Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
ON THIS PAGE
 

Understanding SRX Series Chassis Cluster Slot Numbering and Physical Port and Logical Interface Naming

See the hardware documentation for your particular model (SRX Series Services Gateways) for details about SRX Series Firewalls. See Interfaces User Guide for Security Devices for a full discussion of interface naming conventions.

After the devices are connected as a cluster, the slot numbering on the SRX acting as node 1 changes and thus the interface numbering will change. The slot number for each slot in both nodes is determined using the following formula:

cluster slot number = (node ID * maximum slots per node) + local slot number

In chassis cluster mode, the interfaces on the SRX acting as node 1 are renumbered internally.

This topic describes the slot numbering and physical port and logical interface naming conventions for SRX Series Firewalls in a chassis cluster and includes following sections:

Chassis Cluster Slot Numbering and Physical Port and Logical Interface Naming for SRX300, SRX320, SRX340, SRX345, SRX380, SRX1500, and SRX1600 devices.

For SRX340 and SRX345 devices, the fxp0 interface is a dedicated port. For SRX300 and SRX320 devices, after you enable chassis clustering and reboot the system, the built-in interface named ge-0/0/0 is repurposed as the management interface and is automatically renamed fxp0.

For SRX300, SRX320, SRX340, SRX345, and SRX380 devices, after you enable chassis clustering and reboot the system, the build-in interface named ge-0/0/1 is repurposed as the control interface and is automatically renamed fxp1. The SRX300, SRX320, SRX340, SRX345 and SRX380 devices support only Gigabit Ethernet ports as fabric link.

SRX1500 devices have 16 GE interfaces and 4 XE ports.

SRX1600 devices have 16 (1G), 4 (10G), 2 (25G), 2 (1G) ports. The 2 (1G) ports are HA control ports and are not used for forwarding traffic.

Table 1 shows the slot numbering, as well as the physical port and logical interface numbering, for both of the SRX Series Firewalls that become node 0 and node 1 of the chassis cluster after the cluster is formed.

Table 1: Chassis Cluster Slot Numbering and Physical Port and Logical Interface Naming

Model

Chassis

Maximum Slots Per Node

Slot Numbering in a Cluster

Management Physical Port/Logical Interface

Control Physical Port/Logical Interface

Fabric Physical Port/Logical Interface

SRX1600

Node 0

3

0

fxp0

Dedicated dual Control links with MACsec support

Dual fabric links

em0/em1

fab0

Node 1

7

fxp0

Dedicated dual Control links with MACsec support

Dual fabric links

em0/em1

fab1

SRX1500

Node 0

3

0

fxp0

Dedicated Control port

Any Ethernet port

em0

fab0

Node 1

7

fxp0

Dedicated Control port

Any Ethernet port

em0

fab1

SRX340,SRX345, and SRX380

Node 0

5 (PIM slots)

0—4

fxp0

ge-0/0/1

Any Ethernet port

fxp0

fxp1

fab0

Node 1

5—9

fxp0

ge-5/0/1

Any Ethernet port

fxp0

fxp1

fab1

SRX320

Node 0

3 (PIM slots)

0—2

ge-0/0/0

ge-0/0/1

Any Ethernet port

fxp0

fxp1

fab0

Node 1

3—5

ge-3/0/0

ge-3/0/1

Any Ethernet port

fxp0

fxp1

fab1

SRX300

Node 0

1(PIM slot)

0

ge-0/0/0

ge-0/0/1

Any Ethernet port

fxp0

fxp1

fab0

Node 1

1

ge-1/0/0

ge-1/0/1

Any Ethernet port

fxp0

fxp1

fab1
Table 2: Chassis Cluster Fabric Interface Details for SRX1600

Interfaces

Used as Fabric Port?

Supports Z-Mode Traffic?

Supports MACsec?

16X1Gigabit Ethernet Interface -BASE-T RJ45

Yes

Yes

No

2x 25G SFP28

Yes

Yes

No

4x 10G SFP+

Yes

Yes

No

After you enable chassis clustering, the two chassis joined together cease to exist as individuals and now represent a single system. As a single system, the cluster now has twice as many slots. (See Figure 1, Figure 2, Figure 3, Figure 4, and Figure 6.)

