[j-nsp] Procedure to add a NPC to SRX HA cluster

Andy Litzinger Andy.Litzinger at theplatform.com
Mon Nov 18 19:06:47 EST 2013 

Hi Muhammad,
yes, JTAC agrees with you :).  We installed the NPCs using the KB procedure today and had no issues.

thanks!
-andy

From: Muhammad Atif Jauhar [mailto:atif.jauhar at gmail.com]
Sent: Saturday, November 16, 2013 10:54 AM
To: Andy Litzinger
Cc: juniper-nsp at puck.nether.net
Subject: Re: [j-nsp] Procedure to add a NPC to SRX HA cluster

Hi Andy,
As per your procedure, Once you boot up node 1 after installing NPC, there will be mismatch in hardware spics of both firewall which will cause cluster issue. Cluster will not comes up if there is mismatch in JUNOS, Hardware even modules are not installed on same slots.
Best solution is provided by JTAC.
Regards,

Muhammad Atif Jauhar
On Wed, Nov 13, 2013 at 1:32 AM, Andy Litzinger <Andy.Litzinger at theplatform.com<mailto:Andy.Litzinger at theplatform.com>> wrote:
can anyone recommend a procedure to add an NPC card to an SRX HA (active/standby) cluster?

In this case it's a pair of SRX3400s, running 12.1X44-D10.4
I've only got two redundancy groups, RG0(control) and RG1(data).
Currently the only NPC in each SRX is the integrated NPC-IOC 10GbE card in each chassis
Node0 is primary for both RG0 and RG1.
I'm not currently running any dynamic routing protocols.  There are some Policy based VPNs, ALGs and NATs in place.

Can I do something like the following?
* power down node 1, install the NPC, boot up and verify status
* manually fail RG1 to node1 via request chassis cluster failover
* manually fail RG0 to node1 via request chassis cluster failover (is the best way to do this?)
* power down node 1, install NPC, boot up and verify status
* fail both RG1 and RG0 back to node0

JTAC's first response was to follow this guide: http://kb.juniper.net/InfoCenter/index?page=content&id=KB26674  which seems overly complicated and possibly not applicable.  It seems to deal with the case of wanting to move a live SPC from one slot to another.  They say it applies to an NPC- but I'm not moving a live NPC, I'm inserting a new one.

thanks!
-andy
_______________________________________________
juniper-nsp mailing list juniper-nsp at puck.nether.net<mailto:juniper-nsp at puck.nether.net>
https://puck.nether.net/mailman/listinfo/juniper-nsp



--

More information about the juniper-nsp mailing list