[How to] Setup virtual chassis between two SRX650 devices

Setup virtual chassis between two SRX650 devices with 4 on-board ports 

Device	Virtual interfaces	Physical interfaces	Fuctions	node
SRX650-01	fxp0	ge-0/0/0	management interface	Node0
	fxp1	ge-0/0/1	control interface
	fab0	ge-0/0/2	fabric ports ( data links)
SRX650-02	fxp0	ge-0/0/0	management interface	Node1
	fxp1	ge-0/0/1	control interface
	fab1	ge-0/0/2	fabric ports ( data links)

Note: because we have only 4 ports on each device, so we have only 1 virtual aggressive interface  reth0. If we have 2 modules 24-port, then we will be able to create 2 or more virtual interface (reth0, reth1,...)

Physical conectivity:

-          Ge-0/0/1 (node 0) to Ge-0/0/1 (node 1)

-          Ge-0/0/2 (node 0) to Ge-0/0/2 (node 1)

-          Ge-0/0/3 plays as routing interface between zones

Configuration:

  Physically connect the two devices. On the SRX 650 device, connect ge-0/0/1 on device A to ge-0/0/1 on device B.  The ge-0/0/1 interface on device B will change to ge-9/0/1 after clustering happens.

  Set the devices into cluster mode with the following command and reboot the devices.  Note that this is an operational mode and not a configure mode command.

• On node 0:

user@host> set chassis cluster cluster-id 1 node 0 reboot

• On node 1:

user@host> set chassis cluster cluster-id 1 node 1 reboot

 After rebooting 2 devices, we config on a device, and the config will be automatically copied to the other device when a commit command is done.

  Set up the device specific configurations such as host names and management IP addresses, this is specific to each device and is the only part of the configuration that is unique to its specific node.  This is done by entering the following commands (all on the primary node):

On device A:
{primary:node0}
# set group node0 system host-name <name-node0>     
# set group node0 interfaces fxp0 unit 0 family inet address
# set group node1 system host-name <name-node1>     
# set group node1 interfaces fxp0 unit 0 family inet address

- Set this command is set so that the individual configs for each node set by the above commands is applied only to that node.  (required)

  Create FAB links (data plane links for RTO sync, etc).

On device A:
{primary:node0}
# set interfaces fab0 fabric-options member-interfaces ge-0/0/2   

# set interfaces fab1 fabric-options member-interfaces ge-9/0/2 

  

  Set up the Redundancy Group 0 for the Routing Engine failover properties.  Also setup Redundancy Group 1 (all the interfaces will be in one Redundancy Group in this example) to define the failover properties for the Reth interfaces.

{primary:node0}
# set chassis cluster redundancy-group 0 node 0 priority 100
# set chassis cluster redundancy-group 0 node 1 priority 1
# set chassis cluster redundancy-group 1 node 0 priority 100
# set chassis cluster redundancy-group 1 node 1 priority 1

  Set up the Interface monitoring.  Monitoring the health of the interfaces is one way to trigger Redundancy group failover. Note: interface monitoring is not recommended for redundancy-group 0.

On device A:
{primary:node0}
# set chassis cluster redundancy-group 1 interface-monitor ge-0/0/3 weight 255
# set chassis cluster redundancy-group 1 interface-monitor ge-9/0/0 weight 255

  Setup the Redundant Ethernet interfaces (Reth interface) and assign the Redundant interface to a zone. Make sure that you setup your max number of redundant interfaces as follows: 

On device A:
{primary:node0}  
# set chassis cluster reth-count 1
# set security zones security-zone trust interfaces reth0.0

# set interfaces ge-0/0/3 gigether-options redundant-parent reth0

# set interfaces ge-9/0/3 gigether-options redundant-parent reth0

# set interfaces fab0 fabric-options member-interfaces ge-0/0/2

# set interfaces fab1 fabric-options member-interfaces ge-9/0/2

# set interfaces reth0 vlan-tagging

# set interfaces reth0 redundant-ether-options redundancy-group 1

# set interfaces reth0 unit 10 vlan-id 10

# set interfaces reth0 unit 10 family inet address 192.168.10.1/24

# set interfaces reth0 unit 11 vlan-id 11

# set interfaces reth0 unit 11 family inet address 192.168.11.1/24

# set interfaces reth0 unit 12 vlan-id 12

# set interfaces reth0 unit 12 family inet address 192.168.12.1/24

Because there is only one interface ge-0/0/3 left  for routing, so we have to use vlan-tagging on interface reth0 – its parent redundant interface.

  Commit and changes will be copied over to the Secondary Node, Device B.

On device A:
{primary:node0}
# commit

This will prepare the basic clustering setting for both the devices. 

Troubleshoot.

Problem:

In my case, the node 1 in the hold/lost state, and we unable to see the physical interface in 'show interface terse' on Chassis Cluster

This is caused when the management or control interfaces are configured on the device.

Solution:

Delete the configured management and control interface on the device and their related configuration and commit the changes.

# delele interfaces

# commit

QUESTIONS

1.      Which interfaces are used for the control and data planes?

2.      What is the purpose of a fab interface?

3.      What is an RG? What is the sigfinicance of  RG-0 and RG-1?

4.      What is the default threshold for interface monitoring?

5.      What happens if the cluster-id value equals 0?

ANSWERS

1.      It depends on the devices. For most SRX devices, ge-0/0/1 is used for control plane, and ge-0/0/2 (and maybe ge-0/0/3, … in SPC 0) is used for data plane.

2.      A fabric interface plays as data link between two devices in a cluser model. Two connected fab interfaces form a data plane between the two.

3.      An RG (Redundancy Group) is an abstract construct that includes and manages a collection of objects from both nodes. RG-0 is for reserve, while RG-1 represents a group of up to 128 redundant ethernet interfaces (reth#).

4.      255

5.      Then the device ignores virtual chassis mode.

 

-