SRX Services Gateway
SRX Services Gateway

SRX1400 new installation

[ Edited ]
‎01-01-2018 01:13 AM

i hvae a new installation of two SRX1400, i am tring to configure HA but i facing some problems:

 

HA Amber light

cannot reach pingable or HTTP in reth0 and reth1.

 

 

 

{primary:node0}
admin@CIG-HQ-FW> show chassis cluster status
Monitor Failure codes:
CS Cold Sync monitoring FL Fabric Connection monitoring
GR GRES monitoring HW Hardware monitoring
IF Interface monitoring IP IP monitoring
LB Loopback monitoring MB Mbuf monitoring
NH Nexthop monitoring NP NPC monitoring
SP SPU monitoring SM Schedule monitoring
CF Config Sync monitoring

Cluster ID: 2
Node Priority Status Preempt Manual Monitor-failures

Redundancy group: 0 , Failover count: 1
node0 100 primary no no None
node1 1 secondary no no None

Redundancy group: 1 , Failover count: 1
node0 0 primary no no IF CS
node1 0 secondary no no IF SP CS HW

 

 

 

{primary:node0}
admin@CIG-HQ-FW> show system alarms
node0:
--------------------------------------------------------------------------
2 alarms currently active
Alarm time Class Description
2018-01-01 09:48:08 UTC Minor IDP Signature usage requires a license
2018-01-01 08:11:13 UTC Major Host 0 fxp0 : Ethernet Link Down

node1:
--------------------------------------------------------------------------
3 alarms currently active
Alarm time Class Description
2018-01-01 10:34:16 UTC Minor IDP Signature usage requires a license
2018-01-01 09:03:25 UTC Major Host 0 fxp0 : Ethernet Link Down

 

 

{primary:node0}
admin@CIG-HQ-FW> show chassis alarms
node0:
--------------------------------------------------------------------------
1 alarms currently active
Alarm time Class Description
2018-01-01 08:11:13 UTC Major Host 0 fxp0 : Ethernet Link Down

node1:
--------------------------------------------------------------------------
1 alarms currently active
Alarm time Class Description
2018-01-01 12:19:06 UTC Major Host 0 fxp0 : Ethernet Link Down

 

 

this is my configuration:

 

 

{primary:node0}
admin@CIG-HQ-FW> show configuration
## Last commit: 2018-01-01 09:44:27 UTC by admin
version 12.3X48-D30.7;
groups {
node0 {
interfaces {
fxp0 {
unit 0 {
family inet {
address 192.168.100.100/32;
}
}
}
}
}
node1 {
interfaces {
fxp0 {
unit 0 {
family inet {
address 192.168.100.100/32;
}
}
}
}
}
}
system {
host-name CIG-HQ-FW;
root-authentication {
encrypted-password "$1$dZJ8pLjI$ZyoWOqn78ILIZsYdR3CRC/"; ## SECRET-DATA
}
login {
user admin {
uid 2001;
class super-user;
authentication {
encrypted-password "$1$jzdnN6Hx$NDCg8NBUTMfReWiJCccaY."; ## SECRET-DATA
}
}
}
syslog {
user * {
any emergency;
}
file messages {
any notice;
authorization info;
}
file interactive-commands {
interactive-commands any;
}
}
license {
autoupdate {
url https://ae1.juniper.net/junos/key_retrieval;
}
}
}
chassis {
cluster {
reth-count 16;
redundancy-group 0 {
node 0 priority 100;
node 1 priority 1;
}
redundancy-group 1 {
node 0 priority 100;
node 1 priority 1;
interface-monitor {
ge-2/0/0 weight 255;
ge-2/0/1 weight 255;
ge-6/0/0 weight 255;
ge-6/0/1 weight 255;
}
}
}
}
security {
idp {
security-package {
url https://services.netscreen.com/cgi-bin/index.cgi;
}
}
zones {
security-zone untrust {
interfaces {
reth0.0;
}
}
security-zone trust {
interfaces {
reth1.0;
}
}
}
}
interfaces {
ge-2/0/0 {
gigether-options {
redundant-parent reth0;
}
}
ge-2/0/1 {
gigether-options {
redundant-parent reth1;
}
}
ge-6/0/0 {
gigether-options {
redundant-parent reth0;
}
}
ge-6/0/1 {
gigether-options {
redundant-parent reth1;
}
}
fab0 {
fabric-options {
member-interfaces {
ge-0/0/6;
}
}
}
fab1 {
fabric-options {
member-interfaces {
ge-4/0/6;
}
}
}
reth0 {
redundant-ether-options {
redundancy-group 1;
}
unit 0 {
family inet {
address 10.10.10.200/24;
}
}
}
reth1 {
redundant-ether-options {
redundancy-group 1;
}
unit 0 {
family inet {
address 192.168.1.1/24;
}
}
}
}

