[j-nsp] SXR 650 Redundancy Group Problem
Walaa Abdel razzak
walaaez at bmc.com.sa
Tue Mar 22 13:38:04 EDT 2011
Thanks, the problem was in the router interface configuration that is facing the firewall, now its working fine.
BR,
-----Original Message-----
From: ben b [mailto:benboyd.lists at gmail.com]
Sent: Monday, March 21, 2011 12:25 AM
To: Walaa Abdel razzak
Cc: juniper-nsp at puck.nether.net
Subject: Re: [j-nsp] SXR 650 Redundancy Group Problem
Try removing preempt. I've seen issues with preemption.
On Saturday, March 19, 2011, Walaa Abdel razzak <walaaez at bmc.com.sa> wrote:
> Hi Experts
>
>
>
> I am configuring redundancy group to trigger failover in case of interface failure. I have reth interface for trust zone that has two physical interfaces, one interface on the active node and the other on the passive and the same for reth1 on untrust zone. The target is to make traffic go through the passive node in case of any physical interface failure in the active node. The problem I am facing is that the failover happen normally when any interface goes down but there is no traffic from trust to untrust or vice versa, when the down interface comes to up again, the traffic flows without problems.
>
>
>
> The RG configuration is as follows:
>
>
>
> test at FW1# show chassis
>
> cluster {
>
> reth-count 2;
>
> redundancy-group 0 {
>
> node 0 priority 100;
>
> node 1 priority 1;
>
> }
>
> redundancy-group 1 {
>
> node 0 priority 100;
>
> node 1 priority 1;
>
> preempt;
>
> gratuitous-arp-count 4;
>
> interface-monitor {
>
> ge-2/0/0 weight 255; à Interface on the active node
>
> ge-2/0/1 weight 255; à Interface on the active node
>
> }
>
> }
>
> }
>
>
>
> When the active interface goes down:
>
>
>
> Mar 20 03:43:51 FW1 jsrpd[1085]: JSRPD_RG_STATE_CHANGE:
> Redundancy-group 1 transitioned from 'primary' to 'secondary-hold'
> state due to Monitor failed: IF
>
> Mar 20 03:43:52 FW1 jsrpd[1085]: JSRPD_RG_STATE_CHANGE:
> Redundancy-group 1 transitioned from 'secondary-hold' to 'secondary'
> state due to Back to back failover interval expired
>
>
>
>
>
> Interface belonging to the reth:
>
>
>
> test@ FW1# show interfaces ge-2/0/0 à active node
>
> gigether-options {
>
> redundant-parent reth1;
>
> }
>
>
>
> {primary:node0}[edit]
>
> test@ FW1# show interfaces ge-2/0/1 à active node
>
> gigether-options {
>
> redundant-parent reth0;
>
> }
>
>
>
> {primary:node0}[edit]
>
> test@ FW1# show interfaces ge-11/0/0 à passive node
>
> gigether-options {
>
> redundant-parent reth1;
>
> }
>
>
>
> {primary:node0}[edit]
>
> test@ FW1# show interfaces ge-11/0/1 à passive node
>
> gigether-options {
>
> redundant-parent reth0;
>
> }
>
>
>
> test at FW1# run show interfaces terse | match reth
>
> ge-2/0/0.15 up down aenet --> reth1.15 à active
> interface down
>
> ge-2/0/0.20 up down aenet --> reth1.20
>
> ge-2/0/0.32767 up down aenet --> reth1.32767
>
> ge-2/0/1.5 up up aenet --> reth0.5
>
> ge-2/0/1.32767 up up aenet --> reth0.32767
>
> ge-11/0/0.15 up up aenet --> reth1.15
>
> ge-11/0/0.20 up up aenet --> reth1.20
>
> ge-11/0/0.32767 up up aenet --> reth1.32767
>
> ge-11/0/1.5 up up aenet --> reth0.5
>
> ge-11/0/1.32767 up up aenet --> reth0.32767
>
> reth0 up down
>
> reth0.5 up down inet 172.16.0.2/30
>
> reth0.32767 up down
>
> reth1 up down
>
> reth1.15 up down inet 192.168.0.2/30
>
> reth1.20 up down inet 192.168.1.2/30
>
> reth1.32767 up down
>
>
>
> Any suggestions?
>
>
>
> BR,
>
>
>
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
More information about the juniper-nsp
mailing list