[j-nsp] Suggestions on management of dual-RE devices
Mike Williams
mike.williams at comodo.com
Wed Nov 25 09:14:32 EST 2015
Thanks to all those who responded.
master-only is mostly what I wanted!
Rather confusingly, Juniper do specify setting lo0 per RE.
https://www.juniper.net/techpubs/en_US/junos12.3/topics/task/configuration/routing-engine-dual-initial-configuration.html
But then that document also tells you to run "commit synchronise" from operational mode.
A single loopback address works, and both REs have the same system SSH key, so no warnings if they switch.
This is broadly what I've got now.
groups {
re0 {
system {
host-name ...-re0;
}
interfaces {
fxp0 {
unit 0 {
family inet {
address 10.22.0.2/24 {
master-only;
}
address 10.22.0.3/24;
}
}
}
}
}
re1 {
system {
host-name ...-re1;
}
interfaces {
fxp0 {
unit 0 {
family inet {
address 10.22.0.2/24 {
master-only;
}
address 10.22.0.4/24;
}
}
}
}
}
}
interfaces {
lo0 {
unit 0 {
family inet {
address 10.177.4.2/32;
}
}
}
}
Thanks
On Tuesday 24 November 2015 21:52:38 Olivier Benghozi wrote:
> Juniper document provides each RE with it's own MANAGEMENT address (on fxp
> port of each RE), not its own loopback. You configure a single loopback
> (interface lo0.0).
>
> Anyway, about your need, there is:
> http://www.juniper.net/documentation/en_US/junos15.1/topics/usage-guidelines
> /interfaces-configuring-a-consistent-management-ip-address.html
> <http://www.juniper.net/documentation/en_US/junos15.1/topics/usage-guidelin
> es/interfaces-configuring-a-consistent-management-ip-address.html>
> > Le 24 nov. 2015 à 19:07, Mike Williams <mike.williams at comodo.com> a écrit
> > :
> >
> > Hi all,
> >
> > So we just got our first Juniper devices with dual-REs (if you exclude
> > virtual chassis').
> > Before I get into actually configuring them, I'm wondering how others
> > handle management, as I'm a touch confused.
> >
> > Normally we just SSH/snmp to the loopback address, optionally jumping off
> > from a device on the same OoB network if routing is down (yes, we should
> > configure a backup router).
> >
> > Juniper document providing each RE with it's own loopback address.
> > If you do that, you'd have to detect if what you're connected to is master
> > or backup, right?
> > That might be a necessary trade off. As if you had a single loopback
> > address, wouldn't the system SSH key change as loopback "moved" between
> > the REs? Can a 'global' single loopback even be configured?
> >
> > Or do dual-RE devices actually work like virtual chassis, where the system
> > SSH key is the same on all nodes, and connections to the backup are
> > internally redirected to the master?
--
Mike Williams
More information about the juniper-nsp
mailing list