SRX

Can someone explain what is happening with SRX Branch Cluster in next situation:

1. When node 0 has no power? Is the node 1 than active or it goes to disable state? How node 1 is know what happened with node 0?

2. When both links, control and data (fabric) links are down in the same time? Who is than active, and how node 1 is know what happened with node 0?

3. The meaning Link is down for the cluster is for example when we plug or cut the cable and it's not meant for service down?

 

If the control link physically goes down and the fabric link is up,the secondary RE immediately goes into ineligible state. Eventually, it will go into dis-abled state. If control link recovery is enabled, the device will reboot itself after
one minute of successful communications.

 

The data link uses jsrpd heartbeat messages to validate that the path is up and is actively working. This is similar to the control link. However, the data link is more forgiving. It can take up to 120 seconds for the data link to detect that it is down. This is because it’s possible for the data link to get completely full of RTOs, or data forwarding mes-sages, hence the data link is more forgiving in missing messages from the other node. However, after the required amount of time has passed, the secondary node will become disabled just like the control link. There isn’t an automatic reboot like the control link—the secondary node must be manually rebooted to recover it.

 

So in case I have redundant data links it's not any protection for failing because I don't have redundancy for control link in Branch SRXs, so in the end node 1 goes to the disable state.

And when node 0 is without power in the end after a period of time node 1 goes to disable state and I have no backup at all. Did I understand the docs well. It's no difference for active/active or active/passive cluster configuration because I will still have above problems, right?

 

Thanks

Hi,

Please find the answers below : 

1. When node 0 has no power? Is the node 1 than active or it goes to disable state? How node 1 is know what happened with node 0?

A) When node 0 is powered down, node 1 will come up as primary. The node 1 will send the control and fab probes and wont receive any and will declare itself as primary 

2. When both links, control and data (fabric) links are down in the same time? Who is than active, and how node 1 is know what happened with node 0?

A) If both the nodes are up and control , fab both goes down.At that time both will come up as primary and you will never want that to happen in your production environment. 

3. The meaning Link is down for the cluster is for example when we plug or cut the cable and it's not meant for service down?

A) You are correct

4. So in case I have redundant data links it's not any protection for failing because I don't have redundancy for control link in Branch SRXs, so in the end node 1 goes to the disable state.And when node 0 is without power in the end after a period of time node 1 goes to disable state and I have no backup at all. Did I understand the docs well. It's no difference for active/active or active/passive cluster configuration because I will still have above problems, right?

A) Yes, if node 1 is disabled and node 0 powers down than its complete network down. 

But complete network down will only take place when one node is disabled and other went down. But no network admin would keep the secondary in disabled and chances of both nodes down at same time is pretty less.

Hope this helps.
 
Regards,
Visitor
--------------------------------------------------​--------------------------------------------------​---
If this post was helpful, please mark this post as an "Accepted Solution".Kudos are always appreciated

Thanks for the answers.

Still can you explain what's happening when when both links, control and data (fabric) links are down in the same time? Who is than active, and how node 1 is know what happened with node 0?

If both the nodes are up and control , fab both goes down.At that time both will come up as primary and you will never want that to happen in your production environment.

 

You mean here that both nodes can become primary? If both nodes are master reth links are up on both nodes and I will have mess in my network

 

In the end with the cluster in any config scenario I can't have automatic failover, and returning to normal state in any failure (both links down, power on node 0 off). The customers has to watch the firewalls, right?

 

If you have time please read my other post http://forums.juniper.net/t5/SRX-Services-Gateway/SRX-Cluster-scenario-failover-two-ISPs-and-BGP-design-problems/td-p/132103 and tell me your ideas what to do.

 

Best regards

 

Yes, if the control and fab links go down, both nodes will become active. Makes sense, the SRX can't tell if the other device went down or if it's just the connectivity that was lost. Of course, split brain scenarios like this need to be avoided at all times.

If the devices are in different rooms, I usually use direct fiber connections between the two rather than switches, to prevent issuse like this and because configuring the switches properly takes a lot of work.

 

The cluster state should always be monitored, as with any redundant system. Otherwise you'll have no way of knowing that one of the devices failed. When one of the HA connections is interrupted, the secondary will go into disabled state. You can activate control-link-recovery to auto-reboot when the link is reestablished but that option doesn't exist for the fab link.

Thanks. Now it's all clear for me.

So if the fab link down, do we need to mannualy reboot the secondary node ?? 

#abctech
#Apollo77
#motd