SRX Services Gateway
Reply
Visitor
TobiasGlasow
Posts: 5
Registered: ‎09-16-2009
0
Accepted Solution

HA not working on SRX210

Hello,

 

i am trying to set up HA on two SRX210 (using the Junos Software Security Configuration Guide) but it doesn't work at all.Control link is connected between fe-0/0/7 (no other choice) of the boxes and fabric/data between fe-0/0/.

 

Let's see, what i have done:

 

Both boxes are running latest JunosES 9.6:

 

{primary:node0}
root> show system software
node0:
--------------------------------------------------------------------------
Information for junos:

Comment:
JUNOS Software Release [9.6R1.13]



node1:
--------------------------------------------------------------------------
Information for junos:

Comment:
JUNOS Software Release [9.6R1.13]

 

I started with 2 fresh, factory defaulted boxes and configured the chassis cluster. Set one box node 0 of cluster id 1 and the other node 1 of cluster 1and rebooted them.

 

Then it shows up like this (this is correct, i assume):

 

{primary:node0} root> show chassis cluster status Cluster ID: 1 Node name Priority Status Preempt Manual failover Redundancy group: 0 , Failover count: 1 node0 1 primary no no node1 1 secondary no no

 

 Then i set the root password (which is mandatory now) and changed the priority of redundancy group 0, and after that, it shows up like this:

 

 

{primary:node0} root> show chassis cluster status Cluster ID: 1 Node name Priority Status Preempt Manual failover Redundancy group: 0 , Failover count: 1 node0 100 primary no no node1 50 secondary no no

 

 See lights on fe-[0/2]/0/7 are blinking and on fe-[0/2]/0/6 constantly green.

 

i check the communication and see, that fabric probes are received (i assume, this is because no fabric interfaces are configured right now).

{primary:node0} root> show chassis cluster control-plane statistics Control link statistics: Heartbeat packets sent: 265 Heartbeat packets received: 237 Fabric link statistics: Probes sent: 263 Probes received: 0

 

so, i configured the fab interfaces:

 

{primary:node0}[edit] root# set interfaces fab0 fabric-options member-interfaces fe-0/0/6 {primary:node0}[edit] root# set interfaces fab1 fabric-options member-interfaces fe-2/0/6

 

 

 after commiting, the led on fe-[0/2]/0/6 starts blinking frequently (looks like traffic is beeing processed now), but still no fabric probes are received:

 

{primary:node0} root> show chassis cluster control-plane statistics Control link statistics: Heartbeat packets sent: 363 Heartbeat packets received: 335 Fabric link statistics: Probes sent: 361 Probes received: 0

 

 

after a while the node 1 goes down and i see the messages in jsrpd log:

 

 

{primary:node0} root> show log jsrpd <...snip...> Sep 16 18:37:03 Successfully sent an snmp-trap due to a failover from secondary to disabled on RG-0 on cluster 1 node 1 Reason: fabric-link-failure Sep 16 18:37:03 detected change in RG-0 state for node1 Sep 16 18:37:03 LED color changed from : Green to Red, reason Peer node: node1 i s disabled

 

 

 

 

 

chassis cluster status is now:

 

{primary:node0} root> show chassis cluster status Cluster ID: 1 Node name Priority Status Preempt Manual failover Redundancy group: 0 , Failover count: 1 node0 100 primary no no node1 50 disabled no no

 

There are no additional redundancy groups ore any reths configured. Am i missing something or misconfigured? What is wrong? Would greatly appreciate if someone could help me.

 

Thanks.

 

 

 

Visitor
TobiasGlasow
Posts: 5
Registered: ‎09-16-2009
0

Re: HA not working on SRX210

One additional info:

 

After doing a reboot on node1 (because this seems to be the only way to get it out of the "disabled" state") and waiting some time to let the unit come up completly, everything looks nearly fine for a short time (except still no fabric probes are received).

 

 

{secondary:node1}
root> show chassis cluster status
Cluster ID: 1
Node name Priority Status Preempt Manual failover

Redundancy group: 0 , Failover count: 0
node0 100 primary no no
node1 50 secondary no no

 

{secondary:node1} root> show interfaces terse | match aenet fe-0/0/6.0 up up aenet --> fab0.0 fe-2/0/6.0 up up aenet --> fab1.0 {secondary:node1} root> show chassis cluster control-plane statistics Control link statistics: Heartbeat packets sent: 70 Heartbeat packets received: 70 Fabric link statistics: Probes sent: 69 Probes received: 0 {secondary:node1} root> {primary:node0} root> show interfaces terse | match aenet fe-0/0/6.0 up up aenet --> fab0.0 fe-2/0/6.0 up up aenet --> fab1.0 {primary:node0} root> show chassis cluster control-plane statistics Control link statistics: Heartbeat packets sent: 2582 Heartbeat packets received: 2394 Fabric link statistics: Probes sent: 2580 Probes received: 0

