[j-nsp] Juniper SRX 240 Clustering

Per Westerlund p1 at westerlund.se
Sun Nov 25 06:32:51 EST 2012


To be honest, I started with addressing an obvious issues with your configuration, I have not fine combed it looking for other problems.

The existing configuration will make both nodes have the same configuration where they should be different. If you look at the document you refer to, on page 8, it says exactly:

set apply-groups “${node}”    

This is to be taken literally, not to be replaced by node0 or node1. Also, please move the common part of with system services to the global configuration.

/Per

25 nov 2012 kl. 11:44 skrev Bikash Bhattarai:

> Dear Wasterlund,
> 
> I am not using any kind of configuration except junos CLI. I have followed below configuration guide from juniper. 
> http://kb.juniper.net/library/CUSTOMERSERVICE/technotes/8010055-EN.PDF 
> 
> While setting hostname and ip address I have used  set apply-groups "node0" instead of set apply-groups “${node}” . Is that making issue while failover ?
> 
> 
> Regards,
> Bikash Bhattarai | Dristi Tech (P.) Ltd | +977 9851039710 | www.dristi.com.np
> Lazimpat, Kathmandu |Tel  977 1 4427949  |  Fax 977 1 4410385
> 
> 
> 
> 
> On Sun, Nov 25, 2012 at 4:12 PM, Per Westerlund <p1 at westerlund.se> wrote:
> Strange, this is from a production system:
> 
> apply-groups [ "${node}" rfc-5735 ];
> 
> (where rfc-5735 is a group that not is relevant for this discussion). This line is manually configured, not something that is an effect of activating cluster mode. Are you running some kind of tool setting up the clustering and configuration instead of straight CLI?
> 
> This is the version we are running:
> 
> {primary:node1}
> adm_perw at dkcphfw01b> show version
> node0:
> --------------------------------------------------------------------------
> Hostname: dkcphfw01a
> Model: srx550
> JUNOS Software Release [12.1R2.9]
> 
> node1:
> --------------------------------------------------------------------------
> Hostname: dkcphfw01b
> Model: srx550
> JUNOS Software Release [12.1R2.9]
> 
> /Per Westerlund
> 
> 
> 25 nov 2012 kl. 07:11 skrev Bikash Bhattarai:
> 
>> Dear Westerlund,
>> 
>> Thank you for your email. When I configure clustering all the configuration automatically moves to apply-groups [ node0 node1 ]. 
>> 
>> 
>> Regards,
>> Bikash Bhattarai | Dristi Tech (P.) Ltd | +977 9851039710 | www.dristi.com.np
>> Lazimpat, Kathmandu |Tel  977 1 4427949  |  Fax 977 1 4410385
>> 
>> 
>> 
>> 
>> On Sun, Nov 25, 2012 at 2:07 AM, Per Westerlund <p1 at westerlund.se> wrote:
>> Begin with replacing 'apply-groups [ node0 node1 ];' with 'apply-groups "${NODE}";', the idea is that the two nodes should have different configurations. And while you are making changes, move the section on "services" from "groups node0" to the global configuration, else it will only work when you are connecting to node0, not node1.
>> 
>> /Per Westerlund
>> 
>> 
>> 24 nov 2012 kl. 18:43 skrev Bikash Bhattarai:
>> 
>> > Dear all,
>> >
>> > I have just configured two SRX 240 in clustering. One firewall is working
>> > as primary and another is working as secondary. When primary router wan
>> > interface fails the secondary router becomes primary. But after fail-over
>> > network becomes unreachable even from LAN side.
>> >
>> > I have attached the whole configuration.I have configured as per Juniper
>> > documentation. It will be very helpful if anyone point me if I am missing
>> > something.
>> >
>> > Regards,
>> > Bikash Bhattarai | Dristi Tech (P.) Ltd | +977 9851039710 |
>> > www.dristi.com.np
>> > Lazimpat, Kathmandu |Tel  977 1 4427949  |  Fax 977 1 4410385*
>> >
>> > *
>> > <Cluster-Config.txt>_______________________________________________
>> > juniper-nsp mailing list juniper-nsp at puck.nether.net
>> > https://puck.nether.net/mailman/listinfo/juniper-nsp
>> 
>> 
> 
> 



More information about the juniper-nsp mailing list