Routing
Routing

Inter-Chassis High Availability for Stateful Firewall and CGNAT Using MS-MIC

[ Edited ]
‎03-14-2016 01:24 PM

Hello,

I am trying to implement interchassis HA for firewall and CGNAT in my network

I have an issue where I am using two MX480s, one in active (primary router) and the other in standby (secondary) and I want to implement a scenario where when I fail over from primary to secondary box  and no voice calls or packet drops are experienced 

I have configured my two boxes exactly as seen in the documentation here: http://www.juniper.net/techpubs/en_US/junos15.1/topics/example/nat-interchassis-ha-sfw-nat-msmic-msm...

 

But I have two problems.

1. When i pass traffic through mx a, nothing is being replicated on mx b as shown below

MX A

xx@mx480a> show services nat mappings detail
Interface: ms-1/2/0, Service set: SS-2000

NAT pool: NAT-POOL-DATA-2000

Mapping : 192.168.100.11 --> XX.XXX.X17.84
Ports In Use : 14
Session Count : 14
Mapping State : Active

NAT pool: NAT-POOL-VOICE-2000

Mapping : 192.168.200.12 --> XX.XXX.X17.85
Ports In Use : 1
Session Count : 1
Mapping State : Active

 

MX B

xx@mx480b> show services nat mappings detail

 

2. The second problem is that my MS-MIC on MX A(which is the primary router)  is in backup role and the MS-MIC on MX B( which is the backup router )  is in active role. See below:

MX B

 

xx@mx480b> show services ha
Interface: ms-1/2/0
Inter-chassis: Role: active, Connection: Up, Synchronization: Hot
Peers: Local: 10.135.100.2 Port: 4001, Remote: 10.135.100.1 Port: 4001

 

MX A

 

xx@mx480a> show services ha
Interface: ms-1/2/0
Inter-chassis: Role: backup, Connection: Up, Synchronization: Hot
Peers: Local: 10.135.100.1 Port: 4001, Remote: 10.135.100.2 Port: 4001

 

Does anyone know how to reticfy this and switch the priority?

 

Thanks

Uzo