[j-nsp] SRX650 Clustering Issue
Walaa Abdel razzak
walaaez at bmc.com.sa
Wed Mar 9 13:04:43 EST 2011
So, do you mean that load balancing happen by default on multiple
Ethernet interfaces belonging to the same reth on the active unit? How
to verify?
Also I think that load balancing should be configured on the SRX under
the forwarding option and ECMP policy under forwarding table.
BR,
From: benboyd5 at gmail.com [mailto:benboyd5 at gmail.com] On Behalf Of ben b
Sent: Wednesday, March 09, 2011 8:12 PM
To: Walaa Abdel razzak
Cc: Stefan Fouant; juniper-nsp at puck.nether.net
Subject: Re: [j-nsp] SRX650 Clustering Issue
Just add the additional interfaces to the reth interface. No need for
AE interface. You configure LACP under reth interface..
On Wed, Mar 9, 2011 at 10:29 AM, Walaa Abdel razzak <walaaez at bmc.com.sa>
wrote:
Thanks All
Now if I need to configure the reth interface using ae interface instead
of physical interface as I need more than one gig on each node. The
problem is that I can't issue the command to join ae0 to reth0 as
follows:
admin at FW1# set interfaces ae0 aggregated-ether-options ?
Possible completions:
+ apply-groups Groups from which to inherit configuration data
+ apply-groups-except Don't inherit configuration data from these
groups
> ethernet-switch-profile Ethernet virtual LAN/media access
control-level options
flow-control Enable flow control
> lacp Link Aggregation Control Protocol configuration
link-protection Enable link protection mode
link-speed Link speed of individual interface that joins the
AE
loopback Enable loopback
minimum-links Minimum number of aggregated links (1..8)
no-flow-control Don't enable flow control
no-link-protection Don't enable link protection mode
no-loopback Don't enable loopback
Note: The target is to have more than one gig link for each node and
load balance between them, I tried to use ae0 interface as mentioned
above but it didn't work. Any other ideas are welcomed.
BR,
-----Original Message-----
From: Stefan Fouant [mailto:sfouant at shortestpathfirst.net]
Sent: Wednesday, March 09, 2011 3:26 PM
To: Walaa Abdel razzak
Cc: Ben Dale; juniper-nsp at puck.nether.net
Subject: Re: [j-nsp] SRX650 Clustering Issue
You do not need to configure an IP address on the fab link for proper
operation.
Stefan Fouant
Sent from my iPad
On Mar 9, 2011, at 2:16 AM, "Walaa Abdel razzak" <walaaez at bmc.com.sa>
wrote:
> Thanks, Now HA is configured, but regarding the fab link, is it
> necessary to have L3 address or not.
>
> BR,
> -----Original Message-----
> From: Ben Dale [mailto:bdale at comlinx.com.au]
> Sent: Sunday, March 06, 2011 12:12 PM
> To: Walaa Abdel razzak
> Cc: Scott T. Cameron; juniper-nsp at puck.nether.net
> Subject: Re: [j-nsp] SRX650 Clustering Issue
>
> This is a pretty common error when you are bringing pre-configured
> devices together in a chassis cluster.
>
> My advice would be to run the following from edit mode on each box:
>
> delete interfaces
> delete vlans
> delete security
> delete protocols
>
> Then commit and cable them together (control AND fabric). If you've
> run the set chassis cluster command correctly, the boxes should now
> come together.
>
> After that you should be able to make all configuration changes from
> the primary box, so the assign fabric interfaces:
>
> set interfaces fab0 fabric-options member-interfaces ge-0/0/2 set
> interfaces fab1 fabric-options member-interfaces ge-5/0/2
>
> And then build some redundancy groups
>
> set chassis cluster control-link-recovery set chassis cluster
> reth-count
> 15 set chassis cluster redundancy-group 0 node 0 priority 100 set
> chassis cluster redundancy-group 0 node 1 priority 1 set chassis
> cluster redundancy-group 1 node 0 priority 100 set chassis cluster
> redundancy-group 1 node 1 priority 1 set chassis cluster
> redundancy-group 1 preempt
>
> then build reth interfaces and assign them to redundancy groups etc.
