Configuring Chassis Cluster for Firefly Perimeter with VMware
Chassis Cluster Overview
Chassis clustering provides network node redundancy by grouping a pair of the same kind of Firefly Perimeter instances into a cluster. The devices must be running the same version of the Junos OS. The control ports on the respective nodes are connected to form a control plane that synchronizes the configuration and kernel state to facilitate the high availability of interfaces and services. Similarly, the data plane on the respective nodes is connected over the fabric ports to form a unified data plane. The fabric link allows for the management of cross-node flow processing and for the management of session redundancy.
The control plane software operates in active or backup mode. When configured as a chassis cluster, the two nodes back up each other, with one node acting as the primary device and the other as the secondary device, ensuring stateful failover of processes and services in the event of a system or hardware failure. If the primary device fails, the secondary device takes over processing of traffic.
The data plane software operates in active/active mode. In a chassis cluster, session information is updated as traffic traverses either device, and this information is transmitted between the nodes over the fabric link to guarantee that established sessions are not dropped when a failover occurs. In active/active mode, it is possible for traffic to ingress the cluster on one node and egress from the other node.
Chassis cluster functionality includes:
- Resilient system architecture, with a single active control plane for the entire cluster and multiple Packet Forwarding Engines. This architecture presents a single device view of the cluster.
- Synchronization of configuration and dynamic runtime states between nodes within a cluster.
- Monitoring of physical interfaces, and failover if the failure parameters cross a configured threshold.
- Support for generic routing encapsulation (GRE) and IP-over-IP (IP-IP) tunnels used to route encapsulated IPv4 or IPv6 traffic by means of two internal interfaces, gr-0/0/0 and ip-0/0/0, respectively. These interfaces are created by Junos OS at system bootup and are used only for processing GRE and IP-IP tunnels.
At any given instant, a cluster node can be in one of the following states: hold, primary, secondary-hold, secondary, ineligible, and disabled. A state transition can be triggered because of any event, such as interface monitoring, Services Processing Unit (SPU) monitoring, failures, and manual failovers.
For additional information, see:
Interfaces for Security Devices
Understanding Chassis Cluster Formation
You create two Firefly Perimeter instances to form a chassis cluster, and then you set the cluster ID and node ID on each instance to join the cluster. When a device joins a cluster, it becomes a node of that cluster. With the exception of unique node settings and management IP addresses, nodes in a cluster share the same configuration.
You can deploy up to 255 chassis clusters in a Layer 2 domain. Clusters and nodes are identified in the following ways:
- A cluster is identified by a cluster ID specified as a number from 1 to 255.
- A cluster node is identified by a node ID specified as a number from 0 to 1.
Generally, on SRX Series devices, the cluster ID and node ID are written into EEPROM. However, the Firefly Perimeter VM does not emulate it. A location (boot/loader.conf) is required to save the IDs and read it out during initialization. Then the whole system (including BSD kernel) can determine that it is working in chassis cluster mode and does related initializations for chassis cluster.
The chassis cluster formation commands for node 0 and node 1 are as follows:
- user@hostset chassis cluster cluster-id 1 node 0 reboot
- user@hostset chassis cluster cluster-id 1 node 1 reboot
For additional information on chassis cluster, see:
Chassis Cluster Quick Setup
You can use the J-Web interface to set up chassis cluster for both the Firefly Perimeter devices forming a cluster.
To set up chassis cluster:
- Launch a Web browser from the management device.
- Enter the Firefly interface IP address in the Address box.
- Specify the default username as root. Do not enter a value in the Password box.
- Click Log In. The J-Web Setup Wizard page opens.
- Select Configure>Chassis Cluster>Setup. The Chassis Cluster Setup configuration page appears.Table 1 explains the contents of this page.
- Configure chassis cluster using the options described in Table 1.
- Click Enable to enable chassis cluster mode on the node.
- Select one of the following options:
- Enable and Reboot: Enables chassis cluster
mode and reboots the node.
A confirmation message says Successfully enabled chassis cluster. Going to reboot now.
Click OK.
- Enable and No Reboot: Enables chassis cluster
mode without rebooting the node.
A confirmation message is displayed.
Click OK.
- Cancel: Cancels your entries and returns to the main configuration page.
- Enable and Reboot: Enables chassis cluster
mode and reboots the node.
- Click Reset to reset your entries to their original values or click Disable to disable chassis cluster mode on the node.
Table 1: Add Chassis Cluster Setup Configuration Details
Field | Function | Action |
|---|---|---|
Cluster ID | Specifies the number by which a cluster is identified. | Enter a number from 1 through 255. |
Node | ||
Node ID | Specifies the number by which a node is identified. | Enter a number from 0 through 1. |
Node Management IP Address (fxp0.0) | Specifies the management IP address of a node. | Enter a valid IP address for the management interface. |
Control Link | ||
FPC | Specifies the FPC control link. | Select the FPC number from the list. |
Port | Specifies the port to configure for the control link. | Enter a number from 0 through 2. |
 | Note: For detailed information on various options used for chassis cluster see: |
Configuring Chassis Cluster
You can use J-Web interface to configure the primary Firefly device.
Select Configure>Chassis Cluster>Cluster Configuration. The Chassis Cluster configuration page appears.
See Table 2 for the actions available on the Chassis Cluster configuration page.
Table 3 explains the contents of the configuration page.
See Table 4 for Node Setting configuration details.
