SRX

Expand all | Collapse all

SRX550 cluster always ssh to secondary node

Jump to Best Answer
  • 1.  SRX550 cluster always ssh to secondary node

    Posted 06-26-2019 23:50

    I am having an issue where I have a cluster of 2 x SRX550s and when I ssh to the fxp0 address i always get the secondary node.

    If i disconnect the secondary node ge-0/0/0 from a switch I can ssh to the primary node.

    Any suggestions where to start?

     

    cluster status:

    Cluster ID: 1
    Node Priority Status Preempt Manual Monitor-failures

    Redundancy group: 0 , Failover count: 1
    node0 200 primary no no None
    node1 100 secondary no no None

    Redundancy group: 1 , Failover count: 2
    node0 200 secondary no no None
    node1 100 primary no no None

     

    config:

     

    groups {
    node0 {
    system {
    host-name XXXXXXXN1;
    }
    interfaces {
    fxp0 {
    unit 0 {
    family inet {
    address 192.168.20.248/24;
    }
    }
    }
    }
    }
    node1 {
    system {
    host-name XXXXXXXN2;
    }
    interfaces {
    fxp0 {
    unit 0 {
    family inet {
    address 192.168.20.249/24;
    }



  • 2.  RE: SRX550 cluster always ssh to secondary node

     
    Posted 06-27-2019 00:03

    Interesting issue..

     

    So, irrespective of you trying to reach .248 or .249, you end up reaching the secondary node?

     

    Any chance you have an IP conflict between the FXP and ge-0/0/0  subnets?

    If possible, share the configuration of ge-0/0/0 and your 'apply groups' statement.



  • 3.  RE: SRX550 cluster always ssh to secondary node

    Posted 06-27-2019 00:14

    Hi Gokul,

    No config on Ge-0/0/0 as this became fxp0 in creating the cluster, I do have another reth interface in the same subnet for routing to other devices which is down right now.

     

    apply groups:

    apply-groups [ node0 node1 ];



  • 4.  RE: SRX550 cluster always ssh to secondary node

     
    Posted 06-27-2019 04:07
    HI,

    For RG0, node0 will be the primary based on the priority and you might want to use 192.168.20.248 to access Node0. When you try to reach 192.168.20.248, is it that you end up logging into Node1? How did you confirm the same?

    What is the source subnet from which you are trying to the reach the management interfaces. If it is an external subnet and using a backup router, please check out this article: https://kb.juniper.net/InfoCenter/index?page=content&id=KB31029

    However, as per the above article, the access to fxp0 on primary fails which is a bit different.

    Hope this helps.

    Thanks,
    Pradeep
    Please Mark My Solution Accepted if it Helped, Kudos are Appreciated too!!!

    Juniper Business Use Only


  • 5.  RE: SRX550 cluster always ssh to secondary node

    Posted 06-27-2019 21:39

    Both 0.248 and 0.249 access the secondary node.

    accessing from same subnet so no backup router config used.

     

    when I ssh to .248 or .249 it show secondary node on the prompt, my first indication was when i got the routing subsystem id not running message



  • 6.  RE: SRX550 cluster always ssh to secondary node

     
    Posted 06-27-2019 06:58

    Hi Firefly,

     

    Have you configured fxp0's IP under the general 'set interfaces' hierarchy as well?

    If you have fxp0 defined directly under interfaces, it'll take precedence over your node0/1 groups.

     

    Cheers

    Pooja

    Please Mark My Solution Accepted if it Helped, Kudos are Appreciated too!!!

     



  • 7.  RE: SRX550 cluster always ssh to secondary node

    Posted 06-27-2019 21:41

    no fxp0 config under set interfaces



  • 8.  RE: SRX550 cluster always ssh to secondary node

     
    Posted 06-28-2019 07:27

    Firefly,

     

    Can you capture incoming requests on node0's fxp0 and node1's fxp0 and observe if ssh requests are being received on the right node?

     

    Use 'monitor traffic interface fxp0' and it's variations for matching host <ip-address>

     

    I have a hunch it could be the adjoining switch.

     

    Cheers

    Pooja

    Please Mark My Solution Accepted if it Helped, Kudos are Appreciated too!!!
     
     


  • 9.  RE: SRX550 cluster always ssh to secondary node

    Posted 06-28-2019 10:11

    Hello,

     

    Can you share following output:

     

    > show route <source-address>

    > show route forwarding-table destination <source-address>

    > show route fxp0 ip address

     

     

     

    Thanks

    Mahesh



  • 10.  RE: SRX550 cluster always ssh to secondary node
    Best Answer

    Posted 06-28-2019 10:29

    Hello,

     

    Please try to use following apply-group statement instead of one you already pasted.

     

    apply-groups "${node}";

     

    See, if that makes any difference.

     

    Thanks

    Mahesh



  • 11.  RE: SRX550 cluster always ssh to secondary node

    Posted 07-01-2019 21:22

    Thanks Mahesh,

    that seems to have done the trick, working as expected now

     

    Thnaks