SRX300 is a new series for Branch which has just been announced recently by Juniper Networks. It provides a good performance for Small and Medium Enterprise (SME). One of my customers has just purchased it and that’s why I have chance to play with it and share with you guys the experience and things I have configured. So in this article, I will show beloved iNET9 readers about example of configuring cluster for Juniper SRX340.
The Network Connectivity
[Image broken]As you can see the physical network connectivity, on top of device redundancy, we double physical links so that we can protect a failure in case one link fails.
SRX01 and SRX02 are inter-connect with two different ports of both sides, port ge-0/0/1 and ge-0/0/2. They are both for control link and data link respectively. Port ge-0/0/6 and 7 from both SRXs will be configured as reth0 and assigned to untrust zone. Then port ge-0/0/3 and 4 will be use for reth1 which is in trust zone to the LAN.
The four physical ports from both SRXs to ACESS switch will be configured into one LACP group and same thing to ports that connect to EDGE switch. From switches perspective, we will separate four physical links into two different LACP groups, which means two port per group. This is important to notice, guys.
Please also note that port name on SRX02 will be ge-5/x/x after cluster form.
Okay, enough bullshit description…let move to configuration part.
Configuration
On SRX01:
set chassis cluster cluster-id 1 node 0 reboot
On SRX02:
set chassis cluster cluster-id 1 node 1 reboot
Configure hostname and IP address for control link
set groups node0 system host-name SRX01
set groups node0 interfaces fxp0 unit 0 family inet address 10.99.99.1/30
set groups node1 system host-name SRX02
set groups node1 interfaces fxp0 unit 0 family inet address 10.99.99.2/30
set apply-groups "${node}"Add physical port to fab interface
set interfaces fab0 fabric-options member-interfaces ge-0/0/2 set interfaces fab1 fabric-options member-interfaces ge-5/0/2
Now configure priority for both nodes
set chassis cluster redundancy-group 0 node 0 priority 100 set chassis cluster redundancy-group 0 node 1 priority 1 set chassis cluster redundancy-group 1 node 0 priority 100 set chassis cluster redundancy-group 1 node 1 priority 1
Configure weight for all physical ports for redundancy
set chassis cluster redundancy-group 1 interface-monitor ge-0/0/6 weight 255 set chassis cluster redundancy-group 1 interface-monitor ge-0/0/7 weight 255 set chassis cluster redundancy-group 1 interface-monitor ge-0/0/3 weight 255 set chassis cluster redundancy-group 1 interface-monitor ge-0/0/4 weight 255 set chassis cluster redundancy-group 1 interface-monitor ge-5/0/6 weight 255 set chassis cluster redundancy-group 1 interface-monitor ge-5/0/7 weight 255 set chassis cluster redundancy-group 1 interface-monitor ge-5/0/3 weight 255 set chassis cluster redundancy-group 1 interface-monitor ge-5/0/4 weight 255
Now assign them into appropriate reth interface
set chassis cluster reth-count 2 set interfaces ge-0/0/3 gigether-options redundant-parent reth1 set interfaces ge-0/0/4 gigether-options redundant-parent reth1 set interfaces ge-5/0/3 gigether-options redundant-parent reth1 set interfaces ge-5/0/4 gigether-options redundant-parent reth1 set interfaces ge-0/0/6 gigether-options redundant-parent reth0 set interfaces ge-0/0/7 gigether-options redundant-parent reth0 set interfaces ge-5/0/6 gigether-options redundant-parent reth0 set interfaces ge-5/0/7 gigether-options redundant-parent reth0 set interfaces reth0 redundant-ether-options redundancy-group 1 set interfaces reth1 redundant-ether-options redundancy-group 1
We have completed cluster configuration for Juniper SRX340 now. You can also configure reth0 and 1 with IP address to Internet and LAN respectively.
EDGE Switch
Separate physical interfaces for different aggregate interface.
set chassis aggregated-devices ethernet device-count 2 set interfaces ge-0/0/0 ether-options 802.3ad ae0 set interfaces ge-0/0/1 ether-options 802.3ad ae0 set interfaces ge-0/0/2 ether-options 802.3ad ae1 set interfaces ge-0/0/3 ether-options 802.3ad ae1
ACCESS Switch
Same to EDGE switch, we have to separate interfaces for different aggregate interface.
set chassis aggregated-devices ethernet device-count 2 set interfaces ge-0/0/20 ether-options 802.3ad ae0 set interfaces ge-0/0/21 ether-options 802.3ad ae0 set interfaces ge-0/0/22 ether-options 802.3ad ae1 set interfaces ge-0/0/23 ether-options 802.3ad ae1
Verification
{primary:node0}
root@SRX01> show chassis cluster status
Monitor Failure codes:
CS Cold Sync monitoring FL Fabric Connection monitoring
GR GRES monitoring HW Hardware monitoring
IF Interface monitoring IP IP monitoring
LB Loopback monitoring MB Mbuf monitoring
NH Nexthop monitoring NP NPC monitoring
SP SPU monitoring SM Schedule monitoring
CF Config Sync monitoring
Cluster ID: 1
Node Priority Status Preempt Manual Monitor-failures
Redundancy group: 0 , Failover count: 1
node0 100 primary no no None
node1 1 secondary no no None
Redundancy group: 1 , Failover count: 1
node0 100 primary no no None
node1 1 secondary no no NoneOther useful verification commands
show chassis cluster interfaces show chassis cluster statistics show chassis cluster control-plane statistics show chassis cluster data-plane statistics show chassis cluster status redundancy-group 1
Alright, you have now configured cluster on Juniper SRX340. Drop us a word if you have any problem or feedback.