 

 and so, the node 1 is being taken disabled and disappears out of the cluster:

 

 

{primary:node0} root> show interfaces terse | match aenet fe-0/0/6.0 up up aenet --> fab0.0 {primary:node0} root> show chassis cluster status Cluster ID: 1 Node name Priority Status Preempt Manual failover Redundancy group: 0 , Failover count: 1 node0 100 primary no no node1 50 disabled no no

 

 

 

Visitor
TobiasGlasow
Posts: 5
Registered: ‎09-16-2009
0

Re: HA not working on SRX210

And another info:

 

if i use ge-[0/2]/0/1 for fabric link (as described in the example in the JUNOS Software Security Configuration Guide on page 913), all works well:

 

 

{primary:node0} root> show interfaces terse | match aenet ge-0/0/1.0 up up aenet --> fab0.0 ge-2/0/1.0 up up aenet --> fab1.0 {primary:node0} root> show chassis cluster control-plane statistics Control link statistics: Heartbeat packets sent: 3844 Heartbeat packets received: 3483 Fabric link statistics: Probes sent: 3842 Probes received: 242 {primary:node0}

 

but on page 937 of the guide on the end of the page it's said : "... For SRX210 devices, both interfaces must be of a similar type ...<snip>... and can use any port other than fe-{0,2}/0/7".

 

This seems not to work...

 

Juniper Employee
Juniper Employee
MR
Posts: 26
Registered: ‎11-06-2007
0

Re: HA not working on SRX210

fe-0/0/6 and fe-2/07 as fabric interface will work fine. I think in your scenario of configuring the fab link after the chassis cluster was up could have caused the problem and rebooting node1 did not help because the issue could be on node0. You could have checked the show chassis cluster statistics commands on both the nodes to see which node could have the problem. 

 

 

... For SRX210 devices, both interfaces must be of a similar type ...<snip>... and can use any port other than fe-{0,2}/0/7".

 

For the above what it means is fe-0/0/7 and fe-2/0/7 cannot be used because this is the preconfigured control link for Chassic cluster (cc). When you configure Chassis cluster this ports are assigned to control ports when the device comes up.

 

 Would you be able to test one more time with fe-0/0/6 and reboot both nodes to check if CC gets formed.If the fabrics probes don't make it between the two nodes then the secondary node will go into disabled state, that is per design. 

 

Hope this helps.

Visitor
TobiasGlasow
Posts: 5
Registered: ‎09-16-2009
0

Re: HA not working on SRX210

Thanks for your post, but that doesn't help. i tried every kind of rebooting in different order. Always the same. The fabric link at fe-0/0/6 doesn't work.

 

i have no idea...

Trusted Contributor
Optimist
Posts: 60
Registered: ‎09-09-2009
0

Re: HA not working on SRX210

On SRX100 and SRX210 fe-0/0/6 and fe-2/0/6 are reseverd as fxp0 (RE managament) if cluster is enabled and can not used as reth or fab links.

You can use any port exept fe-0/0/6 and fe-0/0/7 as reth or fab link. ge- and fe- will work.

 

Personally I recommend to use fe-0/0/5 and fe-2/0/5 as fab link because then all HA Interfaces are closely together.

 

Hope this helps

Visitor
TobiasGlasow
Posts: 5
Registered: ‎09-16-2009
0

Re: HA not working on SRX210

Hello Optimist,

 

thanks for your post. This is exactly what i figured out with the help of a juniper se. Now it works.

 

Somehow the docu is neither complete nor correct :-(

 

Regards.

New User
jguardia
Posts: 2
Registered: ‎03-04-2010
0

Re: HA not working on SRX210

Hi,

 

I have the same problem with two SRX3600.

 

what's are the correct ports for the DATA LINK?

 

Regards,

 

Jorge

New User
jguardia
Posts: 2
Registered: ‎03-04-2010
0

Re: HA not working on SRX210

appear this error:

 


{secondary:node1}
root@SRX3600-2> show interfaces terse | match aenet
ge-0/0/4.0              up    up   aenet    --> fab0.0
ge-0/0/6.0              up    down aenet   



{secondary:node1}[edit]
root@SRX3600-2#

{primary:node0}
root@SRX3600-1> show interfaces terse | match aenet  
ge-0/0/4.0              up    up   aenet    --> fab0.0
ge-0/0/6.0              up    down aenet    --> fab1.0

Trusted Expert
SSHSSH
Posts: 601
Registered: ‎11-21-2009
0

Re: HA not working on SRX210

for srx-3600 :

the  control link is the built-in front-panel RE  ports

the fabric link can be any available GE  or XE  interface

Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.