{primary:node0}
admin@CIG-HQ-FW>

 

 

 

13 REPLIES 13
SRX Services Gateway

Re: SRX1400 new installation

‎01-01-2018 06:10 AM

What is the status of your control and fabric links for the cluster?

 

show chassis cluster interfaces

 

show chassis cluster information

 

Steve Puluka BSEET - Juniper Ambassador
IP Architect - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP)
http://puluka.com/home
Highlighted
SRX Services Gateway

Re: SRX1400 new installation

‎01-01-2018 11:26 PM

thanks for reply,

 

{primary:node0}
admin@CIG-HQ-FW> show chassis cluster interfaces
Control link status: Up

Control interfaces:
Index Interface Monitored-Status Internal-SA
0 em0 Up Disabled
1 em1 Up Disabled

Fabric link status: Down

Fabric interfaces:
Name Child-interface Status
(Physical/Monitored)
fab0 ge-0/0/6 Up / Down
fab0
fab1 ge-4/0/6 Up / Down
fab1

Redundant-ethernet Information:
Name Status Redundancy-group
reth0 Down 1
reth1 Up 1
reth2 Down Not configured
reth3 Down Not configured
reth4 Down Not configured
reth5 Down Not configured
reth6 Down Not configured
reth7 Down Not configured
reth8 Down Not configured
reth9 Down Not configured
reth10 Down Not configured
reth11 Down Not configured
reth12 Down Not configured
reth13 Down Not configured
reth14 Down Not configured
reth15 Down Not configured

Redundant-pseudo-interface Information:
Name Status Redundancy-group
lo0 Up 0

Interface Monitoring:
Interface Weight Status Redundancy-group
ge-6/0/1 255 Up 1
ge-6/0/0 255 Down 1
ge-2/0/1 255 Up 1
ge-2/0/0 255 Down 1

 

 

 

 

{primary:node0}
admin@CIG-HQ-FW> show chassis cluster information
node0:
--------------------------------------------------------------------------
Redundancy Group Information:

Redundancy Group 0 , Current State: primary, Weight: 255

Time From To Reason
Jan 2 07:42:30 hold secondary Hold timer expired
Jan 2 07:42:33 secondary primary Only node present

Redundancy Group 1 , Current State: primary, Weight: -255

Time From To Reason
Jan 2 07:42:30 hold secondary Hold timer expired
Jan 2 07:42:33 secondary primary Only node present

Chassis cluster LED information:
Current LED color: Amber
Last LED change reason: Monitored objects are down

Failure Information:

Coldsync Monitoring Failure Information:
Statistics:
Coldsync Total SPUs: 1
Coldsync completed SPUs: 0
Coldsync not complete SPUs: 1

PIC State Report Time
FPC 1 PIC 0 Not complete Jan 2 07:55:02.744

Interface Monitoring Failure Information:
Redundancy Group 1, Monitoring status: Failed
Interface Status
ge-2/0/0 Down

node1:
--------------------------------------------------------------------------
Redundancy Group Information:

Redundancy Group 0 , Current State: secondary, Weight: 255

Time From To Reason
Jan 2 08:56:38 hold secondary Hold timer expired

Redundancy Group 1 , Current State: secondary, Weight: -765

Time From To Reason
Jan 2 08:56:38 hold secondary Hold timer expired

Chassis cluster LED information:
Current LED color: Amber
Last LED change reason: Monitored objects are down

Failure Information:

SPU or NPC Monitoring Failure Information:
Statistics: SPU NPC
total 1 1
up 0 1
down 1 0

Coldsync Monitoring Failure Information:
Statistics:
Coldsync Total SPUs: 1
Coldsync completed SPUs: 0
Coldsync not complete SPUs: 1

Interface Monitoring Failure Information:
Redundancy Group 1, Monitoring status: Failed
Interface Status
ge-6/0/1 Down
ge-6/0/0 Down

 

SRX Services Gateway

Re: SRX1400 new installation

‎01-02-2018 01:36 AM

Hi MarO, 

 

How are the fab links connected between the nodes? ge-0/0/6 and ge-4/0/6 , are they directly connected back to back or via a switched network? If it is via a switch , make sure the vlan tags are preserved for the fab interfaces and disable igmp snooping on the switch. 

