SRX

 View Only
last person joined: 21 hours ago 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.
  • 1.  SRX 300 Cluster load balancing not working properly

    Posted 06-05-2019 09:55

    Hi,

    I've set up an SRX300 Cluster for a customer. I've got one cable from each member running to the customer switch in a reth interface, and have two 100Mbps WAN links, one on ge-0/0/3 and one on ge-1/0/3.

     

    I'm having issues load balancing my outbound traffic

    I'm running version 15.1X49-D70.3

     

    I've set up OSPF between this cluster and my MX in the DC. The load balancing from the MX down to the SRX works fine, however it looks like outbound traffic from my SRX to the MX isn't working properly.

     

    Traceroutes show the traffic taking different links if I run it a few times in succession, but it seems transit traffic is only going over the link on ge-0/0/3.

     

    Cluster config:

     

     

     

    hostname> show chassis cluster status
    Monitor Failure codes:
        CS  Cold Sync monitoring        FL  Fabric Connection monitoring
        GR  GRES monitoring             HW  Hardware monitoring
        IF  Interface monitoring        IP  IP monitoring
        LB  Loopback monitoring         MB  Mbuf monitoring
        NH  Nexthop monitoring          NP  NPC monitoring
        SP  SPU monitoring              SM  Schedule monitoring
        CF  Config Sync monitoring
    
    Cluster ID: 1
    Node   Priority Status         Preempt Manual   Monitor-failures
    
    Redundancy group: 0 , Failover count: 1
    node0  100      primary        no      no       None
    node1  1        secondary      no      no       None
    
    Redundancy group: 1 , Failover count: 37
    node0  100      primary        yes     no       None
    node1  1        secondary      yes     no       None
    
    Redundancy group: 2 , Failover count: 1
    node0  100      primary        yes     no       None
    node1  1        secondary      yes     no       None

    hostname> show configuration chassis cluster
    reth-count 3;
    redundancy-group 0 {
    node 0 priority 100;
    node 1 priority 1;
    }
    redundancy-group 1 {
    node 0 priority 100;
    node 1 priority 1;
    preempt;
    interface-monitor {
    ge-0/0/4 weight 255;
    }
    }
    redundancy-group 2 {
    node 0 priority 100;
    node 1 priority 1;
    preempt;
    interface-monitor {
    ge-0/0/5 weight 255;
    }
    }

    I see the route being added if I do a show route:

     

     

    hostname> show route forwarding-table
    Routing table: default.inet
    Internet:
    Destination        Type RtRef Next hop           Type Index    NhRef Netif
    default            user     2                    ulst   262143     8
                                  f4:b5:2f:db:ad:4b  ucst     1616     2 ge-0/0/3.0
                                  f4:b5:2f:db:ad:4c  ucst     1617     2 ge-1/0/3.0
    default            perm     0                    rjct       36     2
    0.0.0.0/32         perm     0                    dscd       34     1
    
    
    
    hostname> show route
    
    inet.0: 100 destinations, 100 routes (100 active, 0 holddown, 0 hidden)
    + = Active Route, - = Last Active, * = Both
    
    0.0.0.0/0          *[OSPF/150] 1d 02:24:30, metric 0, tag 0
                          to 100.127.0.162 via ge-0/0/3.0
                        > to 100.127.0.164 via ge-1/0/3.0
    hostname> show configuration routing-options
    forwarding-table {
        export LOADBALANCING;
    }
    
    {primary:node0}
    hostname> show configuration policy-options policy-statement LOADBALANCING
    term VOICE {
        from {
            prefix-list VOICE;
        }
        then accept;
    }
    term LOADBALANCE {
        then {
            load-balance per-packet;
        }
    }

     

    The config seems correct and I've followed the knowledge base. I've set this up on a single SRX 210 and it works fine. Is this not sending traffic over ge-1/0/3 since it is part of the secondary member? I can't see anything noticeably wrong here

     

    Thanks!



  • 2.  RE: SRX 300 Cluster load balancing not working properly
    Best Answer

    Posted 06-05-2019 23:17

    In Cluster, secondary node will not process transit packets. You may have to change the WAN connectivity such that both upstream gateway should reachable via primary node and secondary node so that cluster failover will not cause any issue.  Terminate WAN connectivity to a switch and connect both nodes to that switch. Use seperate VLANs for each WAN connectivity and use reth interface on SRX

     

    Example:-

    ge-0/0/3 & ge-1/0/3 --> reth0 -->[valn10] Switch [vlan10] --> WAN1

    ge-0/0/4 & ge-1/0/4 --> reth1 --> [vlan20] Switch [vlan20] --> WAN2