This example shows how to configure a chassis cluster pair of J Series devices to allow asymmetric routing. Configuring asymmetric routing for a chassis cluster allows traffic received on either device to be processed seamlessly.

• Requirements
• Overview
• Configuration
• Verification

1. Physically connect a pair of J Series devices together, ensuring that they are the same models. This example uses a pair of J2320 Services Router devices.
   1. To create the fabric link, connect a Gigabit Ethernet interface on one device to another Gigabit Ethernet interface on the other device. See Connecting J Series Devices to Create a Chassis Cluster.
   2. To create the control link, connect the ge-0/0/3 Gigabit Ethernet interfaces of the two devices. See Connecting J Series Devices to Create a Chassis Cluster.
2. Connect to one of the devices using the console port. (This is the node that forms the cluster.)
   1. Set the cluster ID and node number.
      user@host> set chassis cluster cluster-id 1 node 0 reboot
3. Connect to the other device using the console port.
   1. Set the cluster ID and node number.
      user@host> set chassis cluster cluster-id 1 node 1 reboot

Overview

In this example, a chassis cluster provides asymmetric routing. As illustrated in Figure 1, two Internet connections are used, with one being preferred. The connection to the trust zone is provided by a redundant Ethernet interface to provide LAN redundancy for the devices in the trust zone.

Figure 1: Asymmetric Routing Chassis Cluster Topology

In this example, you configure group (applying the configuration with the apply-groups command) and chassis cluster information. Then you configure security zones and security policies. See Table 1 through Table 4.

Configuration

CLI Quick Configuration

To quickly configure an asymmetric chassis cluster pair, copy the following commands and paste them into the CLI:

Step-by-Step Procedure

1. Configure the management interface.
   {primary:node0}[edit]user@host# set groups node0 system host-name jseries-1user@host# set groups node0 interfaces fxp0 unit 0 family inet address 192.168.100.50/24user@host# set groups node1 system host-name jseries-2user@host#set groups node1 interfaces fxp0 unit 0 family inet address 192.168.100.51/24user@host# set apply-groups “${node}”
2. Configure the fabric interface.
   {primary:node0}[edit]user@host# set interfaces fab0 fabric-options member-interfaces ge-0/0/1user@host# set interfaces fab1 fabric-options member-interfaces ge-7/0/1
3. Configure the number of redundant Ethernet interfaces.
   {primary:node0}[edit]user@host# set chassis cluster reth-count 1
4. Configure the redundancy groups.
   {primary:node0}[edit]user@host# set chassis cluster heartbeat-interval 1000user@host# set chassis cluster heartbeat-threshold 3user@host# set chassis cluster node 0user@host# set chassis cluster node 1user@host# set chassis cluster redundancy-group 1 node 0 priority 100user@host# set chassis cluster redundancy-group 1 node 1 priority 1user@host# set chassis cluster redundancy-group 1 interface-monitor fe-1/0/0 weight 255user@host# set chassis cluster redundancy-group 1 interface-monitor fe-5/0/0 weight 255
5. Configure the redundant Ethernet interfaces.
   {primary:node0}[edit]user@host# set interfaces ge-0/0/0 unit 0 family inet address 1.4.0.202/24user@host# set interfaces fe-1/0/0 fastether-options redundant-parent reth0user@host# set interfaces ge-7/0/0 unit 0 family inet address 1.2.1.233/24user@host# set interfaces fe-5/0/0 fastether-options redundant-parent reth0user@host# set interfaces reth0 unit 0 family inet address 10.16.8.1/24
6. Configure the static routes (one to each ISP, with preferred route through ge-0/0/0).
   {primary:node0}[edit]user@host# set routing-options static route 0.0.0.0/0 qualified-next-hop 1.4.0.1 metric 10user@host# set routing-options static route 0.0.0.0/0 qualified-next-hop 1.2.1.1 metric 100
7. Configure the security zones.
   {primary:node0}[edit]user@host# set security zones security-zone untrust interfaces ge-0/0/0.0user@host# set security zones security-zone untrust interfaces ge-7/0/0.0user@host# set security zones security-zone trust interfaces reth0.0
8. Configure the security policies.
   {primary:node0}[edit]user@host# set security policies from-zone trust to-zone untrust policy ANY match source-address anyuser@host# set security policies from-zone trust to-zone untrust policy ANY match destination-address anyuser@host# set security policies from-zone trust to-zone untrust policy ANY match application anyuser@host# set security policies from-zone trust to-zone untrust policy ANY then permit

Results

From operational mode, confirm your configuration by entering the show configuration command. If the output does not display the intended configuration, repeat the configuration instructions in this example to correct it.

For brevity, this show command output includes only the configuration that is relevant to this example. Any other configuration on the system has been replaced with ellipses (...).

