Configure Chassis Cluster (High Availability) on SRX Device

This post will cover how to conduct HA (high availability) failover configurations for the Juniper SRX. This post will only cover a simple active/passive configuration. It will not cover more advanced deployments like layer 2 HA or active/active HA.

The following topology will be used for the configuration:

Both reths (reth 0.0 and reth 1.0) belong to Redundancy Group 1, the data plane. 

  • Redundancy Group 0 is the control plane.
  • ge-0/0/2 was selected for the fabric (data) link in this example. For the fabric link, a GE port is recommended.

Prerequisites

Before proceeding with configuring the device for a Chassis Cluster, complete these prerequisites:

  • In the SRX configuration, remove any existing configuration associated with the interfaces that will be transformed into fxp0 (out-of-band management) and fxp1 (control link) when the chassis cluster feature is enabled.
  •  Confirm that the HARDWARE on both devices is the same.
  • Confirm that the SOFTWARE on both standalone devices is the same Junos OS version.
  • Verify using this command on both devices:
              root> show version
              Model: srx240b
              JUNOS Software Release [11.4R7.5]
  • Confirm that the LICENSE keys are the same on both devices. 
  •   If running Junos 10.4 or earlier, Ethernet switching is not supported.

Configuration

The following are the basic steps required for configuring a Chassis Cluster on SRX240 devices.

Step 1.  Physically connect the two devices together to form the control and fabric (data) links.

On the SRX240 device, connect ge-0/0/1 on device A to ge-0/0/1 on device B.  The ge-0/0/1 interface on device B will change to ge-5/0/1 after clustering is enabled in Step 2.

on the SRX240 device, connect ge-0/0/2 on device A to ge-0/0/2 on device B. The ge-0/0/2 interface on device B will change to ge-5/0/2 after clustering is enabled in Step 2.

It is helpful to know that after step 2, the following will interface assignments will occur:

  • ge-0/0/0 will become fxp0 and used as for individual management of each of the devices
  • ge-0/0/1 will become fxp1 and used as the control link between the two devices
  • The other interfaces are also renamed on the secondary device. For example, on a SRX 240 device, the ge-0/0/0 interface is renamed to ge-5/0/0 on the secondary node 1. Refer to the complete mapping for each SRX Series device:

Step 2.  Enable cluster mode and reboot the devices. Note that this is done in operational mode and not with a configure mode command.

On device A:    >set chassis cluster cluster-id 1 node 0 reboot 
On device B:    >set chassis cluster cluster-id 1 node 1 reboot
  • Cluster id will be the same on both devices, but the node id should be different as one device is node0 the other device is node1.
  • This command will need to be done on both devices.
  • The range for the cluster-id is 0-15. Setting it to 0 is the equivalent of disabling cluster mode. User has only 1-15 (15 cluster IDs) ids for working cluster, so user can calculate virtual MAC only for these 15 cluster ids. For more information.

After the reboot, note how the ge-0/0/0 and ge-0/0/1 interfaces are re-purposed to fxp0 and fxp1 respectively.

Step 3.  Configure the device specific configurations such as host names and management IP addresses. This is specific to each device and is the only part of the configuration that is unique to its specific node.  This is done by entering the following commands (all on the primary node):

      On device A:

{primary:node0}
# set groups node0 system host-name <name-node0>      -Device A's host name
# set groups node0 interfaces fxp0 unit 0 family inet address <ip address/mask>  -Device A's management IP address on fxp0 interface

# set groups node1 system host-name <name-node1>      -Device B's host name
# set groups node1 interfaces fxp0 unit 0 family inet address <ip address/mask   -Device B's management IP address on fxp0 interface

      The ‘set apply-groups’ command is run so that the individual configs for each node, set by the above commands, are applied only to that node. This command is required.

Step 4.  Configure the FAB links (data plane links for RTO sync, etc). For this example we will use physical ports ge-0/0/2 from each node.

On device A:
{primary:node0}
-fab0 is node0 (Device A) interface for the data link
# set interfaces fab0 fabric-options member-interfaces ge-0/0/2

-fab1 is node1 (Device B) interface for the data link    
# set interfaces fab1 fabric-options member-interfaces ge-5/0/2    

Step 5.  Configure the Redundancy Group 0 for the Routing Engine failover properties. Also configure Redundancy Group 1 (all the interfaces will be in one Redundancy Group in this example) to define the failover properties for the Reth interfaces.

{primary:node0}

# set chassis cluster redundancy-group 0 node 0 priority 100 
# set chassis cluster redundancy-group 0 node 1 priority 1 
# set chassis cluster redundancy-group 1 node 0 priority 100
# set chassis cluster redundancy-group 1 node 1 priority 1

Step 6.  Configure the interface monitoring.  Monitoring the health of the interfaces is one way to trigger Redundancy group failover.
Note: Interface monitoring is not recommended for redundancy-group 0.

      On device A:

{primary:node0}
# set chassis cluster redundancy-group 1 interface-monitor ge-0/0/3 weight 255
# set chassis cluster redundancy-group 1 interface-monitor ge-0/0/4 weight 255
# set chassis cluster redundancy-group 1 interface-monitor ge-5/0/3 weight 255
# set chassis cluster redundancy-group 1 interface-monitor ge-5/0/4 weight 255

Step 7.  Configure the Redundant Ethernet interfaces (Reth interface) and assign the Redundant interface to a zone.Make sure that you setup your max number of redundant interfaces as follows:

      On device A:

{primary:node0}
# set chassis cluster reth-count <max-number>

-for first interface in the group (on Device A)
# set interfaces <node0-interface-name> gigether-options redundant-parent reth0

-for second interface in the group (on Device B)
# set interfaces <node1-interface-name> gigether-options redundant-parent reth0

-set up redundancy group for interfaces
# set interfaces reth0 redundant-ether-options redundancy-group <group-number>       

# set interfaces reth0.0 family inet address <ip address/mask> 
# set security zones security-zone <zone> interfaces reth0.0

Step 8.  Commit and changes will be copied over to the Secondary Node, Device B.

      On device A:

{primary:node0}
# commit 
This will prepare the basic clustering setting for both the devices.

You can check the cluster status with the following commands.

show chassis cluster status
show chassis cluster interfaces
show chassis cluster statistics
show chassis cluster control-plane statistics
show chassis cluster data-plane statistics
show chassis cluster status redundancy-group 1