[j-nsp] SRX1500 cluster issues

Floris Termorshuizen floris at nedcomp.nl
Mon Jan 20 03:23:23 EST 2020 

Hi Muddasir,

Two things to keep in mind:
- The redundancy group has a threshold of 255, when it reaches 0 (The weight of each interface configured under interface-monitor gets substracted) the RG fails over to the other node.
- Interfaces on the passive node will not pass traffic (as far as I know).

With your current configuration if interface xe-0/0/16 goes down (on the primary node), no failover occurs because there is a weight of 100, and the reth goes down (or is up but not passing traffic, not sure what happens)

The solution is to make sure the RG1 failover threshold gets reached when needed. This might depend on your exact configuration and your wishes. So if you want to failover when 1 interface goes down, configure a weight of 255, if you have 4 interfaces connected to two switches you might configure a weight of 128 per interface (so when two interfaces go down the total weight is 256 and the threshold is reached).

Now about the LACP: There is some form of LACP involved in the reth interfaces, for example if you create a reth with 4 interfaces connected to two switches you need to configure two LACP bundle's (one per firewall node) on the switches. So I'm not surprised you would see this in te log's.

HTH,
Floris

-----Original Message-----
From: juniper-nsp <juniper-nsp-bounces at puck.nether.net> On Behalf Of Khan Muddassir
Sent: maandag 20 januari 2020 05:18
To: juniper-nsp at puck.nether.net
Subject: [j-nsp] SRX1500 cluster issues

Hello,

I run a chassis cluster of 2x SRX1500 devices and monitor two interfaces (one from each node) in redundancy-group 1:

set chassis cluster redundancy-group 1 interface-monitor xe-0/0/16 weight
100
set chassis cluster redundancy-group 1 interface-monitor xe-7/0/16 weight
100

An issue recently took down xe-0/0/16 and the reth0 interface went down! I was expecting that xe-7/0/16 will keep the reth interface up and running. I do not have LACP enabled on this cluster, however, I can see in the log that kernel throws out this message stating mini-links not met? Confused as to how JunOS decides to show this up without LACP or any sort of min-links config for reth0 (as well as no config of min-links on the box)

/kernel: ae_bundlestate_ifd_change: bundle reth0: bundle IFD minimum bandwidth or minimum links not met, Bandwidth (Current : Required) 0 : 1 Number of links (Current : Required) 0 : 1

Is this expected where reth0 internally runs some sort of min-link code? It is clear that if does that, its incorrect as another interface is available for its operation.

set interfaces xe-0/0/16 gigether-options redundant-parent reth0 set interfaces xe-7/0/16 gigether-options redundant-parent reth0

any thoughts?

thanks in advance,
-muddasir
_______________________________________________
juniper-nsp mailing list juniper-nsp at puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp

More information about the juniper-nsp mailing list