ON THIS PAGE
Example: Configure Chassis Cluster Redundancy Group IP Address Monitoring
This example shows how to configure redundancy group IP address monitoring for an SRX Series Firewall in a chassis cluster.
Requirements
Before you begin:
Set the chassis cluster node ID and cluster ID. See Example: Setting the Node ID and Cluster ID for Security Devices in a Chassis Cluster
Configure the chassis cluster management interface. See Example: Configuring the Chassis Cluster Management Interface.
Configure the chassis cluster fabric. See Example: Configuring the Chassis Cluster Fabric Interfaces.
Overview
You can configure redundancy groups to monitor upstream resources by pinging specific IP addresses that are reachable through redundant Ethernet interfaces on either node in a cluster. You can also configure global threshold, weight, retry interval, and retry count parameters for a redundancy group. When a monitored IP address becomes unreachable, the weight of that monitored IP address is deducted from the redundancy group IP address monitoring global threshold. When the global threshold reaches 0, the global weight is deducted from the redundancy group threshold. The retry interval determines the ping interval for each IP address monitored by the redundancy group. The pings are sent as soon as the configuration is committed. The retry count sets the number of allowed consecutive ping failures for each IP address monitored by the redundancy group.
In this example, you configure the following settings for redundancy group 1:
IP address to monitor—10.1.1.10
IP address monitoring global-weight—100
IP address monitoring global-threshold—200
The threshold applies cumulatively to all IP addresses monitored by the redundancy group.
IP address retry-interval—3 seconds
IP address retry-count—10
Weight—100
Redundant Ethernet interface—reth1.0
Secondary IP address—10.1.1.101
Configuration
Procedure
CLI Quick Configuration
To quickly configure this example, copy the
following commands, paste them into a text file, remove any line breaks,
change any details necessary to match your network configuration,
copy and paste the commands into the CLI at the [edit] hierarchy
level, and then enter commit from configuration mode.
{primary:node0}[edit]
user@host#
set chassis cluster redundancy-group 1 ip-monitoring global-weight 100
set chassis cluster redundancy-group 1 ip-monitoring global-threshold 200
set chassis cluster redundancy-group 1 ip-monitoring retry-interval 3
set chassis cluster redundancy-group 1 ip-monitoring retry-count 10
set chassis cluster redundancy-group 1 ip-monitoring family inet 10.1.1.10 weight 100 interface reth1.0 secondary-ip-address 10.1.1.101
Step-by-Step Procedure
To configure redundancy group IP address monitoring:
Specify a global monitoring weight.
{primary:node0}[edit] user@host# set chassis cluster redundancy-group 1 ip-monitoring global-weight 100Specify the global monitoring threshold.
{primary:node0}[edit] user@host# set chassis cluster redundancy-group 1 ip-monitoring global-threshold 200Specify the retry interval.
{primary:node0}[edit] user@host# set chassis cluster redundancy-group 1 ip-monitoring retry-interval 3Specify the retry count.
{primary:node0}[edit] user@host# set chassis cluster redundancy-group 1 ip-monitoring retry-count 10Specify the IP address to be monitored, weight, redundant Ethernet interface, and secondary IP address.
{primary:node0}[edit] user@host# set chassis cluster redundancy-group 1 ip-monitoring family inet 10.1.1.10 weight 100 interface reth1.0 secondary-ip-address 10.1.1.101
Results
From configuration mode, confirm your configuration
by entering the show chassis cluster redundancy-group 1 command. If the output does not display the intended configuration,
repeat the configuration instructions in this example to correct it.
For brevity, this show command output includes only
the configuration that is relevant to this example. Any other configuration
on the system has been replaced with ellipses (...).
{primary:node0}[edit]
user@host# show chassis cluster redundancy-group 1
ip-monitoring {
global-weight 100;
global-threshold 200;
family {
inet {
10.1.1.10 {
weight 100;
interface reth1.0 secondary-ip-address 10.1.1.101;
}
}
}
}
If you are done configuring the device, enter commit from configuration mode.
Verification
Verifying the Status of Monitored IP Addresses for a Redundancy Group
Purpose
Verify the status of monitored IP addresses for a redundancy group.
Action
From operational mode, enter the show chassis cluster
ip-monitoring status command. For information about a specific
group, enter the show chassis cluster ip-monitoring status redundancy-group command.
{primary:node0}
user@host> show chassis cluster ip-monitoring status
node0:
--------------------------------------------------------------------------
Redundancy group: 1
Global threshold: 200
Current threshold: -120
IP address Status Failure count Reason Weight
10.1.1.10 reachable 0 n/a 100
10.1.1.101 reachable 0 n/a 100
node1:
--------------------------------------------------------------------------
Redundancy group: 1
Global threshold: 200
Current threshold: -120
IP address Status Failure count Reason Weight
10.1.1.10 reachable 0 n/a 100
10.1.1.101 reachable 0 n/a 100