/0/1 on node1. More on chassis clustering information refer this Juniper Topic.
- Set the two devices to cluster mode and reboot the devices. You must enter the following operational mode commands on both devices.
| Onnode 0: root@host> set chassis cluster cluster-id 1 node 0 reboot On node 1: root@host> set chassis cluster cluster-id 1 node 1 reboot |
- The cluster-id is the same on both devices, but the node ID must be different because one device is node 0 and the other device is node 1. The range for the cluster-id is 0 through 255 and setting it to 0 is equivalent to disabling cluster mode.
- After the reboot when devices come back, cluster is formed and ge-0/0/X changes to ge-5/0/X like ge-0/0/1 interface on node 1 changes to ge-5/0/1. Following interfaces are assigned and repurposed to form a cluster:
- SRX contains a dedicated port fxp0.
- SRX ge-0/0/1 becomes fxp1 and is used as the control link within the chassis cluster.
- The other interfaces are also renamed on the secondary device.
From this point onward, configuration of the cluster is synchronized between the member nodes and the two separate devices function as one device.
After clustering is enabled, the system creates fxp0, fxp1, and em0 interfaces, which are not mapped to any physical interface and are not user defined. However, the fab interface is user defined.
Step by Step Configuration:
To configure a chassis, cluster on SRX345 device perform the below 5 steps:
- First of all, set up hostnames and management IP addresses for each device using configuration groups. These configurations are specific to each device and are unique to its specific node.
| set groups node0 system host-name vSRX-A set groups node0 interfaces fxp0 unit 0 family inet address 192.168.1.1/24 set groups node1 system host-name vSRX-B set groups node1 interfaces fxp0 unit 0 family inet address 192.168.1.2/24 set apply-groups “${node}” |
Set the apply-group command so that the individual configurations for each node set by the previous commands are applied only to that node.
- Define the interfaces used for the fab connection (data plane links for RTO-Real Time Objects sync) by using physical ports ge-0/0/0 from each node. Fab0 is interface ge-0/0/0 on Node0 & Fab1 is interface ge-5/0/0 on Node1. These interfaces must be connected back-to-back, or through a Layer 2 infrastructure.
| set interfaces fab0 fabric-options member-interfaces ge-0/0/0 set interfaces fab1 fabric-options member-interfaces ge-7/0/0 |
- Set up redundancy group 0 for the Routing Engine failover properties, and set up redundancy groups 1 to define the failover properties for the redundant Ethernet interfaces.
| set chassis cluster redundancy-group 0 node 0 priority 200 set chassis cluster redundancy-group 0 node 1 priority 100 set chassis cluster redundancy-group 1 node 0 priority 200 set chassis cluster redundancy-group 1 node 1 priority 100 set chassis cluster redundancy-group 2 node 0 priority 200 set chassis cluster redundancy-group 2 node 1 priority 100 set chassis cluster redundancy-group 3 node 0 priority 200 set chassis cluster redundancy-group 3 node 1 priority 100 set chassis cluster redundancy-group 4 node 0 priority 200 set chassis cluster redundancy-group 4 node 1 priority 100 |
- Set up interface monitoring to monitor the health of the interfaces and trigger redundancy group failover.
| set chassis cluster redundancy-group 2 interface-monitor ge-0/0/2 weight 255 set chassis cluster redundancy-group 2 interface-monitor ge-7/0/2 weight 255 set chassis cluster redundancy-group 2 interface-monitor ge-0/0/3 weight 255 set chassis cluster redundancy-group 2 interface-monitor ge-7/0/3 weight 255 set chassis cluster redundancy-group 3 interface-monitor ge-7/0/4 weight 255 set chassis cluster redundancy-group 3 interface-monitor ge-0/0/4 weight 255 set chassis cluster redundancy-group 4 interface-monitor ge-0/0/5 weight 255 set chassis cluster redundancy-group 4 interface-monitor ge-7/0/5 weight 255 |
Interface failover only occurs after the weight reaches 0. We do not recommend Interface monitoring for redundancy group 0 because it causes the control plane to switch from one node to another node in case interface flap occurs.
Set up the redundant Ethernet (reth) interfaces and assign the redundant interface to a zone.
| set chassis cluster reth-count 10 set interfaces ge-0/0/2 gigether-options redundant-parent reth0 set interfaces ge-7/0/2 gigether-options redundant-parent reth0 set interfaces ge-0/0/3 gigether-options redundant-parent reth0 set interfaces ge-7/0/3 gigether-options redundant-parent reth0 set interfaces reth0 redundant-ether-options redundancy-group 1 set interfaces reth0 unit 0 family inet address 10.10.100.1/24 set security zones security-zone trust interfaces reth0.0 set security zones security-zone trust interfaces host-inbound-traffic protocols all set security zones security-zone trust host-inbound-traffic system-services all set interfaces ge-0/0/4 gigether-options redundant-parent reth1 set interfaces ge-7/0/4 gigether-options redundant-parent reth1 set interfaces reth1 redundant-ether-options redundancy-group 2 set interfaces reth1 unit 0 family inet address 172.30.100.1/29 set interfaces ge-0/0/5 gigether-options redundant-parent reth2 set interfaces ge-7/0/5 gigether-options redundant-parent reth2 set interfaces reth2 redundant-ether-options redundancy-group 3 set interfaces reth2 unit 0 family inet address 172.21.100.1/29 set security zones security-zone unTrust interfaces reth1.0 set security zones security-zone unTrust interfaces reth2.0 set security zones security-zone unTrust interfaces host-inbound-traffic protocols all set security zones security-zone unTrust host-inbound-traffic system-services all |
Also Read:
Verifying Chassis Cluster Status
- Verify the chassis cluster status, failover status, and redundancy group information. From operational mode, enter the below command.
| user@host# show chassis cluster status Cluster ID: 1 Node Priority Status Preempt Manual failover Redundancy group: 0 , Failover count: 1 node0 200 primary no no node1 100 secondary no no Redundancy group: 1 , Failover count: 1 node0 0 primary no no node1 0 secondary no no |
- Verify information about chassis cluster interfaces, from operational mode, enter the show chassis cluster interfaces command.
| user@host> show chassis cluster interfaces Control link name: em0 Redundant-ethernet Information: Name Status Redundancy-group reth0 Up 1 reth1 Up 1 Interface Monitoring: Interface Weight Status Redundancy-group ge-7/0/5 255 Up 1 ge-7/0/4 255 Up 1 ge-0/0/5 255 Up 1 ge-0/0/4 255 Up 1 |
- Use these below some commands to identify chassis cluster issues. You should run these logs on both nodes.
From operational mode, enter these show log commands to verify chassis cluster status in Juniper SRX devices.
| user@host> show log jsrpd user@host> show log chassisd user@host> show log messages user@host> show log dcd user@host> show traceoptions |
In this lesson, we had configured chassis cluster in Juniper SRX devices & also taken notes of some show command to verify the operational status of chassis cluster.
That’s all for now, I hope this is been informative for you & I would like to thank you for viewing.