SRX

last person joined: yesterday 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.

  • 1.  SRX240 - HA - NSM

    Posted 02-01-2011 06:21

    Hi, fellows,

     

    as I see forum you look probably for the same cases and scenarios ...

     

    I manage SRX240H cluster, trying to connect to NSM in HA (Junos 10.2r3.10, NSM2010.4)

     

    I have some questions, can you can help me, please? Also have you the same meaning?

     

    1) When I use formula "set group node0|1 system backup-router X destination Y", is the destination the same on both nodes? (If is outgoing interface in virtual-router or in inet.0?)

    2) I have on secondary node "no routing subsystem active", can make this any problem?

    3) When I set any backup-router, make configuration and commit, is necessery to restart this box (both boxes)? (i read "you must restart srx to activate config)

    4) From SRX is routing table to NSM via interface reth in security zone, not in functional zone. Then should provide traffic this reth interface n both direction? (also why should I have a functional-zone?)

     

    Thanks to all for any response



  • 2.  RE: SRX240 - HA - NSM
    Best Answer

    Posted 02-01-2011 12:15

    You may find that running the SRX240 cluster as a virtual chassis will work out better than trying to get NSM to manage the cluster through the fxp0 interfaces, which requires (in my opinion) really stupid configurations for network connectivity and routing.

     

    Check out this KB, it might make things a lot easier for you.

     

    http://kb.juniper.net/InfoCenter/index?page=content&id=KB18228&smlogin=true



  • 3.  RE: SRX240 - HA - NSM

    Posted 02-01-2011 13:02

    Well, this should help ... but as I see in last release notes

     

    517276— NSM does not display logs for the backup device in an SRX Series virtual  chassis in the Log viewer.

     

    Ok, I have to try VC and then I post my result here.

     

    Thanks



  • 4.  RE: SRX240 - HA - NSM

    Posted 02-03-2011 02:15

    Strange ... I added virtual-chassis into NSM2010.4, import was not succesfull (failed), I did restart highAvailServer on both NSM and then I can not connect into NSM, in log is ...

     

    2011/02/03-11:03:21.905 notice [main] Connecting to: 169.254.255.213 port 7808 petCode 0x20080808
    2011/02/03-11:03:21.912 notice [main] read keystore /home/vencour/NSM/2010.4/security/keystore.ks
    2011/02/03-11:03:21.913 notice [main] read truststore /home/vencour/NSM/2010.4/security/truststore.ts
    2011/02/03-11:03:22.933 notice [main] Connected to: 169.254.255.213:7808
    2011/02/03-11:03:22.933 error [Pooh] Connection unexpectedly closed by server
    2011/02/03-11:03:22.984 notice [Pooh] Lost TCP connection

     

    I don't understand ...

     

    In the second attempt to import says NSM ...

     

    Error Code:

    Error Text:
       Failed to import inventory data from device.
    Mesg: Open Channel Fail
    Detail: getDeviceInventoryInOMElement cannot allocate a channel for domainId 2 ,deviceId 58


    Error Details:
        No Details Available.

     

    (I had some problems on VC some time later ... so I tried OOB management)

     

    And in the third attemp wass import successfull ... hard to believe ... why SUCH random output?



  • 5.  RE: SRX240 - HA - NSM

    Posted 02-03-2011 03:33

    Btw: if I use VC and some redundant-group as active on node and other redundant-group is active on another node ... I will loose traffic logs?