Você está na página 1de 8

Control Link ports and Fabric link ports guideline from Juniper:

https://www.juniper.net/documentation/en_US/junos/topics/task/operational/chassis-cluster-srx-
series-hardware-connecting.html

Good configuration example Video from the scratch:

https://www.youtube.com/watch?v=bqo2C-nJmBA

Juniper SRX cluster configuration:

https://www.juniper.net/documentation/en_US/junos/topics/task/operational/chassis-cluster-srx-
series-creating.html
Cluster ID

Each cluster must share a unique identifier among all its members. This identifier is used in a few
different ways, but most important it is used when two devices are communicating with each other.
The cluster ID is also used when determining MAC addresses for the redundant Ethernet interfaces.

Example:

Node 0
user@host> set chassis cluster cluster-id 1 node 0 reboot

Node 1
user@host> set chassis cluster cluster-id 1 node 1 reboot

Node ID

The node ID is the unique identifier for a device within a cluster. There are two node IDs: 0 and 1. The
node with an ID of 0 is considered the base node. The node ID does not give the device any sort of
priority over its mastership, only in interface ordering. Node 0 is the first node for the interface
numbering in the chassis cluster. The second node, node 1, is the second and last node in the cluster.

Redundancy Groups

In an HA cluster, the goal is the ability to fail over resources in case something goes wrong. A
redundancy group is a collection of resources that need to fail over between the two devices. Only one
node at a time can be responsible for a redundancy group; however, a single node can be the primary
node for any number of redundancy groups.

Two different items are placed in a redundancy group:

The control plane and the interfaces. The default redundancy group is group 0.

Redundancy group 0 represents the control plane. The node that is the master over redundancy group 0
has the active RE. The active RE is responsible for controlling the data plane and pushing new
configurations. It is considered the ultimate truth in matters regarding what is happening on the device.

The data plane components for redundancy groups exist in numbers 1 and greater (group 1).

Example:

set chassis cluster redundancy-group 0 node 0 priority 129


set chassis cluster redundancy-group 0 node 1 priority 128
set chassis cluster redundancy-group 1 node 0 priority 129
set chassis cluster redundancy-group 1 node 1 priority 128
set chassis cluster redundancy-group 1 preempt
set chassis cluster redundancy-group 1 interface-monitor ge-0/0/4 weight 128
set chassis cluster redundancy-group 1 interface-monitor ge-5/0/4 weight 128
A redundant Ethernet (reth) interface:

A redundant Ethernet (reth) interface is a pseudo-interface that includes a physical interface


from each node of a cluster. A reth interface of the active node is responsible for passing the
traffic in a chassis cluster setup.

Example:

set fe-0/0/2 fastether-options redundant-parent reth0


set fe-2/0/2 fastether-options redundant-parent reth0
set reth0.0 family inet address 172.16.0.1/24
set interfaces reth0 redundant-ether-options redundancy-group 1

show interfaces terse | match reth


ge-0/0/4.2 up up aenet --> reth0.2
ge-0/0/4.69 up up aenet --> reth0.69
ge-0/0/4.4013 up up aenet --> reth0.4013
ge-0/0/4.4018 up up aenet --> reth0.4018
ge-0/0/4.4080 up up aenet --> reth0.4080
ge-0/0/4.4081 up up aenet --> reth0.4081
ge-0/0/4.4082 up up aenet --> reth0.4082
ge-0/0/4.4084 up up aenet --> reth0.4084
ge-0/0/4.4085 up up aenet --> reth0.4085
ge-0/0/4.4086 up up aenet --> reth0.4086
ge-0/0/4.32767 up up aenet --> reth0.32767

Fab links (fab):

All of these data plane messages pass over the data link.The data link is also known as the fabric link
Fab links should not be configured to be part of any security zone.
These links are for fabric monitoring for the both nodes to synchronize sessions etc.
They will be part of NULL Zone only.

Example:

set interfaces fab0 fabric-options member-interfaces ge-0/0/2


set interfaces fab1 fabric-options member-interfaces ge-5/0/2

Interface Monitoring:
Interface monitoring monitors the physical status of an interface. It checks to see if the interface is in an
up or down state. When one or more monitored interfaces fail, the redundancy group fails over to
the other node in the cluster.

set chassis cluster redundancy-group 1 interface-monitor ge-0/0/4 weight 128


set chassis cluster redundancy-group 1 interface-monitor ge-5/0/4 weight 128

SRX HA Cluster deployment models:

Active/passive (AireSpring implementation)


Active/active
Mixed mode
The six pack

Active/Passive mode, the first SRX data plane (Group# 1) is actively passing traffic while the second SRX
data plane is sitting in a passive setting not passing traffic. On a fault condition, of course, the passive
data plane will take over and begin passing traffic. To accomplish this, the SRX uses one data plane
redundancy group and one or more redundant

SRX Cluster -HA Testing and Verification


show chassis cluster status

show chassis cluster information

show chassis cluster interfaces

show configuration chassis cluster | display set

Pre Testing Checks

Cluster Status:

show chassis cluster status

Cluster Flow session:

show security flow session


Connectivity Verification (Before and After the failover):

From outside to inside

Ping and Application testing

From inside to outside

Ping and Application testing (RDP access to Servers and access outside)

Manual Failover

request chassis cluster failover redundancy-group 0 node 1

request chassis cluster failover redundancy-group 1 node 1

Reference

Juniper SRX Failover Testing Part 1 and Part 2

https://blog.marquis.co/juniper-srx-failover-testing-part-1/

https://blog.marquis.co/juniper-srx-failover-testing-part-2/