Figure 1: Slot Numbering in SRX300 Chassis Cluster Slot Numbering in SRX300 Chassis Cluster
Figure 2: Slot Numbering in SRX320 Chassis Cluster Slot Numbering in SRX320 Chassis Cluster
Figure 3: Slot Numbering in SRX340 Chassis Cluster Slot Numbering in SRX340 Chassis Cluster
Figure 4: Slot Numbering in SRX345 Chassis Cluster Slot Numbering in SRX345 Chassis Cluster
Figure 5: Slot Numbering in SRX380 Chassis Cluster Slot Numbering in SRX380 Chassis Cluster
Figure 6: Slot Numbering in SRX1500 Chassis Cluster Slot Numbering in SRX1500 Chassis Cluster
Figure 7: Slot Numbering in SRX1600 Chassis Cluster Slot Numbering in SRX1600 Chassis Cluster

Chassis Cluster Slot Numbering and Physical Port and Logical Interface Naming for SRX4600 Devices

The SRX4600 devices use dedicated HA control and fabric ports.

Table 3 and Table 4 show the slot numbering, as well as the physical port and logical interface numbering, for both of the SRX Series Firewalls that become node 0 and node 1 of the chassis cluster after the cluster is formed.

For information on SRX3400 and SRX3600 devices, see Chassis Cluster support on SRX3400 and SRX3600 devices.

Table 3: Chassis Cluster Slot Numbering, and Physical Port and Logical Interface Naming for SRX4600 Devices

Model

Chassis Cluster

Maximum Slots Per Node

Slot Numbering in a Cluster

Management Physical Port/Logical Interface

Control Physical Port/Logical Interface

Fabric Physical Port/Logical Interface

SRX4600

Node 0

1

0-6

fxp0

Dual (redundant) MACsec-enabled HA control ports (10GbE) are xe-0/0/0 and xe-0/0/1

It uses 1-Gigabit Ethernet SFP as control port.

Dual (redundant) MACsec-enabled HA fabric ports (10GbE)

Dual Fabric ports with macsec enabled are xe-0/0/2 and xe-0/0/3

Node 1

7-13
Table 4: Chassis Cluster Interface Renumbering for SRX4600

Device

Renumbering Constant

Node 0 Interface Name

Node 1 Interface Name

SRX4600

7

xe-1/0/0

xe-8/0/0
Table 5: Chassis Cluster Fabric Interface Details for SRX4600

Interfaces

Used as Fabric Port?

Supports Z-Mode Traffic?

Supports MACsec?

Dedicated fabric ports

Yes

Yes

Yes

8X10-Gigabit Ethernet Interface SFPP ports

Yes

Yes

No

4X40-Gigabit Ethernet Interface QSFP28 ports

Yes

Yes

No

4x10-Gigabit Ethernet Interface SFPP ports

Yes

Yes

No

2X100-Gigabit Ethernet Interface QSFP28 slots

No

No

No

Mix and match of fabric ports are not supported. That is, you cannot use one 10-Gigabit Ethernet interface and one 40-Gigabit Ethernet interface for fabric links configuration. Dedicated fabric link supports only 10-Gigabit Ethernet Interface.

Figure 8 shows the slot numbering for both of the SRX Series Firewalls that become node 0 and node 1 of the chassis cluster after the cluster is formed.

Figure 8: Slot Numbering in SRX4600 Chassis ClusterSlot Numbering in SRX4600 Chassis Cluster

Chassis Cluster Slot Numbering and Physical Port and Logical Interface Naming for SRX2300, SRX4100, SRX4200, and SRX4300 Devices

The SRX4100 and SRX4200 devices use two 1-Gigabit Ethernet/10-Gigabit Ethernet ports, labeled as CTL and FAB as control port and fabric port respectively.

The SRX4300 devices supports 1-Gigabit Ethernet labeled as CTL control port.

Supported fabric interface types for SRX4100 and SRX4200 devices are 10-Gigabit Ethernet (xe) (10-Gigabit Ethernet Interface SFP+ slots).