 

I can see that the fab link is down due to monitor failure , physical it is up. And there are Cold Sync and SPU failure also seen. 

 

Could you provide the output of "show chassis cluster statistics | no-more" collected 2-3 times and "show chassis fpc pic-status"  and "show system core-dumps"? 

 

Since you have mentioned this is a new deployment , have you tried to reboot both the nodes simultaneously ? 

 

 

SRX Services Gateway

Re: SRX1400 new installation

‎01-02-2018 02:42 AM

Your fabric links are admin up but  link down

 

Fabric link status: Down

Fabric interfaces:
Name Child-interface Status
(Physical/Monitored)
fab0 ge-0/0/6 Up / Down
fab0
fab1 ge-4/0/6 Up / Down
fab1

 

You will need to verify the cabling on these.

 

Steve Puluka BSEET - Juniper Ambassador
IP Architect - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP)
http://puluka.com/home
SRX Services Gateway

Re: SRX1400 new installation

‎01-02-2018 10:58 PM

thanks for reply,

 

control links and fab connected directly, now i reload both nodes simultaneously and wrote this commands:

 

{primary:node0}
admin@CIG-HQ-FW> show chassis cluster statistics | no-more
Control link statistics:
Control link 0:
Heartbeat packets sent: 887
Heartbeat packets received: 876
Heartbeat packet errors: 0
Control link 1:
Heartbeat packets sent: 887
Heartbeat packets received: 739
Heartbeat packet errors: 0
Fabric link statistics:
Child link 0
Probes sent: 1037
Probes received: 0
Child link 1
Probes sent: 0
Probes received: 0
Services Synchronized:
Service name RTOs sent RTOs received
Translation context 0 0
Incoming NAT 0 0
Resource manager 0 0
DS-LITE create 0 0
Session create 0 0
IPv6 session create 0 0
Session close 0 0
IPv6 session close 0 0
Session change 0 0
IPv6 session change 0 0
ALG Support Library 0 0
Gate create 0 0
Session ageout refresh requests 0 0
IPv6 session ageout refresh requests 0 0
Session ageout refresh replies 0 0
IPv6 session ageout refresh replies 0 0
IPSec VPN 0 0
Firewall user authentication 0 0
MGCP ALG 0 0
H323 ALG 0 0
SIP ALG 0 0
SCCP ALG 0 0
PPTP ALG 0 0
JSF PPTP ALG 0 0
RPC ALG 0 0
RTSP ALG 0 0
RAS ALG 0 0
MAC address learning 0 0
GPRS GTP 0 0
GPRS SCTP 0 0
GPRS FRAMEWORK 0 0
JSF RTSP ALG 0 0
JSF SUNRPC MAP 0 0
JSF MSRPC MAP 0 0
DS-LITE delete 0 0
JSF SLB 0 0
APPID 0 0
JSF MGCP MAP 0 0
JSF H323 ALG 0 0
JSF RAS ALG 0 0
JSF SCCP MAP 0 0
JSF SIP MAP 0 0
PST_NAT_CREATE 0 0
PST_NAT_CLOSE 0 0
PST_NAT_UPDATE 0 0
JSF TCP STACK 0 0
JSF IKE ALG 0 0

 