>
> On 06/03/2011, at 12:17 AM, Walaa Abdel razzak wrote:
>
>> Hi Scott
>>
>>
>>
>> The old configuration was test config (very simple) like hostname,
>> aggregate ethernet,.....as its fresh FW. After enabling clusterign
>> using the standard command set chassis clustering......and reboot, we
>> got the
>> following:
>>
>>
>>
>> {hold:node0}
>>
>> root at -FW1> edit
>>
>> warning: Clustering enabled; using private edit
>>
>> error: shared configuration database modified
>>
>> Please temporarily use 'configure shared' to commit
>>
>> outstanding changes in the shared database, exit,
>>
>> and return to configuration mode using 'configure'
>>
>>
>>
>> when I issue most commands I got the following:
>>
>>
>>
>> {hold:node0}
>>
>> root at -FW1> show version
>>
>> error: Could not connect to node0 : No route to host
>>
>>
>>
>> The JUNOS version is 10.3.
>>
>>
>>
>> Also here is a sample of Chassisd log:
>>
>>
>>
>> Mar 5 19:32:49 completed chassis state from ddl
>>
>> Mar 5 19:32:49 ch_set_non_stop_forwarding_cfg:Setting
>> non-stop-forwarding to Disabled, source DDL
>>
>> Mar 5 19:32:49 ch_do_multichassis_overrides:Setting multichassis
>> replication to Disabled
>>
>> Mar 5 19:32:49 config_do_overrides: Keepalives not set. Setting it
>> to
>> 300 secs
>>
>> Mar 5 19:32:49 if_init
>>
>> Mar 5 19:32:49 Skip cleaning pic state on LCC
>>
>> Mar 5 19:32:49 chassis_alarm_module_init
>>
>> Mar 5 19:32:49 timer_init
>>
>> Mar 5 19:32:49 main_snmp_init
>>
>> Mar 5 19:32:49 snmp_init: snmp_chassis_id = 0, chas_type = 1
>>
>> Mar 5 19:32:49 chas_do_registration: or_obj = 0xdfe400, or_rows = 23
>>
>> Mar 5 19:32:49 chas_do_registration: or_obj = 0xdfe800, or_rows = 23
>>
>> Mar 5 19:32:49 chas_do_registration: or_obj = 0xe04000, or_rows = 23
>>
>> Mar 5 19:32:49 chas_do_registration: or_obj = 0xd58940, or_rows = 2
>>
>> Mar 5 19:32:49 chas_do_registration: or_obj = 0xdfec00, or_rows = 23
>>
>> Mar 5 19:32:49 CHASSISD_SYSCTL_ERROR: ch_srxsme_mgmt_port_mac_init:
>> hw.re.jseries_fxp_macaddr error from sysctlbyname: File exists (errno
>> 17)
>>
>> Mar 5 19:32:49 CHASSISD_SYSCTL_ERROR: ch_srxsme_mgmt_port_mac_init:
>> hw.re.jseries_fxp_macaddr error from sysctlbyname: File exists (errno
>> 17)
>>
>> Mar 5 19:33:08
>>
>> Mar 5 19:33:08 trace flags 7f00 trace file /var/log/chassisd size
>> 3000000 cnt 5 no-remote-trace 0
>>
>> Mar 5 19:33:08 rtsock_init synchronous socket
>>
>> Mar 5 19:33:08 disabling rtsock public state on sync socket (LCC)
>>
>> Mar 5 19:33:08 rtsock_init asynchronous socket
>>
>> Mar 5 19:33:08 disabling rtsock public state on async socket (LCC)
>>
>> Mar 5 19:33:08 rtsock_init non ifstate async socket
>>
>> Mar 5 19:33:08 disabling rtsock public state on non ifstate async
>> socket (LCC)
>>
>> Mar 5 19:33:08 BCM5910X (bcm5910x_driver_init): Driver
>> initialization
>
>> succeeded
>>
>> Mar 5 19:33:08 POE (ch_poe_srxsme_check_pem_status): POE power good
