ON THIS PAGE
Example: Setting the Node ID and Cluster ID for Security Devices in a Chassis Cluster
When a device joins a cluster, it becomes a node of that cluster. With the exception of unique node settings and management IP addresses, nodes in a cluster share the same configuration.
A cluster is identified by a cluster ID (
cluster-id) specified as a number from 1 through 255. Setting a cluster ID to 0 is equivalent to disabling a cluster. A cluster ID greater than 15 can only be set when the fabric and control link interfaces are connected back-to-back or connected on separate VLANs.To use extended cluster IDs without back-to-back connectivity, control and fabric link traffic for each SRX cluster must be separated using unique VLAN IDs.
Example: Extended Cluster ID
The following message is displayed when you try to set a cluster ID greater than 15, and when fabric and control link interfaces are not connected back-to-back or are not connected on separate VLANs:
{primary:node1} user@host> set chassis cluster cluster-id 254 node 1 reboot For cluster-ids greater than 15 and when deploying more than one cluster in a single Layer 2 BROADCAST domain, it is mandatory that fabric and control links are either connected back-to-back or are connected on separate private VLANS.A cluster node is identified by a node ID (
node) specified as a number from 0 through 1.
This example shows how to set the chassis cluster node ID and chassis cluster ID , which you must configure after connecting two devices together. A chassis cluster ID identifies the cluster to which the devices belong, and a chassis cluster node ID identifies a unique node within the cluster. After wiring the two devices together, you use CLI operational mode commands to enable chassis clustering by assigning a cluster ID and node ID on each chassis in the cluster. The cluster ID is the same on both nodes.
Requirements
Before you begin, ensure that you can connect to each device through the console port.
Ensure that the devices are running the same version of the Junos operating system (Junos OS) and the security devices are of same model.
The factory-default configuration of an SRX Series Firewall includes the configuration of the interfaces on the device. Therefore, before enabling chassis clustering on the device, you must remove any existing configuration associated with those interfaces that will be transformed into the control and fabric interfaces. See Understanding SRX Series Chassis Cluster Slot Numbering and Physical Port and Logical Interface Naming for more information.
Overview
The system uses the chassis cluster ID and chassis cluster node
ID to apply the correct configuration for each node (for example,
when you use the apply-groups command to configure the
chassis cluster management interface). The chassis cluster ID and
node ID statements are written to the EPROM, and the statements take
effect when the system is rebooted.
In this example, you configure a chassis cluster ID of 1. You also configure a chassis cluster node ID of 0 for the first node, which allows redundancy groups to be primary on this node when priority settings for both nodes are the same, and a chassis cluster node ID of 1 for the other node.
Chassis cluster supports automatic synchronization of configurations. When a secondary node joins a primary node and a chassis cluster is formed, the primary node configuration is automatically copied and applied to the secondary node. See Understanding Automatic Chassis Cluster Synchronization Between Primary and Secondary Nodes.
Configuration
Procedure
Step-by-Step Procedure
To specify the chassis cluster node ID and cluster ID, you need to set two devices to cluster mode and reboot the devices. You must enter the following operational mode commands on both devices:
Connect to the first device through the console port.
user@host> set chassis cluster cluster-id 1 node 0 reboot Successfully enabled chassis cluster. Going to reboot now.
Connect to the second device through the console port.
user@host> set chassis cluster cluster-id 1 node 1 reboot Successfully enabled chassis cluster. Going to reboot now.
For SRX5400, SRX5600 and SRX5800 devices, you must configure the control ports before the cluster is formed.
To do this, you connect to the console port on the primary device, give it a node ID, and identify the cluster it will belong to, and then reboot the system. You then connect the console port to the other device, give it a node ID, and assign it the same cluster ID you gave to the first node, and then reboot the system. In both instances, you can cause the system to boot automatically by including the
rebootparameter in the CLI command line. (For further explanation of primary and secondary nodes, see Understanding Chassis Cluster Redundancy Groups.)
Verification
Verifying Chassis Cluster Status
Purpose
Verify the status of a chassis cluster.
Action
From operational mode, enter the show chassis cluster
status command.
{primary:node0}[edit]
user@host> show chassis cluster status
Cluster ID: 1
Node Priority Status Preempt Manual failover
Redundancy group: 0 , Failover count: 1
node0 100 primary no no
node1 1 secondary no no
Redundancy group: 1 , Failover count: 1
node0 0 primary no no
node1 0 secondary no noMeaning
The sample output shows that devices in the chassis cluster are communicating properly, with one device functioning as the primary node and the other as the secondary node.