Table 6: Chassis Cluster Fabric Interface Details for SRX2300

Interfaces

Used as Fabric Port?

Supports Z-Mode Traffic?

Supports MACsec?

8X10-Gigabit Ethernet Interface SFPP ports

Yes

Yes

Yes

4X25-Gigabit Ethernet Interface SFP28 ports

Yes

Yes

Yes

8x10-Gigabit Ethernet Interface BASE-T RJ45 ports

Yes

Yes

Yes

2X100-Gigabit Ethernet Interface QSFP28 slots

No

No

Yes
Table 7: Chassis Cluster Fabric Interface Details for SRX4300

Interfaces

Used as Fabric Port?

Supports Z-Mode Traffic?

Supports MACsec?

8X10-Gigabit Ethernet Interface SFP ports.

Yes

Yes

Yes

8x10-Gigabit Ethernet Interface BASE-T RJ45 ports.

Yes

Yes

Yes

6X100-Gigabit Ethernet Interface QSFP28 slots.

No

No

Yes

2X1-Gigabit Ethernet Interface SFP HA slots.

No

No

Yes

4X25-Gigabit Ethernet Interface SFP28 ports.

Yes

Yes

Yes

SRX4100, SRX4200, and SRX4300 devices do not support direct attach copper (DAC) cables for chassis cluster control.

Table 8 shows the slot numbering, as well as the physical port and logical interface numbering, for both of the SRX Series Firewalls that become node 0 and node 1 of the chassis cluster after the cluster is formed

Table 8: Chassis Cluster Slot Numbering, and Physical Port and Logical Interface Naming for SRX2300, SRX4100, SRX4200, and SRX4300Devices

Model

Chassis Cluster

Maximum Slots Per Node

Slot Numbering in a Cluster

Management Physical Port/Logical Interface

Control Physical Port/Logical Interface

Fabric Physical Port/Logical Interface

SRX2300

Node 0

1

0

fxp0

Dedicated control port, em0/em1

Revenue interfaces are used for dual fabric links, fab0.

Node 1

7

Revenue interfaces are used for dual fabric links, fab1.

SRX4100

Node 0

1

0

fxp0

Dedicated control port, em0

Dedicated fabric port, any Ethernet port (for dual fabric-link), fab0

Node 1

7

Dedicated fabric port, and any Ethernet port (for dual fabric-link), fab1

SRX4200

Node 0

1

0

fxp0

Dedicated control port,em0

Dedicated fabric port, and any Ethernet port (for dual fabric-link), fab0

Node 1

7

Dedicated fabric port, and any Ethernet port (for dual fabric-link), fab1

SRX4300

Node 0

1

0

fxp0

Dedicated control port, em0/em1

Revenue interfaces are used for dual fabric links, fab0

Node 1

7

Revenue interfaces for dual fabric links, fab1

Figure 10 and Figure 11 shows the slot numbering for both of the SRX Series Firewalls that become node 0 and node 1 of the chassis cluster after the cluster is formed.

Figure 9: Slot Numbering in SRX2300 Slot Numbering in SRX2300
Figure 10: Slot Numbering in SRX4100 Chassis Cluster Slot Numbering in SRX4100 Chassis Cluster
Figure 11: Slot Numbering in SRX4200 Chassis Cluster Slot Numbering in SRX4200 Chassis Cluster
Figure 12: Slot Numbering in SRX4300 Chassis Cluster Slot Numbering in SRX4300 Chassis Cluster

The node 1 renumbers its interfaces by adding the total number of system FPCs to the original FPC number of the interface. For example, see Table 9 for interface renumbering on the SRX Series Firewalls (SRX4100, SRX4200, and SRX4300).