If you are done configuring the device, enter commit from configuration mode.

Verification

To confirm that the configuration is working properly:

• Verifying Chassis Cluster Status
• Verifying Chassis Cluster Interfaces
• Verifying Chassis Cluster Statistics
• Verifying Chassis Cluster Control Plane Statistics
• Verifying Chassis Cluster Data Plane Statistics
• Verifying Chassis Cluster Redundancy Group Status
• Troubleshooting with Logs

Verifying Chassis Cluster Status

Purpose

Verify the chassis cluster status, failover status, and redundancy group information.

Action

From operational mode, enter the show chassis cluster status command.

Cluster ID: 1
Node                       Priority     Status    Preempt  Manual failover

Redundancy group: 1 , Failover count: 1
    node0                   100         primary   no       no
    node1                   1           secondary no       no

Verifying Chassis Cluster Interfaces

Purpose

Verify information about chassis cluster interfaces.

Action

From operational mode, enter the show chassis cluster interfaces command.

Control link name: fxp1

Redundant-ethernet Information:
    Name         Status      Redundancy-group
    reth0        Up          1
   
Interface Monitoring:
    Interface         Weight    Status    Redundancy-group
    fe-1/0/0          255       Up        1
    fe-5/0/0          255       Up        1
    

Verifying Chassis Cluster Statistics

Purpose

Verify information about the statistics of the different objects being synchronized, the fabric and control interface hellos, and the status of the monitored interfaces in the cluster.

Action

From operational mode, enter the show chassis cluster statistics command.

Control link statistics:
    Control link 0:
        Heartbeat packets sent: 228
        Heartbeat packets received: 2370
        Heartbeat packets errors: 0
Fabric link statistics:
    Child link 0
        Probes sent: 2272
        Probes received: 597
Services Synchronized:
    Service name                              RTOs sent    RTOs received
    Translation context                       0            0
    Incoming NAT                              0            0
    Resource manager                          6            0
    Session create                            160          0
    Session close                             147          0
    Session change                            0            0
    Gate create                               0            0
    Session ageout refresh requests           0            0
    Session ageout refresh replies            0            0
    IPSec VPN                                 0            0
    Firewall user authentication              0            0
    MGCP ALG                                  0            0
    H323 ALG                                  0            0
    SIP ALG                                   0            0
    SCCP ALG                                  0            0
    PPTP ALG                                  0            0
    RPC ALG                                   0            0
    RTSP ALG                                  0            0
    RAS ALG                                   0            0
    MAC address learning                      0            0
    GPRS GTP                                  0            0
   

Verifying Chassis Cluster Control Plane Statistics

Purpose

Verify information about chassis cluster control plane statistics (heartbeats sent and received) and the fabric link statistics (probes sent and received).

Action

From operational mode, enter the show chassis cluster control-plane statistics command.

Control link statistics:
    Control link 0:
        Heartbeat packets sent: 258689
        Heartbeat packets received: 258684
        Heartbeat packets errors: 0
Fabric link statistics:
    Child link 0
        Probes sent: 258681
        Probes received: 258681

Verifying Chassis Cluster Data Plane Statistics

Purpose

Verify information about the number of RTOs sent and received for services.

Action

From operational mode, enter the show chassis cluster data-plane statistics command.

Services Synchronized:
    Service name                              RTOs sent    RTOs received
    Translation context                       0            0
    Incoming NAT                              0            0
    Resource manager                          6            0
    Session create                            160          0
    Session close                             147          0
    Session change                            0            0
    Gate create                               0            0
    Session ageout refresh requests           0            0
    Session ageout refresh replies            0            0
    IPSec VPN                                 0            0
    Firewall user authentication              0            0
    MGCP ALG                                  0            0
    H323 ALG                                  0            0
    SIP ALG                                   0            0
    SCCP ALG                                  0            0
    PPTP ALG                                  0            0
    RPC ALG                                   0            0
    RTSP ALG                                  0            0
    RAS ALG                                   0            0
    MAC address learning                      0            0
    GPRS GTP                                  0            0

Verifying Chassis Cluster Redundancy Group Status

Purpose

Verify the state and priority of both nodes in a cluster and information about whether the primary node has been preempted or whether there has been a manual failover.

Action

From operational mode, enter the chassis cluster status redundancy-group command.

Cluster ID: 1
    Node               Priority    Status    Preempt  Manual failover

	Redundancy-Group: 1, Failover count: 1
    node0              100          primary   no       no
    node1              1            secondary no       no

Troubleshooting with Logs

Purpose

Use these logs to identify any chassis cluster issues. You should run these logs on both nodes.

Action

From operational mode, enter these show commands.