SRX

So I have two pairs of SRX650s. Both pairs have external RETH interface on RETH1.

I started noticing MAC-Flapping on the outside switches. I draw it all out and finally realize that both pairs of SRX's have MAC Address  on the external interfaces .. Wait.. What ? Then I realize that its the same issue with the internal interfaces on 00:10:db:ff:10:00 but they are on different segments and not causing a problem.

So I guess my question/statement is, shouldnt the virtual mac presented by the SRX be some random mathematical jumble based on the burned in digits on the card ? I googled the MAC assuming to find lots of posts like this but I didnt. Also, I'm assuming that it's possible for me to set the mac to something else ?

My colleague and I were kind of Gob Smacked when we realized what was going on.

Your brother in Junos,

Justin

Just found this artice.

http://kb.juniper.net/InfoCenter/index?page=content&id=KB13689&smlogin=true 

Now I face the prospect of having to change the cluster id . Hope thats not a start-over type thing. Took me a long time to get it all set up.

The reth interface MAC address is derived from the cluster ID (see KB13689). If you have two clusters with the same ID then the MAC addresses will be identical...

The solution is to use different cluster ID's. But setting the cluster ID is what you initialy do when setting up a cluster. It requires a reboot.

Regards,

Steven

thanks.. I consoled into both boxes and issued:

Primary:

set chassis cluster cluster-id 2 node 0 reboot

Secondary:

set chassis cluster cluster-id 2 node 1 reboot

hit enter on Primary first, waited 5 seconds, then hit it on Secondary. Took a while for it to boot up but eventually it came up with my old config intact.

Thanks for the help.

I just stumbled on this thread after having the exact same problem.  I'm setting up 2 stacks of SRX's at the office to eventually go to 2 data centres, and ever since I brought the second stack online I've been racking my brains why they've both destabilized.  It doesn't help that I did firmware updates and a few other config changes at the same time.

This AM I noticed that the arp on my office switch shows the same MAC address for both stacks of SRX.  Dare I say "good grief" or something a little stronger?

i just wanted to chime in and say "thank you forums".

Score one for forums. I still believe this is a bug or design flaw, whatever you want to call it. Glad to help.

 Wowza,  lost 8 hours on this one.

Indeed, I solved the problem the hard way, finding the dupe MAC and first wonderng if this was a BIA.   Having some good search terms in hand brough me here.    .

Juniper,   suggest adding NOTE to the cluster config documents.

Hi

I believe this is mentioned in some of the docs, e.g. here

http://kb.juniper.net/library/CUSTOMERSERVICE/GLOBAL_JTAC/NT260/SRX_HA_Deployment_Guide.pdf

Note: When using multiple clusters that are connected to the same L2 domain, a unique cluster-id
needs to be used for each cluster. Otherwise you may get duplicate mac addresses on the network,
because the cluster-id is used to form the virtual interface mac addresses.

Not necessarily the most obvious place to look in, but KB articles seem to refer to this doc consistently.