[j-nsp] Suggestions on management of dual-RE devices

Wed Nov 25 09:14:32 EST 2015

Thanks to all those who responded.
master-only is mostly what I wanted!

Rather confusingly, Juniper do specify setting lo0 per RE.
https://www.juniper.net/techpubs/en_US/junos12.3/topics/task/configuration/routing-engine-dual-initial-configuration.html
But then that document also tells you to run "commit synchronise" from operational mode.
A single loopback address works, and both REs have the same system SSH key, so no warnings if they switch.

This is broadly what I've got now.

groups {
    re0 {
        system {
            host-name ...-re0;
        }
        interfaces {
            fxp0 {
                unit 0 {
                    family inet {
                        address 10.22.0.2/24 {
                            master-only;
                        }
                        address 10.22.0.3/24;
                    }
                }
            }
        }
    }
    re1 {
        system {
            host-name ...-re1;
        }
        interfaces {
            fxp0 {
                unit 0 {
                    family inet {
                        address 10.22.0.2/24 {
                            master-only;
                        }
                        address 10.22.0.4/24;
                    }
                }
            }
        }
    }
}
interfaces {
    lo0 {
        unit 0 {
            family inet {
                address 10.177.4.2/32;
            }
        }
    }
}

Thanks

On Tuesday 24 November 2015 21:52:38 Olivier Benghozi wrote:
> Juniper document provides each RE with it's own MANAGEMENT address (on fxp
> port of each RE), not its own loopback. You configure a single loopback
> (interface lo0.0).
> 
> Anyway, about your need, there is:
> http://www.juniper.net/documentation/en_US/junos15.1/topics/usage-guidelines
> /interfaces-configuring-a-consistent-management-ip-address.html
> <http://www.juniper.net/documentation/en_US/junos15.1/topics/usage-guidelin
> es/interfaces-configuring-a-consistent-management-ip-address.html>
> > Le 24 nov. 2015 à 19:07, Mike Williams <mike.williams at comodo.com> a écrit
> > :
> > 
> > Hi all,
> > 
> > So we just got our first Juniper devices with dual-REs (if you exclude
> > virtual chassis').
> > Before I get into actually configuring them, I'm wondering how others
> > handle management, as I'm a touch confused.
> > 
> > Normally we just SSH/snmp to the loopback address, optionally jumping off
> > from a device on the same OoB network if routing is down (yes, we should
> > configure a backup router).
> > 
> > Juniper document providing each RE with it's own loopback address.
> > If you do that, you'd have to detect if what you're connected to is master
> > or backup, right?
> > That might be a necessary trade off. As if you had a single loopback
> > address, wouldn't the system SSH key change as loopback "moved" between
> > the REs? Can a 'global' single loopback even be configured?
> > 
> > Or do dual-RE devices actually work like virtual chassis, where the system
> > SSH key is the same on all nodes, and connections to the backup are
> > internally redirected to the master?

-- 
Mike Williams