Table 9: Chassis Cluster Interface Renumbering for SRX1600, SRX2300, SRX4100, SRX4200, and SRX4300

Device

Renumbering Constant

Node 0 Interface Name

Node 1 Interface Name

SRX1600

7

xe-0/1/0

xe-7/1/0

SRX2300

7

xe-0/2/0

xe-7/2/0

SRX4100

7

xe-0/0/0

xe-7/0/0

SRX4200

7

xe-0/0/1

xe-7/0/1

SRX4300

7

xe-0/1/0

xe-7/1/0

On SRX4100 and SRX4200 devices, when the system comes up as chassis cluster, the xe-0/0/8 and xe-7/0/8 interfaces are automatically set as fabric interfaces links. You can set up another pair of fabric interfaces using any pair of 10-Gigabit interfaces to serve as the fabric between nodes. Note that, the automatically created fabric interfaces cannot be deleted. However, you can delete the second pair of fabric interfaces (manually configured interfaces).

Chassis Cluster Slot Numbering and Physical Port and Logical Interface Naming for SRX5800, SRX5600, and SRX5400 Devices

For chassis clustering, all SRX Series Firewalls have a built-in management interface named fxp0. For most SRX Series Firewalls, the fxp0 interface is a dedicated port.

For the SRX5000 line, control interfaces are configured on SPCs.

Table 10 shows the slot numbering, as well as the physical port and logical interface numbering, for both of the SRX Series Firewalls that become node 0 and node 1 of the chassis cluster after the cluster is formed.

Table 10: Chassis Cluster Slot Numbering, and Physical Port and Logical Interface Naming for SRX5000 Line Devices

Model

Chassis Cluster

Maximum Slots Per Node

Slot Numbering in a Cluster

Management Physical Port/Logical Interface

Control Physical Port/Logical Interface

Fabric Physical Port/Logical Interface

SRX5800

Node 0

12 (FPC slots)

0—11

Dedicated Gigabit Ethernet port

Control port on an SPC

Any Ethernet port

fxp0

em0

fab0

Node 1

12—23

Dedicated Gigabit Ethernet port

Control port on an SPC

Any Ethernet port

fxp0

em0

fab1

SRX5600

Node 0

6 (FPC slots)

0—5

Dedicated Gigabit Ethernet port

Control port on an SPC

Any Ethernet port

fxp0

em0

fab0

Node 1

6—11

Dedicated Gigabit Ethernet port

Control port on an SPC

Any Ethernet port

fxp0

em0

fab1

SRX5400

Node 0

3 (FPC slots)

0—2

Dedicated Gigabit Ethernet port

Control port on an SPC

Any Ethernet port

fxp0

em0

fab0

Node 1

3—5

Dedicated Gigabit Ethernet port

Control port on an SPC

Any Ethernet port

fxp0

em0

fab1

After you enable chassis clustering, the two chassis joined together cease to exist as individuals and now represent a single system. As a single system, the cluster now has twice as many slots. (See Figure 13.)

Figure 13: Slot Numbering in SRX5800 Chassis ClusterSlot Numbering in SRX5800 Chassis Cluster

FPC Slot Numbering in SRX Series Firewall Cards

SRX5600 and SRX5800 devices have Flex I/O Cards (Flex IOCs) that have two slots to accept the following port modules:

  • SRX-IOC-4XGE-XFP 4-Port XFP

  • SRX-IOC-16GE-TX 16-Port RJ-45

  • SRX-IOC-16GE-SFP 16-Port SFP

You can use these port modules to add from 4 to 16 Ethernet ports to your SRX Series Firewall. Port numbering for these modules is

where slot is the number of the slot in the device in which the Flex IOC is installed; port module is 0 for the upper slot in the Flex IOC or 1 for the lower slot when the card is vertical, as in an SRX5800 device; and port is the number of the port on the port module. When the card is horizontal, as in an SRX5400 or SRX5600 device, port module is 0 for the left-hand slot or 1 for the right-hand slot.

SRX5400 devices support only SRX5K-MPC cards. The SRX5K-MPC cards also have two slots to accept the following port modules:

  • SRX-MIC-10XG-SFPP 10-port-SFP+ (xe)

  • SRX-MIC-20GE-SFP 20-port SFP (ge)

  • SRX-MIC-1X100G-CFP 1-port CFP (et)

  • SRX-MIC-2X40G-QSFP 2-port QSFP (et)

See the hardware guide for your specific SRX Series model (SRX Series Services Gateways).

Related Documentation