>> signal for power supply 1 not asserted
>>
>> Mar 5 19:33:08 ch_srxsme_poe_blob_delete: fpc 2
>>
>> Mar 5 19:33:08 ch_srxsme_poe_blob_delete: fpc 4
>>
>> Mar 5 19:33:08 ch_srxsme_poe_blob_delete: fpc 6
>>
>> Mar 5 19:33:08 ch_srxsme_poe_blob_delete: fpc 8
>>
>> Mar 5 19:33:08 POE (ch_srxsme_poe_init): poe init done
>>
>> Mar 5 19:33:08 parse_configuration ddl
>>
>> Mar 5 19:33:08 cfg_ddl_chasd_handle_config_option: Found {chassis,
>> aggregated-devices}: Object Config action: DAX_ITEM_CHANGED
>>
>> Mar 5 19:33:08 Walking Object {aggregated-devices, }
>>
>> Mar 5 19:33:08 cfg_ddl_chasd_handle_config_option: Found
>> {aggregated-devices, ethernet}: Object Config action:
>> DAX_ITEM_CHANGED
>>
>> Mar 5 19:33:08 Walking Object {ethernet, device-count}
>>
>> Mar 5 19:33:08 configured aggregated ethernet device count 3
>>
>> Mar 5 19:33:08 aggregated-device ethernet
>>
>> Mar 5 19:33:08 configured aggregated ethernet state
>>
>> Mar 5 19:33:08 cfg_ddl_chasd_handle_config_option: Did not find
>> {chassis, cluster}: Object Config action: DAX_ITEM_CHANGED
>>
>> Mar 5 19:33:08 No routing-options source_routing configuration
>> options set
>>
>> Mar 5 19:33:08 protocol-id queue-depth delete-flag
>>
>> Mar 5 19:33:08 Total Queue Allocation: 0/1024
>>
>> Mar 5 19:33:08 POE (poe_handle_maxpower_on_fpc): FPC 2, max-power 0
>>
>> Mar 5 19:33:08 POE (poe_handle_maxpower_on_fpc): FPC 4, max-power 0
>>
>> Mar 5 19:33:08 POE (poe_handle_maxpower_on_fpc): FPC 6, max-power 0
>>
>> Mar 5 19:33:08 POE (poe_handle_maxpower_on_fpc): FPC 8, max-power 0
>>
>> Mar 5 19:33:08 POE (poe_handle_maxpower_on_fpc): FPC 2, max-power 0
>>
>> Mar 5 19:33:08 POE (poe_handle_maxpower_on_fpc): FPC 4, max-power 0
>>
>> Mar 5 19:33:08 POE (poe_handle_maxpower_on_fpc): FPC 6, max-power 0
>>
>> Mar 5 19:33:08 POE (poe_handle_maxpower_on_fpc): FPC 8, max-power 0
>>
>> Mar 5 19:33:08 completed chassis state from ddl
>>
>> Mar 5 19:33:08 ch_set_non_stop_forwarding_cfg:Setting
>> non-stop-forwarding to Disabled, source DDL
>>
>> Mar 5 19:33:08 ch_do_multichassis_overrides:Setting multichassis
>> replication to Disabled
>>
>> Mar 5 19:33:08 config_do_overrides: Keepalives not set. Setting it
>> to
>> 300 secs
>>
>> Mar 5 19:33:08 if_init
>>
>> Mar 5 19:33:08 Skip cleaning pic state on LCC
>>
>> Mar 5 19:33:08 chassis_alarm_module_init
>>
>> Mar 5 19:33:08 timer_init
>>
>> Mar 5 19:33:08 main_snmp_init
>>
>> Mar 5 19:33:08 snmp_init: snmp_chassis_id = 0, chas_type = 1
>>
>> Mar 5 19:33:08 chas_do_registration: or_obj = 0xdfe400, or_rows = 23
>>
>> Mar 5 19:33:08 chas_do_registration: or_obj = 0xdfe800, or_rows = 23
>>
>> Mar 5 19:33:08 chas_do_registration: or_obj = 0xe04000, or_rows = 23
>>
>> Mar 5 19:33:08 chas_do_registration: or_obj = 0xd58940, or_rows = 2
>>
>> Mar 5 19:33:08 chas_do_registration: or_obj = 0xdfec00, or_rows = 23
>>
>> Mar 5 19:33:09 hup_init:Hupping init!
