Setting Up Chassis cluster Juniper SRX
To set up a cluster the two devices have to be the same model and have the same version.This example uses the SRX 220 firewall. To begin with we need to connect a cable to port 7 and port 5.
Before we begin we need to go in to config mode and use the following commands and commit the changes.
delete security delete interfaces delete vlans
Once this is done start the units up. At the user mode prompt usthe command
set chassis cluster cluster-id 1 node 0 reboot
for the primary node and for the secondey node use
set chassis cluster cluster-id 1 node 0 reboot
Once the units reboot the prompt will change.
{primary:node0}
root@SRX>
We can now check the cluster by using the command
show chassis cluster status
from here we get the following output
Cluster ID: 1 Node Priority Status Preempt Manual failover Redundancy group: 0 , Failover coun node0 1 primary no no node1 1 secondary no no
Now we have created the cluster it’s now time to set up management and create redundant Ethernet connections. Once the cluster is formed node 1 port number will start from 3 so for port 1 on node 1 the number will be ge-3/0/1. From configuration mode we need to do the following.
set groups node0 system host-name SRX1
set groups node0 interfaces fxp0 unit 0 family inet address 192.168.1.1/24
set groups node1 system host-name SRX2
set groups node1 interfaces fxp0 unit 0 family inet address 192.168.1.1/24
set apply-groups "${node}"
The fxp0 interface is used for management and is bonded to port 6 on the SRX 220. The fxp1 interface is used for HA and is bonded to port 7 on the SRX. We now need to set up the fabric.
set interfaces fab0 fabric-options member-interfaces ge-0/0/5 set interfaces fab1 fabric-options member-interfaces ge-3/0/5
The fabric can be set to any port but need to be connected from node 0 to node 1.
We can now setup a redundant Ethernet connection using the following commands
set chassis cluster reth-count 2 set chassis cluster redundancy-group 1 node 0 priority 100 set chassis cluster redundancy-group 1 node 1 priority 50 set chassis cluster redundancy-group 1 interface-monitor ge-0/0/0 weight 255 set chassis cluster redundancy-group 1 interface-monitor ge-3/0/0 weight 255
now we have set up redundancy-group 1 we can now create the interface reth1
set interfaces ge-0/0/0 gigether-options redundant-parent reth1 set interfaces ge-3/0/0 gigether-options redundant-parent reth1 set interfaces reth1 vlan-tagging set interfaces reth1 redundant-ether-options redundancy-group 1 set interfaces reth1 unit 10 vlan-id 10 set interfaces reth1 unit 10 family inet address 192.168.2.254/24 set interfaces reth1 unit 20 vlan-id 20 set interfaces reth1 unit 20 family inet address 192.168.1.254/24
We have now set up our reth connection. We can use the following command to check this connected from user mode.
{primary:node0}
root@SRX1> show chassis cluster status redundancy-group
Cluster ID: 1
Node Priority Status Preempt Manual failover
Redundancy group: 1 , Failover count: 1
node0 100 primary no no
node1 50 secondary no no
To test this we connect a client and ping Google’s DNS server and then kill a connection
{secondary:node0}
root@SRX1> show chassis cluster status redundancy-group
Cluster ID: 1
Node Priority Status Preempt Manual failover
Redundancy group: 1 , Failover count: 1
node0 0 secondary no no
node1 50 primary no no