Screen OS

last person joined: 8 months ago 

This is a legacy community with limited Juniper monitoring.

  • 1.  Cluster-ID issue on ssg140

    Posted 02-27-2009 02:53

    I will have more than 7 nsrp cluster in our Network. If I give a cluster number higher than 7 the firewall tells me to take a number betwen 1 and 7.

    I have installed the latest release 6.2.0r1.0

     

    any suggest?

     

    regards

    Iglu



  • 2.  RE: Cluster-ID issue on ssg140

    Posted 02-27-2009 05:17

    You need ScreenOS 6.1 and up (which you have) and this CLI setting:

     

    set envar nsrp-max-cluster=<num 1>   

     

    Remember to save that.



  • 3.  RE: Cluster-ID issue on ssg140
    Best Answer

    Posted 02-28-2009 07:54

    By default, NSRP will support up to 8 cluster id's and 8 VSD's.  As noted in the previous entry, you can increase this with the envar, but you need to use them in multiples of 8, and the combination of cluster id's and VSD's cannot exceed 64.  You will need minimum ScreenOS 6.1 to do this.

     

    For example, you can increase the number of cluster id's to 16, and number of VSD's to 16, using the envar commands:

     

    set envar nsrp-max-cluster=16

    set envar nsrp-max-vsd=16

     

    After that, you need to reboot.

     

    However, you cannot increase the number of cluster id's to something like 10 or 20.  It needs to be in multiples of 8.  Additionally, the combination of cluster id's and VSD's cannot exceed 64.  So you can have up to 32 clusters and 32 VSD's, but you cannot have 32 clusters and 40 VSD's.

     

    Hope this helps.  You can also refer to the release notes for 6.1.0r4, page 12, which has further details regarding this.



  • 4.  RE: Cluster-ID issue on ssg140

    Posted 03-02-2009 05:49

    Thanks for you input.

    Before I already put the netscreen to support up to 10 clusters. Strange that the firewall accepted the command without errors.

    anyway I did like you proposed. cluster and vsd up to 16.

     

    regards

    iglu



  • 5.  RE: Cluster-ID issue on ssg140

    Posted 11-23-2009 19:40

    Hi:

     

    Just check the FW with 6.1.r2.0, there is no such variable in the envar. using the :

     

    get envar resource
    Resource environment variable:
    resource name           current     origin
    max-session                   0          0
    max-sa                        0          0
    max-l2tp-tunnel               0          0
    hash-seg                      0          0

     

    Could advise where is the envar

    nsrp-max-vsd is ?

     

    any information is appreciated



  • 6.  RE: Cluster-ID issue on ssg140

    Posted 11-24-2009 07:12

     

    SSG550(M)-> set envar nsrp-max-cluster=64

    nsrp cluster is set to 64

    The system must be reboot for new setting to take effect!

     

     

     

    SSG550(M)-> set envar nsrp-max-vsd=8 

    nsrp vsd is set to 8

    The system must be reboot for new setting to take effect!

    SSG550(M)-> 

     

     

    For you info that,

    cluster * vsd must be less than 512

    - meaning Cluster ID * NSRP VSD GROUP ID should be < 512.

     

     

    SSG550(M)-> get envar          

    last_reset=2009-11-24 17:21:09 by netscreen

    default_image=ssg500.6.3.0r1.0

    sme= 

    shdsl_pic_mode=0

    patch=init

    ipv6=yes

    nsrp-max-cluster=64 <<<<<<<<<<<<<<<<<

    nsrp-max-vsd=8  <<<<<<<<<<<<<<<<<<<<

     

     

     

    Hope, this would help you.