- play_arrow Overview
- play_arrow Setting Up a Chassis Cluster
- SRX Series Chassis Cluster Configuration Overview
- SRX Series Chassis Cluster Slot Numbering and Logical Interface Naming
- Preparing Your Equipment for Chassis Cluster Formation
- Connecting SRX Series Firewalls to Create a Chassis Cluster
- Example: Setting the Node ID and Cluster ID for Security Devices in a Chassis Cluster
- Chassis Cluster Management Interfaces
- Chassis Cluster Fabric Interfaces
- Chassis Cluster Control Plane Interfaces
- Chassis Cluster Redundancy Groups
- Chassis Cluster Redundant Ethernet Interfaces
- Configuring Chassis Clustering on SRX Series Devices
- Example: Enabling Eight-Queue Class of Service on Redundant Ethernet Interfaces on SRX Series Firewalls in a Chassis Cluster
- Conditional Route Advertisement over Redundant Ethernet Interfaces on SRX Series Firewalls in a Chassis Cluster
- play_arrow Configuring Redundancy and Failover in a Chassis Cluster
- Chassis Cluster Dual Control Links
- Chassis Cluster Dual Fabric Links
- Monitoring of Global-Level Objects in a Chassis Cluster
- Monitoring Chassis Cluster Interfaces
- Monitoring IP Addresses on a Chassis Cluster
- Configuring Cluster Failover Parameters
- Understanding Chassis Cluster Resiliency
- Chassis Cluster Redundancy Group Failover
- play_arrow Upgrading or Disabling a Chassis Cluster
- play_arrow Troubleshooting
- Troubleshooting a Control Link Failure in an SRX Chassis Cluster
- Troubleshooting a Fabric Link Failure in an SRX Chassis Cluster
- Troubleshooting a Redundancy Group that Does Not Fail Over in an SRX Chassis Cluster
- Troubleshooting an SRX Chassis Cluster with One Node in the Primary State and the Other Node in the Disabled State
- Troubleshooting an SRX Chassis Cluster with One Node in the Primary State and the Other Node in the Lost State
- Troubleshooting an SRX Chassis Cluster with One Node in the Hold State and the Other Node in the Lost State
- Troubleshooting Chassis Cluster Management Issues
- Data Collection for Customer Support
- play_arrow Configuration Statements and Operational Commands
- play_arrow Chassis Cluster Support on SRX100, SRX210, SRX220, SRX240, SRX550M, SRX650, SRX1400, SRX3400, and SRX3600 Devices
Ethernet Switching on Chassis Cluster
You can configure a chassis cluster to act as a Layer 2 Ethernet switch. For more information, see the following topics:.
Layer 2 Ethernet Switching Capability in a Chassis Cluster Mode
- Understanding Layer 2 Ethernet Switching Capability in a Chassis Cluster on SRX Series Devices
- Understanding Chassis Cluster Failover and New Primary Election
- Benefits of Ethernet Switching on Chassis Cluster
Understanding Layer 2 Ethernet Switching Capability in a Chassis Cluster on SRX Series Devices
Ethernet ports support various Layer 2 features such as spanning-tree protocols (STPs), IEEE 802.1x, Link Layer Discovery Protocol (LLDP), and Multiple VLAN Registration Protocol (MVRP). With the extension of Layer 2 switching capability to devices in a chassis cluster, you can use Ethernet switching features on both nodes of a chassis cluster.
To ensure that Layer 2 switching works seamlessly across chassis cluster nodes, a dedicated physical link connecting the nodes is required. This type of link is called a switching fabric interface. Its purpose is to carry Layer 2 traffic between nodes.
Configuring a LAG with
family ethernet-switchingis not supported.Configuring a Reth with
family ethernet-switchingis not supported. This is only supported in Transparent mode.If a switching fabric interface (swfab) is not configured on both nodes, and if you try to configure Ethernet switching related features on the nodes, then the behavior of the nodes might be unpredictable.
Understanding Chassis Cluster Failover and New Primary Election
When chassis cluster failover occurs, a new primary node is elected and the Ethernet switching process (eswd) runs in a different node. During failover, the chassis control subsystem is restarted. Also during failover, traffic outage occurs until the PICs are up and the VLAN entries are reprogrammed. After failover, all Layer 2 protocols reconverge because Layer 2 protocol states are not maintained in the secondary node.
The Q-in-Q feature in chassis cluster mode is not supported because of chip limitation for swfab interface configuration in Broadcom chipsets.
Benefits of Ethernet Switching on Chassis Cluster
Enables Ethernet switching functionality on both nodes of a chassis cluster and provides the option to configure the Ethernet ports on either node for family Ethernet switching.
Enables configuring a Layer 2 VLAN domain with member ports from both nodes and the Layer 2 switching protocols on both devices.
See Also
Example: Configuring Switch Fabric Interfaces to Enable Switching in Chassis Cluster Mode on a Security Device
This example shows how to configure switching fabric interfaces to enable switching in chassis cluster mode.
Requirements
The physical link used as the switch fabric member must be directly connected to the device.
Switching fabric interfaces must be configured on ports that support switching features. See Ethernet Ports Switching Overview for Security Devices for information about the ports on which switching features are supported.
The physical link used as the switch fabric member must be directly connected to the device. Switching supported ports must be used for switching fabric interfaces. See Ethernet Ports Switching Overview for Security Devices for switching supported ports.
Before you begin, See Example: Configuring the Chassis Cluster Fabric Interfaces.
Overview
In this example, pseudointerfaces swfab0 and swfab1 are created for Layer 2 fabric functionality. You also configure dedicated Ethernet ports on each node to be associated with the swfab interfaces.
Configuration
Procedure
CLI Quick Configuration
To quickly configure this section of the example,
copy the following commands, paste them into a text file, remove any
line breaks, change any details necessary to match your network configuration,
copy and paste the commands into the CLI at the [edit] hierarchy
level, and then enter commit from configuration mode.
set interfaces swfab0 fabric-options member-interfaces ge-0/0/3 set interfaces swfab1 fabric-options member-interfaces ge-9/0/3
Step-by-Step Procedure
To configure swfab interfaces:
Configure swfab0 and swfab1 and associate these switch fabric interfaces to enable switching across the nodes. Note that swfab0 corresponds to node 0 and swfab1 corresponds to node 1.
content_copy zoom_out_map{primary:node0} [edit] user@host# set interfaces swfab0 fabric-options member-interfaces ge-0/0/3 user@host# set interfaces swfab1 fabric-options member-interfaces ge-9/0/3If you are done configuring the device, commit the configuration.
content_copy zoom_out_map{primary:node0} [edit] user@host# commit
Results
From configuration mode, confirm your configuration
by entering the show interfaces swfab0 command. If the
output does not display the intended configuration, repeat the configuration
instructions in this example to correct the configuration.
[edit]
user@host# show interfaces swfab0
fabric-options{
member-interfaces {
ge-0/0/3;
}
}
Verification
To confirm that the configuration is working properly, perform these tasks:
Verifying Switching Fabric Ports
Purpose
Verify that you are able to configure multiple ports as members of switching fabric ports.
Action
From configuration mode, enter the show interfaces swfab0 command to view the configured interfaces for each port.
user@host# show interfaces swfab0
fabric-options{
member-interfaces {
ge-0/0/3;
}
}
From operational mode, enter the show chassis cluster ethernet-switching
interfaces command to view the appropriate member interfaces.
user@host> show chassis cluster ethernet-switching interfaces
swfab0:
Name Status
ge-0/0/3 up
swfab1:
Name Status
ge-9/0/3 up