Table 2: Chassis Cluster Configuration Page Actions
Action | Description |
|---|---|
Add | Adds a new or duplicate chassis cluster configuration. Enter information as specified in Table 5. |
Edit | Edits the selected chassis cluster configuration. Enter information as specified in Table 5. |
Delete | Deletes the selected chassis cluster configuration. |
Actions & Commit | Commits the configuration and returns to the main configuration page. |
Cancel | Cancels your entries and returns to the main configuration page. |
Table 3: Chassis Cluster Configuration Page
Field | Function |
|---|---|
Node Settings | |
Node ID | Displays the node ID. |
Cluster ID | Displays the cluster ID configured for the node. |
Host Name | Displays the name of the node. |
Backup Router | Displays the router used as a gateway while the RE is in secondary state for redundancy-group 0 in a chassis cluster. |
Management Interface | Displays the management interface of the node. |
IP Address | Displays the management IP address of the node. |
Status | Displays the state of the redundancy group.
|
Chassis Cluster> Cluster Settings>Interfaces | |
Name | Displays the physical interface name. |
Member Interfaces/IP Address | Displays the member interface name or IP address configured for an interface. |
Redundancy Group | Displays the redundancy group. |
Chassis Cluster> Cluster Settings>Redundancy Group | |
Group | Displays the redundancy group identification number. |
Preempt | Displays the selected Preempt option.
|
Gratuitous ARP Count | Displays the number of gratuitous ARP requests that a newly elected primary device in a chassis cluster sends out to announce its presence to the other network devices. |
Node Priority | Displays the assigned priority for the redundancy group on that node. The eligible node with the highest priority is elected as primary for the redundant group. |
Table 4: Add Node Setting Configuration Details
Field | Function | Action |
|---|---|---|
Fabric Link > Fabric Link 0 (fab0) | ||
Interface | Specifies fabric link 0. | Enter the interface IP fabric link 0. |
Add | Adds fabric interface 0. | Click Add. |
Delete | Deletes fabric interface 0. | Click Delete. |
Fabric Link > Fabric Link 1 (fab1) | ||
Interface | Specifies fabric link 1. | Enter the interface IP for fabric link 1. |
Add | Adds fabric interface 1. | Click Add. |
Delete | Deletes fabric interface 1. | Click Delete. |
Redundant Ethernet | ||
Interface | Specifies a logical interface consisting of two physical Ethernet interfaces, one on each chassis. | Enter the logical interface. |
IP | Specifies redundant Ethernet IP address. | Enter redundant Ethernet IP address. |
Redundancy Group | Specifies redundancy group ID number in the chassis cluster. | Select a redundancy group from the list. |
Add | Adds redundant Ethernet IP address. | Click Add. |
Delete | Deletes redundant Ethernet IP address. | Click Delete. |
Add Redundancy Group | ||
Redundancy Group | Specifies the redundancy group name. | Enter the redundancy group name. |
Allow preemption of primaryship | Allows a node with a better priority to initiate a failover for a redundancy group. Note: By default, this feature is disabled. When disabled, a node with a better priority does not initiate a redundancy group failover (unless some other factor, such as faulty network connectivity identified for monitored interfaces, causes a failover). | - |
Gratuitous ARP Count | Specifies the number of gratuitous Address Resolution Protocol requests that a newly elected master sends out on the active redundant Ethernet interface child links to notify network devices of a change in mastership on the redundant Ethernet interface links. | Enter a value from 1 to 16. The default is 4. |
node0 priority | Specifies the priority value of node0 for a redundancy group. | Enter the node priority number as 0. |
node1 priority | Specifies the priority value of node1 for a redundancy group. | Select the node priority number as 1. |
Interface Monitor | ||
Interface | Specifies the number of redundant Ethernet interfaces to be created for the cluster. | Select the interface from the list. |
Weight | Specifies the weight for the interface to be monitored. | Enter a value from 1 to 125.. |
Add | Adds interfaces to be monitored by the redundancy group and their respective weights. | Click Add. |
Delete | Deletes interfaces to be monitored by the redundancy group along with their respective weights. | Select the interface from the configured list and click Delete. |
IP Monitoring | ||
Weight | Specifies the global threshold for IP monitoring. | Enter a value from 0 to 255. |
Threshold | Specifies the global threshold for IP monitoring. | Enter a value from 0 to 255. |
Retry Count | Specifies the number of retries needed to declare reachability failure. | Enter a value from 5 to 15. |
Retry Interval | Specifies the time interval in seconds between retries. | Enter a value from 1 to 30. |
IPV4 Addresses to be monitored | ||
IP | Specifies the IPv4 addresses to be monitored for reachability. | Enter the IPv4 addresses. |
Weight | Specifies the weight for the redundancy group interface to be monitored. | Enter the weight. |
Interface | Specifies the logical interface through which to monitor this IP address. | Enter the logical interface address. |
Secondary IP address | Specifies the source address for monitoring packets on a secondary link. | Enter the secondary IP address. |
Add | Adds the IPv4 addresses to be monitored. | Click Add. |
Delete | Delete the IPv4 addresses to be monitored. | Select the item from the list and click Delete. |
Table 5: Edit Node Setting Configuration Details
Field | Function | Action |
|---|---|---|
Node Settings | ||
Host Name | Specifies the name of the host. | Enter the name of the host. |
Backup Router | Displays the router used as a gateway while the RE is in secondary state for redundancy-group 0 in a chassis cluster. | Displays the router used as a gateway while the RE is in secondary state for redundancy-group 0 in a chassis cluster. |
Destination | ||
IP | Adds the destination address. | Click Add. |
Delete | Deletes the destination address. | Click Delete. |
Interface | ||
Interface | Specifies the interfaces available for the router. Note: Allows you to add and edit two interfaces for each fabric link. | Select an option. |
IP | Specifies the interface IP address. | Enter the interface IP address. |
Add | Adds the interface. | Click Add. |
Delete | Deletes the interface. | Click Delete. |
