SRX Services Gateway
Highlighted
SRX Services Gateway

[SRX550, 12.1X44] issue when test failover

[ Edited ]
‎01-30-2020 02:24 AM

Hello,

i think i encounter some issue when doing failover test.

My 1st scenario is to shutdown/disable interface 3/1/3 in CS-A.

The result of "show chassis cluster status" is as expected, but ping to 1.1.1.137 is RTO

 

Kindly need your assistance how to make 1.1.1.137 reachable when SRX-A is down.

Attached my configuration file

 

Regards,

Bram

Attachments

6 REPLIES 6
Highlighted
SRX Services Gateway

Re: [SRX550, 12.1X44] issue when test failover

‎01-30-2020 03:38 PM

Looking at the diagram, I suspect that the cluster did not failover to node b with the loss of the link on node a to cs A.

 

When the link is down run this to verify

show chassis cluster status

 

In a standard active/passive cluster the links on the passive device do not accept or pass traffic.

They are in standby mode.

 

So the key is to have things set in a way that when failures to/from the active node occur they cause the cluster to failover to the passive device and allow the traffic.

 

Steve Puluka BSEET - Juniper Ambassador
IP Architect - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP)
http://puluka.com/home
Highlighted
SRX Services Gateway

Re: [SRX550, 12.1X44] issue when test failover

‎01-30-2020 06:19 PM

Hello Steve,

 

Please find result "show chassis cluster status" before and after i shutdown/disable the interface 3/1/3 in CS A

 

[before]

root@FW03> show chassis cluster status
Cluster ID: 1
Node Priority Status Preempt Manual failover

Redundancy group: 0 , Failover count: 1
node0 200 primary no no
node1 100 secondary no no

Redundancy group: 1 , Failover count: 155
node0 200 primary yes no
node1 100 secondary yes no

{primary:node0}
root@FW03>

 

[after]

root@FW03> show chassis cluster status
Cluster ID: 1
Node Priority Status Preempt Manual failover

Redundancy group: 0 , Failover count: 1
node0 200 primary no no
node1 100 secondary no no

Redundancy group: 1 , Failover count: 156
node0 0 secondary yes no
node1 100 primary yes no

{primary:node0}
root@FW03>

Highlighted
SRX Services Gateway

Re: [SRX550, 12.1X44] issue when test failover

‎02-01-2020 06:25 AM

The cluster looks correct then failing over.  

When the reth interfaces switchover they issue a garp to take control of the reth ip address.

 

Can you verify the mac address moves to the associated port on both swb and cs b during the switchover event

 

Steve Puluka BSEET - Juniper Ambassador
IP Architect - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP)
http://puluka.com/home
Highlighted
SRX Services Gateway

Re: [SRX550, 12.1X44] issue when test failover

‎02-03-2020 12:29 AM

Hi Steve,

 

unfortunately, when i do failover, i can not reach 1.1.1.137

Highlighted
SRX Services Gateway

Re: [SRX550, 12.1X44] issue when test failover

‎02-03-2020 04:50 AM

I think the issue will be with how hsrp works on the switch ports. 

 

The SRX cluster works using redundant ethernet standard for failover.

So both ports are up/up but only the active port is passing traffic.

On the hsrp side since the primary port is still up but the failover has occured your vip address still remains on the SRX A port but that port is now no longer passing traffic

 

Can you move the ip addresses on the switches to virtual interfaces instead of the physical ones?

In juniper this would be irb.x or vlan.x format.  I'm not sure what the cisco equivilent is.

 

Steve Puluka BSEET - Juniper Ambassador
IP Architect - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP)
http://puluka.com/home
Highlighted
SRX Services Gateway

Re: [SRX550, 12.1X44] issue when test failover

‎02-03-2020 06:23 PM

on switches side, all are configured using interface vlan.

on the switch's physical port only configured as access mode, with connection between switches configured as trunk

Feedback