{primary:node0}
admin@CIG-HQ-FW> show chassis cluster statistics | no-more
Control link statistics:
Control link 0:
Heartbeat packets sent: 1007
Heartbeat packets received: 996
Heartbeat packet errors: 0
Control link 1:
Heartbeat packets sent: 1007
Heartbeat packets received: 859
Heartbeat packet errors: 0
Fabric link statistics:
Child link 0
Probes sent: 1277
Probes received: 0
Child link 1
Probes sent: 0
Probes received: 0
Services Synchronized:
Service name RTOs sent RTOs received
Translation context 0 0
Incoming NAT 0 0
Resource manager 0 0
DS-LITE create 0 0
Session create 0 0
IPv6 session create 0 0
Session close 0 0
IPv6 session close 0 0
Session change 0 0
IPv6 session change 0 0
ALG Support Library 0 0
Gate create 0 0
Session ageout refresh requests 0 0
IPv6 session ageout refresh requests 0 0
Session ageout refresh replies 0 0
IPv6 session ageout refresh replies 0 0
IPSec VPN 0 0
Firewall user authentication 0 0
MGCP ALG 0 0
H323 ALG 0 0
SIP ALG 0 0
SCCP ALG 0 0
PPTP ALG 0 0
JSF PPTP ALG 0 0
RPC ALG 0 0
RTSP ALG 0 0
RAS ALG 0 0
MAC address learning 0 0
GPRS GTP 0 0
GPRS SCTP 0 0
GPRS FRAMEWORK 0 0
JSF RTSP ALG 0 0
JSF SUNRPC MAP 0 0
JSF MSRPC MAP 0 0
DS-LITE delete 0 0
JSF SLB 0 0
APPID 0 0
JSF MGCP MAP 0 0
JSF H323 ALG 0 0
JSF RAS ALG 0 0
JSF SCCP MAP 0 0
JSF SIP MAP 0 0
PST_NAT_CREATE 0 0
PST_NAT_CLOSE 0 0
PST_NAT_UPDATE 0 0
JSF TCP STACK 0 0
JSF IKE ALG 0 0

{primary:node0}
admin@CIG-HQ-FW> show chassis cluster statistics | no-more
Control link statistics:
Control link 0:
Heartbeat packets sent: 1014
Heartbeat packets received: 1003
Heartbeat packet errors: 0
Control link 1:
Heartbeat packets sent: 1014
Heartbeat packets received: 866
Heartbeat packet errors: 0
Fabric link statistics:
Child link 0
Probes sent: 1291
Probes received: 0
Child link 1
Probes sent: 0
Probes received: 0
Services Synchronized:
Service name RTOs sent RTOs received
Translation context 0 0
Incoming NAT 0 0
Resource manager 0 0
DS-LITE create 0 0
Session create 0 0
IPv6 session create 0 0
Session close 0 0
IPv6 session close 0 0
Session change 0 0
IPv6 session change 0 0
ALG Support Library 0 0
Gate create 0 0
Session ageout refresh requests 0 0
IPv6 session ageout refresh requests 0 0
Session ageout refresh replies 0 0
IPv6 session ageout refresh replies 0 0
IPSec VPN 0 0
Firewall user authentication 0 0
MGCP ALG 0 0
H323 ALG 0 0
SIP ALG 0 0
SCCP ALG 0 0
PPTP ALG 0 0
JSF PPTP ALG 0 0
RPC ALG 0 0
RTSP ALG 0 0
RAS ALG 0 0
MAC address learning 0 0
GPRS GTP 0 0
GPRS SCTP 0 0
GPRS FRAMEWORK 0 0
JSF RTSP ALG 0 0
JSF SUNRPC MAP 0 0
JSF MSRPC MAP 0 0
DS-LITE delete 0 0
JSF SLB 0 0
APPID 0 0
JSF MGCP MAP 0 0
JSF H323 ALG 0 0
JSF RAS ALG 0 0
JSF SCCP MAP 0 0
JSF SIP MAP 0 0
PST_NAT_CREATE 0 0
PST_NAT_CLOSE 0 0
PST_NAT_UPDATE 0 0
JSF TCP STACK 0 0
JSF IKE ALG 0 0

 

 

 

{primary:node0}
admin@CIG-HQ-FW> show chassis fpc pic-status
node0:
--------------------------------------------------------------------------
Slot 0 Online SRX1k 1GE SYSIO
PIC 0 Online 6x 1GE RJ45 6x 1GE SFP
Slot 1 Online SRX1k Dual Wide NPC+SPC Support Card
PIC 0 Online SPU Cp-Flow
Slot 2 Online SRX3k 16xGE TX
PIC 0 Online 16x 1GE-TX
Slot 3 Online BUILTIN NPC
PIC 0 Online NPC PIC

node1:
--------------------------------------------------------------------------
Slot 0 Online SRX1k 1GE SYSIO
PIC 0 Online 6x 1GE RJ45 6x 1GE SFP
Slot 1 Online SRX1k Dual Wide NPC+SPC Support Card
PIC 0 Offline
Slot 2 Online SRX3k 16xGE TX
PIC 0 Online 16x 1GE-TX
Slot 3 Online BUILTIN NPC
PIC 0 Online NPC PIC

