Tuesday, May 8, 2012

How to add new interfaces on Juniper SRX chassis cluster

There are many good JUNOS articles on setting up the Juniper SRX chassis. But I just want to summarize the steps on how to add new interfaces to existing chassis cluster. In other words, the following pre-requites are complete as follows:
  1. Configuring Chassis Cluster information on both nodes e.g. set chassis cluster-id 1 node 0 
  2. Configuring Redundancy Groups (RG) and specify which node should be the primary node for each RG. e.g. set chassis cluster redundancy-group 1 node 0 priority 200. This is also where you determine whether it is a Active-Passive or Active-Active setup
  3. Configuring Out-of-Band management interface for fxp0 - optional
  4. Configuring Virtual Routing instances (a.k.a VRF-lite in Cisco networking) - optional 
  5. Configure the number of Redundant Interfaces using "set chassis cluster reth-count n" where n is the number of reth.
  6. Configuring Redundant Interface (reth) using at least one interface from each node
  7. Configuring control link using fxp1 interface where configuration synchronization takes place between 2 nodes 
  8. Configuring fabric interface (fabn where n denotes the node id) consisting of at least one ethernet interface from each node
  9. Successful cluster setup!
After you have established the cluster successfully, you may wish to add more interfaces to it. The additional steps are as follows:

Step1: Increase the reth count by using
  • set chassis cluster reth-count n where n is the new number of reth interfaces
Step 2: Identify 2 similar interfaces (one from each node e.g. ge-0/0/2 and ge-8/0/2) to form a new reth. e.g. 
  • set interfaces ge-0/0/2 gigether-options redundant-parent reth2
  • set interfaces ge-8/0/2 gigether-options redundant-parent reth2
Step 3: Configure new reth2 by heading to "edit interfaces reth2"
  • Enable VLAN tagging if you intend to use VLAN: "set vlan-tagging"
  • Create new sub-interface: "set unit nnn vlan-id " where nnn is any sub-interface number.
  • Assign IP address to sub-interface: "set unit nnn family inet address 1.1.1.1/24" 
  • Return to top level edit: "top"
Step 4: Assign this interface to the virtual routing instance
  • set routing-instances interface reth2.nnn
Step 5: Assign this interface to the appropriate security zone
  • set security zones security-zone interfaces reth2.nnn
Step 6: Check new configurations and commit
  • top
  • show | compare rollback 0
  • commit

5 comments:

  1. Very clear and concise article. Much better than what is over at juniper.net :-)

    ReplyDelete
  2. Thank you. I miss SRX's

    ReplyDelete
  3. Thanks fot the tip, usefull.
    However, regarding steps 1 to 6, I would like to know:
    - if you check the interfaces (ge-0/0/2 and ge-8/0/2 in the example) are physical Up or not, before configuring them. Or maybe not important ?

    - when you can add them in the "redundancy-group X interface-monitor " configuration part: I suppose when both ports are Up ?

    ReplyDelete
  4. please i need help for fixing this part
    i configure 2 srx 650 in cluster with 2 redundancy group

    when i add two reth( reth0, reth1) in redundancy group 1 , all seems to work fine but when try to add another reth (reth2) interface in the redundancy group , the traffic don't seem to pass throup

    i can't ping the interface (reth2) and the first interface either



    i tried to play with weigt (255 for each interface) and (100.100.50 for each interface)



    ReplyDelete
  5. Good summary, but where in the GUI is the equivalent of
    set interfaces ge-0/0/2 gigether-options redundant-parent reth2

    ReplyDelete