>>
>> Mar 5 19:33:09 JACT_INFO: Created re (h=9) Anti-Counterfeit FSM
>> object
>>
>> Mar 5 19:33:09 ---cb_reset----re (h=9): reason=SUCCESS (0)
>>
>> Mar 5 19:33:09 mbus_srxmr_reset_sre_dev: Resetting SRE DEV 5
>>
>> Mar 5 19:33:09 Resetting anti-counterfeit chip
>>
>> Mar 5 19:33:09 smb_open, gpiofd 29
>>
>> Mar 5 19:33:09 initial startup complete
>>
>> Mar 5 19:33:09 main initialization done....
>>
>> Mar 5 19:33:09 alarmd connection completed
>>
>> Mar 5 19:33:09 send: clear all chassis class alarms
>>
>> Mar 5 19:33:09 craftd connection completed
>>
>> Mar 5 19:33:13 JACT_INFO: re (h=9): enter state: HOLD
>>
>> Mar 5 19:34:13 JACT_INFO: re: Read public key info...
>>
>> Mar 5 19:34:13 JACT_INFO: re: Prepare and send encrypted random
>> messsage
>>
>> Mar 5 19:34:13 JACT_INFO: re (h=9): enter state: DOING
>>
>> Mar 5 19:36:09 Attempting md comp chunkbuf pool shrink
>>
>> Mar 5 19:37:18 JACT_INFO: re: Read and check decrypted messsage
>>
>> Mar 5 19:37:18 ---cb_done----re (h=9): auth=passed
>>
>> Mar 5 19:37:18 re (h=9): AC authentication passed
>>
>> Mar 5 19:37:18 JACT_INFO: re (h=9): enter state: PASSED
>>
>>
>>
>> -----Original Message-----
>> From: juniper-nsp-bounces at puck.nether.net
>> [mailto:juniper-nsp-bounces at puck.nether.net] On Behalf Of Scott T.
>> Cameron
>> Sent: Saturday, March 05, 2011 4:46 PM
>> To: juniper-nsp at puck.nether.net
>> Subject: Re: [j-nsp] SRX650 Clustering Issue
>>
>>
>>
>> I don't think this is enough information to really help you.
>>
>>
>>
>> What does chassisd log say?
>>
>> Can you provide a sanitized config?
>>
>>
>>
>> Scott
>>
>>
>>
>> On Sat, Mar 5, 2011 at 8:24 AM, Walaa Abdel razzak
>> <walaaez at bmc.com.sa
>
>> <mailto:walaaez at bmc.com.sa> >wrote:
>>
>>
>>
>>> Hi All
>>
>>>
>>
>>>
>>
>>>
>>
>>> We were connecting two SRX650 to work in Active/passive mode. Before
>>
>>> they were having old configuration and once we enabled clustering
>>> and
>>
>>> rebooted the boxes, they became in hold mode and we get a message of
>>
>>> shared violations even after reboot again and no user logged in, any
>>
>>> suggestions?
>>
>>>
>>
>>>
>>
>>>
>>
>>> BR,
>>
>>>
>>
>>> _______________________________________________
>>
>>> juniper-nsp mailing list juniper-nsp at puck.nether.net
>> <mailto:juniper-nsp at puck.nether.net>
>>
>>> https://puck.nether.net/mailman/listinfo/juniper-nsp
>> <https://puck.nether.net/mailman/listinfo/juniper-nsp>
>>
>>>
>>
>> _______________________________________________
>>
>> juniper-nsp mailing list juniper-nsp at puck.nether.net
>> <mailto:juniper-nsp at puck.nether.net>
>> https://puck.nether.net/mailman/listinfo/juniper-nsp
>> <https://puck.nether.net/mailman/listinfo/juniper-nsp>
>>
>> _______________________________________________
>> juniper-nsp mailing list juniper-nsp at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/juniper-nsp
>>
>
>
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
_______________________________________________
juniper-nsp mailing list juniper-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
More information about the juniper-nsp
mailing list