[j-nsp] Juniper SRX MNHA
Aaron Gould
aaron1 at gvtc.com
Mon Aug 4 18:17:41 EDT 2025
Furthermore, having a dedicated interface for ha icl doesn't appear to
be required to get this working. I just flipped my config to using the
untrust interface and its associated ip addresses on both srx nodes
i did "deactivate security zones security-zone halink" and then
redefined my HA ICL peering to be via ae1.0 (which is my untrust
interface) and used those ip's. works.
Just nice to know in case you can't or don't want to setup a separate
(3rd) interface and zone dedicated for ha icl.
root at srx01> show configuration chassis high-availability local-id |
display set
set chassis high-availability local-id 1
set chassis high-availability local-id local-ip 139.139.139.226
root at srx01> show configuration chassis high-availability peer-id 2 |
display set
set chassis high-availability peer-id 2 peer-ip 139.139.139.227
set chassis high-availability peer-id 2 interface ae1.0
set chassis high-availability peer-id 2 liveness-detection
minimum-interval 400
set chassis high-availability peer-id 2 liveness-detection multiplier 5
root at srx02> show configuration chassis high-availability local-id |
display set
set chassis high-availability local-id 2
set chassis high-availability local-id local-ip 139.139.139.227
root at srx02> show configuration chassis high-availability peer-id 1 |
display set
set chassis high-availability peer-id 1 peer-ip 139.139.139.226
set chassis high-availability peer-id 1 interface ae1.0
set chassis high-availability peer-id 1 liveness-detection
minimum-interval 400
set chassis high-availability peer-id 1 liveness-detection multiplier 5
-Aaron
More information about the juniper-nsp
mailing list