[j-nsp] SRX650 Failover Test Issue

Michael Lee fwissue at gmail.com
Tue Mar 22 20:45:07 EDT 2011 

Sounds like the interface did not put into group, and should use fxp0 ip instead

Regards

-mike

On Mar 22, 2011, at 12:05, Pavel Lunin <plunin at senetsy.ru> wrote:

>> 
>> While testing the failover in SRX650 cluster. I have removed the control
>> link between the primary and secondary. The secondary node went to
>> ineligible mode. The secondry FW is still accessible through OoB
>> interface. When I returned back the control link I couldn't reach the FW
>> through OoB interface "ge-0/0/0". The only way to access the box is
>> through console and found the secondary firewall is in disable mode.
>> Then when I rebooted the whole firewall, it worked normally. Is it
>> normal? And how to reach the secondary firewall remotely in case of
>> control link flap? I have faced the same issue when removing the fab
>> link.
>> 
>> 
>> 
> Looks like a routing issue. Try to check it out with "show route a.b.c.d"
> command, when you access the disabled box through the console port, where
> a.b.c.d is IP address of the machine, you are trying to get remote access
> form. Most probably it will show you something different from a route
> pointing through fxp0. If this is the case, you need to configure a backup
> router, which would make the disabled node (which does not run rpd) to route
> packets to the management station through fxp0.
> 
> http://www.juniper.net/techpubs/en_US/junos10.0/information-products/topic-collections/config-guide-system-basics/backup-router-configuring.html
> 
> BTW, next time you want the public to guess the solution for your issue, try
> to be a bit more informative in providing basic troubleshooting details. E.
> g. instead of just saying "I couldn't reach the FW through OoB interface
> "ge-0/0/0"", it would've been better to say something like "I checked the
> whole path from my machine a.b.c.d/24 to the fxp0 interface of the node1,
> which has address w.x.y.z/24 and… I see the packets coming to the
> penultimate hop router, but the FW's fxp0 interface, which is the next and
> last hop, does [not] respond to ARP requests… Than I tried to ping my
> machine back from the FW with "ping a.b.c.d interface fxp0", and got the
> following output… than I performed a traceroute… I checked what comes to the
> fxp0 interface with "monitor traffic interface fxp0" and saw…", etc.
> 
> Otherwise, I'm afraid, this sort of gambling-style troubleshooting, in which
> you ask us to help you, will not be much effective anyway. Monte-Carlo is a
> good method but it's too slow in convergence.
> 
> --
> Pavel
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp

More information about the juniper-nsp mailing list