SRX Services Gateway
Highlighted
SRX Services Gateway

SRX-650 HA and Built-In Ports

‎11-21-2009 02:24 PM

I've seen in Juniper SRX-650 documentations, that I have to configure ge-0/0/1 as the Control Port, ge-0/0/2 or ge-0/0/3 as Fabric Port, and ge-0/0/0 for Management, in case I want to have 2 appliances working as a HA cluster.

 

Now, I am a bit confused. Does this mean that if I only have the buil-in modules - i.e. no extra modules installed - then I'll loose 3 out of the 4 ports for HA and Management, and I'll only have one port left for traffic? Also, is it mandatory to have a dedicated port for management, or can I use ge-0/0/0 as a normal traffic port, and have in-band management?

 

Thanks a lot.

 

By the way, here you are the configuration guide I am refering to here.

http://www.juniper.net/techpubs/en_US/release-independent/junos/topics/concept/services-gateway-srx6...

Gr33n Data
JNCIS-FWV, JNCIA-IDP

@gr33ndata

http://gr33ndata.blogspot.com/
8 REPLIES 8
Highlighted
SRX Services Gateway

Re: SRX-650 HA and Built-In Ports

‎11-23-2009 08:21 AM

Hi GreenData,

 

yes this is correct. the fxp0 and control link will be assigned hard coded when you put the device in cluster mode!

 

the fab link you can choose which interface you will use.

 

GreetZ,

Frac

http://juniper-frac.blogspot.com
Highlighted
SRX Services Gateway

Re: SRX-650 HA and Built-In Ports

‎11-23-2009 01:49 PM

Plus, it is mandatory that you have a management port configured on each device, so that you can manage them independently.  You can use the LAN (reth) port for management, but if there is a failover you will only be able to get to the active reth interface.

 

There is no "management IP" command on the SRX like there is on ScreenOS (SSG).

 

Dan

DAK
Highlighted
SRX Services Gateway

Re: SRX-650 HA and Built-In Ports

‎12-03-2009 08:43 PM

As others have said, ge-0/0/0 will become fxp0 (management) as soon as you enable chassis cluster mode. You cannot configure the port as regular traffic port. As you surmised, this means you will have only 1 free GE port for user traffic. This is same for J-Series as well since J-Series also only has 4 onboard ports. SRX650 is best used with gPIMs to allow the amount of interfaces most deployments may need plus add ethernet switching features. The onboard ports are there if you need them but expectation is to use gPIMs for your traffic ports.

 

-Richard

Highlighted
SRX Services Gateway

Re: SRX-650 HA and Built-In Ports

‎08-19-2010 07:48 AM

I am trying to configure two SRX650 in chassis cluster mode.  After running the "set chassis cluster cluster-id 1 node 0 reboot" command on both SRXs im getting an error message that says ge-0/0/1 HA control port cannot be configured It does not allow me to commit any changes, thus i cannot continue.

SRX Services Gateway

Re: SRX-650 HA and Built-In Ports

‎08-19-2010 08:30 AM

You need to isuue "set chassis cluster cluster-id 1 node 0 reboot" on one node and "set chassis cluster cluster-id 1 node 1 reboot" on the other.

 

Dan

DAK
Highlighted
SRX Services Gateway

Re: SRX-650 HA and Built-In Ports

[ Edited ]
‎08-20-2010 02:05 AM

mrgq,

That message just says you have configured the ge-0/0/1 port, which is becoming fxp1 when in cluster mode. Hence you need to delete your "interfaces ge-0/0/1" part.

Regards,
Adam

(if my post helped solve your problem, mark it as accepted solution)
Highlighted
SRX Services Gateway

Re: SRX-650 HA and Built-In Ports

‎08-25-2010 09:20 PM

HA control port or HA management port cannot be configured. These error  messages can be simply solved by this command.

for example;

delete interfaces fe-0/0/6 unit 0

delete interfaces fe-0/0/7 unit 0

 

Highlighted
SRX Services Gateway

Re: SRX-650 HA and Built-In Ports

‎04-21-2011 04:02 AM

delete interface

commit

Feedback