SRX Services Gateway
Reply
Contributor
aeroplane
Posts: 724
Registered: ‎06-30-2009
0

JSRP cluster failover using minimum-link and interface-monitor in LAG RETH interface

Hi Folks

 

I have SRX-3600 ACTIVE/PASSIVE firewall cluster. In the TRUST-ZONE, there is LAG reth interface, which consists of four physcial interfaces from each node.

 

My requirement is that as long as THREE physical interfaces are UP on primary node then this LAG reth interface is active on primary but if UP physical interfaces are less than THREE, for example UP physical interfaces are two on primary node then this LAG reht interfaces should failover to secondary node.

 

My question is that should I use minimum-link under the LAG reth interface OR should I use interface-monitor using weights under redundancy group configuration to achieve this? And what is the difference in each approach?

 

Thanks

Recognized Expert
JunOS_Fan
Posts: 241
Registered: ‎02-13-2012

Re: JSRP cluster failover using minimum-link and interface-monitor in LAG RETH interface

Hi,

 

minimum-links under redundant-ether-options is just a criteria of reth link status . This setting will not be used for Redundancy group failover. Redundancy group primacy will be decided by the interface-monitoring only.

 

http://www.juniper.net/techpubs/en_US/junos11.2/topics/concept/chassis-cluster-redundant-ethernet-in...  says that

 

"Redundant Ethernet interface configuration also includes a minimum-links setting that allows you to set a minimum number of physical child links on the primary node in a given redundant Ethernet interface that must be working for the interface to be up. The default minimum-links value is 1. Note that the minimum-links setting only monitors child links on the primary node"

 

so, to meet your requirement

 

 

{primary:node0}[edit]
user@host# set interfaces reth1 redundant-ether-options minimum-links 3
user@host# set chassis cluster redundancy-group 1 interface-monitor reth1 weight 255

 

First statement is to bring down the reth interface when there are less than 3 child interfaces from primary node in UP state and  Second statement is to failvoer the redundancy group (corresponding to reth interface which is down) to other node .

 

Note: Please note that I have never tried monitroing reth interface ( this is based on 11.2 documentation which states that SRX Series and J Series devices interface-monitoring feature now allows monitoring of redundant  Ethernet/aggregated Ethernet interfaces)

Best regards
Pradeep (JNCIP-SEC,ENT,SP)
www.networker.co.in
Contributor
aeroplane
Posts: 724
Registered: ‎06-30-2009
0

Re: JSRP cluster failover using minimum-link and interface-monitor in LAG RETH interface

So What I understand from your answer that, minimum-link only bring the reth interface down on primary node BUT it will not do the failover of reth interface from primary node to secondary node. Is that correct?

 

BUT interface-monitor will do two things:

1- Bring the reth interface down on primary node

2- Failover of reth interface from primary to secondary node

 

 

So whats the use of minimum-link knob?

 

Thanks

Recognized Expert
JunOS_Fan
Posts: 241
Registered: ‎02-13-2012
0

Re: JSRP cluster failover using minimum-link and interface-monitor in LAG RETH interface

Hi,

 

 interface-monitor will  NOT do two things  .

1- Bring the reth interface down on primary node

2- Failover of reth interface from primary to secondary node

 

for point#1 , we need minimum-links and point#2 (failover of RG actually) we need interface-monitor.

Best regards
Pradeep (JNCIP-SEC,ENT,SP)
www.networker.co.in
Contributor
aeroplane
Posts: 724
Registered: ‎06-30-2009
0

Re: JSRP cluster failover using minimum-link and interface-monitor in LAG RETH interface

Thanks for the reply. But what is the use case of minimum-link then? If it is just bringing down the reth interface.

 

Thanks

Contributor
aeroplane
Posts: 724
Registered: ‎06-30-2009
0

Re: JSRP cluster failover using minimum-link and interface-monitor in LAG RETH interface

Also could you please give me the exact link mentioning that interface-monitor is available for reth interfaces. Is it also supported in 11.1?

 

Thanks

Super Contributor
cryptochrome
Posts: 498
Registered: ‎03-29-2008
0

Re: JSRP cluster failover using minimum-link and interface-monitor in LAG RETH interface

*** bump ***

Twitter: @cryptochrome
--------------------------------
plus.google.com/11635909860
Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.