[j-nsp] SRX monitor-interface question

R S dim0sal at hotmail.com
Fri Dec 13 09:28:05 EST 2013 

The only part missing will remain local control plane resources (ie logs, snmp, etc) that remain on RG0 secondary.

Am I right ? 

Date: Fri, 13 Dec 2013 14:58:46 +0300
Subject: Re: [j-nsp] SRX monitor-interface question
From: asadgardezi at gmail.com
To: dim0sal at hotmail.com
CC: fahad.khan at gmail.com; juniper-nsp at puck.nether.net

Reffer data plane on following:
http://kb.juniper.net/InfoCenter/index?page=content&id=KB16224

Asad



On Friday, December 13, 2013, R S  wrote:



how can I config syslog/traffic log directly from data plane ?
some config example ?

tks

Date: Fri, 13 Dec 2013 14:51:58 +0300
Subject: Re: [j-nsp] SRX monitor-interface question

From: asadgardezi at gmail.com
To: dim0sal at hotmail.com

CC: fahad.khan at gmail.com; juniper-nsp at puck.nether.net


Its not recommended to use control plane for traffic logs, you can configure sex to forward traffic logs directly from data plane
RG0 aka control plane controls your rotuing engine, routing protocols and chassis. Failing it over will cause your routing daemon to restart , routing protocols to reconverge and so on...


Asad

On Friday, December 13, 2013, R S  wrote:
And what about syslog or firewall traffic logging flows on the RG1 Active node if RG0 remain active on the Passive ?





Date: Fri, 13 Dec 2013 16:34:53 +0500

Subject: Re: [j-nsp] SRX monitor-interface question

From: fahad.khan at gmail.com

To: dim0sal at hotmail.com

CC: juniper-nsp at puck.nether.net



RG0 only contains Control Plane or REs.

In SRX failover, its not necessary to failover RG0 when there is a failover in RG1 due to a link failure. So we only do interface-monitor in RG1, RG2 ... not in RG0. RG0 already run in A/P mode.





It can be possible that SRX B is Primary in RG0 while Secondary in RG1 (means SRX A is Primary in RG 1)

Muhammad Fahad Khan

JNCIE-M # 756

Lead Network and Security Consultant - IBM



+92-301-8247638

Skype: fahad-ibm

http://pk.linkedin.com/in/muhammadfahadkhan





On Fri, Dec 13, 2013 at 2:07 PM, R S <dim0sal at hotmail.com> wrote:











Hi







In an SRX5800 cluster



A/P deployment, does anybody recommend to monitor-interface also on RG0 or not



?







PRO ? CONS ?















We did it but



unfortunately during an SPU crash the RG0 didn’t switch properly and JTAC told us it’s



not recommended monitor-interface under RG0 in same corner case…















Any experience to share



is useful















Tks











_______________________________________________



juniper-nsp mailing list juniper-nsp at puck.nether.net



https://puck.nether.net/mailman/listinfo/juniper-nsp







_______________________________________________

juniper-nsp mailing list juniper-nsp at puck.nether.net

https://puck.nether.net/mailman/listinfo/juniper-nsp

More information about the juniper-nsp mailing list