Insert Additional SRX5K-SPC3 in a Multinode High Availability Setup
Insert SRX5K-SPC3 in a Multinode High Availability Setup
Starting in Junos OS Release 22.2R1, you can insert additional Service Processing Cards (SPC3) cards in a SRX5000-Line devices in Multinode High Availability setup without interrupting the existing traffic flow or without incurring downtime on your network.
We strongly recommend that you install the additional SPC3 card during a maintenance window, or during times of low-traffic as the backup node is not available for some time.
Requirements
Note the following requirements before you install additional SPC3 cards in a SRX5000-line device in a Multinode High Availability setup:
- Each security device must have at least one SPC3 card installed.
- When you are inserting a new SPC3 card, you must install it in a slot that has a higher number than the slots in which other SPCs are already installed. For example, if both nodes have an SPC3 card on slot 2, then you must insert the new SPC3 card in slot 3 or in a higher-numbered slot. You must not install the card in slot 0 or slot 1.
- Use the following table to know whether you can insert an additional SPC3
card on an SRX5000 chassis without interrupting the traffic based on the
count of already installed SPC3 cards.
Existing Count of SPC3 Cards Count After Inserting Additional SPC3 Cards Installation Without Traffic Interruption 1 2 Yes 1 3 or more No 2 3 or more No 3 or more 4 or more Yes
Install Additional SPC3 Cards
Consider a Multinode High Availability setup with two SRX5000 line devices. You've two nodes—node 1 acting as the active node and node 2 as the backup node. You want to install SPC3 cards on both the nodes.
Familiarize yourself with the SPC3 installation procedure for your security device. See Installing an SRX5400 Services Gateway SPC, or Installing an SRX5600 Services Gateway SPC, or Installing an SRX5800 Services Gateway SPC.
The following procedures guide you how to install an additional SPC3 card in a Multinode High Availability system.
Case 1: Nonencrypted ICL
- Power off node 2 (backup node) using the
request system power off
command from operational mode. - Insert an SPC3 card or cards on node 2.
- Boot up node 2.
- Run the
show chassis high-availability information
command. If the device displays an error with theSPU Slot Mismatch
message, you must halt the installation procedure and redo the procedure. If there are no error messages, continue with the next step. - When node 2 is back online and ready to failover on all SRGs, initiate a
failover for all traffic and SRGs to node 2. You can use the
request chassis high-availability failover services-redundancy-group
command from the operational mode. When you run the command, the node 2 transitions to the active role. - Power off node 1.
- Insert an SPC3 card or cards on node 1.
- Boot up node 1 after you complete the installation.
Case-2: Encrypted ICL
- Configure the
set chassis high-availability hardware-upgrade
statement and commit the configuration on both nodes. - Power off node 2 (backup node) using the
request system power off
command from operational mode. - Insert an SPC3 card or cards on node 2.
- Run the
show chassis high-availability information
command. If the device displays an error with theSPU Slot Mismatch
message, you must halt the upgrade procedure to not cause any disruption to the traffic. If there are no error messages, continue with the next step. - Boot up node 2.
- When node 2 is back online and ready to fail over on all SRGs, initiate a
failover for all traffic and SRGs to node 2 using the
request chassis high-availability failover services-redundancy-group
command from the operational mode. When you run the command, the node 2 transitions to the active role. - Power off node 1.
- Insert an SPC3 card or cards on node 1.
- Boot up node 1 after you complete the installation.
- After node 1 is back online, configure the
delete chassis high-availability hardware-upgrade
statement on both the nodes and commit the configuration.
How to Address SPC3 Slot Mismatch
If you face any issues while installing an additional SPC3 card, use the following steps to address the issue:
-
Run the
show chassis high-availability information
command.If the device displays an error with the
Peer Hardware Incompatible: SPU Slot Mismatch
message, you must halt the upgrade procedure to not cause any disruption to the traffic. -
Run the
show chassis fpc pic-status
command to check mismatched chassis slots between the two nodes. -
Remove the wrongly placed card, and reinsert it into a correct slot, and perform the upgrade procedure once again.