 

 

 

{primary:node0}
admin@CIG-HQ-FW> show system core-dumps
node0:
--------------------------------------------------------------------------
/var/crash/*core*: No such file or directory
/var/tmp/*core*: No such file or directory
/var/tmp/pics/*core*: No such file or directory
/var/crash/kernel.*: No such file or directory
/tftpboot/corefiles/*core*: No such file or directory

node1:
--------------------------------------------------------------------------
/var/crash/*core*: No such file or directory
/var/tmp/*core*: No such file or directory
/var/tmp/pics/*core*: No such file or directory
/var/crash/kernel.*: No such file or directory
/tftpboot/corefiles/*core*: No such file or directory

 

 

 

 

 

SRX Services Gateway

Re: SRX1400 new installation

‎01-03-2018 02:43 AM

Based on this I suspect your fabric links is still link down.

 

Fabric link statistics:
Child link 0
Probes sent: 1037
Probes received: 0

 

Check the status on

show chassis cluster interfaces

 

And resolve the link issue between the fabric ports.

 

Steve Puluka BSEET - Juniper Ambassador
IP Architect - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP)
http://puluka.com/home
SRX Services Gateway

Re: SRX1400 new installation

‎01-03-2018 06:00 AM

Hello MarO, 

 

Thank you for the outputs, It appears that the fab link is not up due to SPC of node1 not being online, physical status of the fab link is UP. 

 

node1:
--------------------------------------------------------------------------
Slot 0 Online SRX1k 1GE SYSIO
PIC 0 Online 6x 1GE RJ45 6x 1GE SFP
Slot 1 Online SRX1k Dual Wide NPC+SPC Support Card
PIC 0 Offline   <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
Slot 2 Online SRX3k 16xGE TX
PIC 0 Online 16x 1GE-TX
Slot 3 Online BUILTIN NPC
PIC 0 Online NPC PIC

 

It maybe a HW issue with the SPC+NPC combo card. Please attach the following outputs to confirm this. Log the putty/ terminal /SecureCRT and collect the following output, attach the file here. 

 

On node1, 

show log chassid | no-more 

request pfe execute target tnp tnp-name node1.cpp0 command "show syslog message " | no-more 

 

 

 

 

SRX Services Gateway

Re: SRX1400 new installation

‎01-04-2018 01:29 AM

Hi Makamaraj,

 

i cannot add attach file, i tried several Browsers.

 

SRX Services Gateway

Re: SRX1400 new installation

‎01-04-2018 02:49 AM

If you are not seeing the "choose file" button at all be sure to log in before you open the reply window.

 

You already rebooted the nodes.  Did you try reseating the cards?

 

Or manually brining the pic online on node 1

request chassis pic fpc-slot 1 pic-slot 0 online

 

Steve Puluka BSEET - Juniper Ambassador
IP Architect - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP)
http://puluka.com/home
SRX Services Gateway

Re: SRX1400 new installation

‎01-06-2018 11:00 PM

when i choose file and trying to post but it`is transferring me to a replying page while post succeed without insert any file,

 

i tried that command but still facing same issue

SRX Services Gateway

Re: SRX1400 new installation

‎01-07-2018 02:46 AM

Sorry for not being clear.  The forum software allows you to hit reply and post a reply when you are not yet logged in but the image insert and file tools do not.

 

First when you arrive at the forum page login

Then navigate to the post and hit reply

Now the image and file attach tools will work.

 

Steve Puluka BSEET - Juniper Ambassador
IP Architect - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP)
http://puluka.com/home
SRX Services Gateway

Re: SRX1400 new installation

[ Edited ]
‎01-07-2018 05:17 AM

good, now its succeed, find attached please

Attachments

SRX Services Gateway

Re: SRX1400 new installation

‎01-07-2018 10:22 PM

Hi MarO , 

 

Thank you for uploading the logs. I can see the node1's SPC1 is having HW issue and not able to come online. 

 

Snippet from the log you uploaded, 

 

[Jan  4 10:11:46.368 LOG: Err] swanhill1: XLR1, give up boot recovery.
[Jan  4 10:11:46.368 LOG: Debug] swanhill1: XLR1 offline reason changed from 0 to 42
[Jan  4 10:18:20.386 LOG: Err] CMCPP: fpc 1, SPU wait for working state

You would need to open a JTAC case to RMA the SPC+NPC combo card.