vSRX

  • 1.  vSRX becomes disabled state

    Posted 10-31-2020 22:24

    Hello Experts,

      Secondary vSRX became disabled state after control link failures. These cluster are installed over long haul fiber (more than 50 KM). Secondary node becomes disabled often. Here is our config:

    {primary:node1}
    emdrais@cml-p-qv-vsrx-cn2> show configuration groups DBSS chassis cluster    
    control-link-recovery;
    reth-count 10;
    redundancy-group 0 {
        node 0 priority 129;
        node 1 priority 254;
    }
    redundancy-group 1 {
        node 0 priority 129;
        node 1 priority 254;
    }
    redundancy-group 2 {
        node 0 priority 129;
        node 1 priority 254;
    }
    
    {primary:node1}

    Status of primary node:

    {primary:node1}
    emdrais@cml-p-qv-vsrx-cn2> show chassis cluster interfaces 
    Control link status: Up
    
    Control interfaces: 
        Index   Interface   Monitored-Status   Internal-SA   Security
        0       em0         Up                 Disabled      Disabled  
    
    Fabric link status: Down
    
    Fabric interfaces: 
        Name    Child-interface    Status                    Security
                                   (Physical/Monitored)
        fab0   
        fab0   
        fab1    ge-7/0/0           Up   / Down               Disabled   
        fab1    ge-7/0/7           Up   / Down               Disabled   
    
    Redundant-ethernet Information:     
        Name         Status      Redundancy-group
        reth0        Up          1                
        reth1        Up          1                
        reth2        Up          1                
        reth3        Up          1                
        reth4        Up          1                
        reth5        Down        Not configured   
        reth6        Down        Not configured   
        reth7        Down        Not configured   
        reth8        Down        Not configured   
        reth9        Down        Not configured   
       
    Redundant-pseudo-interface Information:
        Name         Status      Redundancy-group
        lo0          Up          0                
    
    {primary:node1}
    emdrais@cml-p-qv-vsrx-cn2> show chassis cluster interfaces st 
                                                               ^
    syntax error, expecting <command>.
    emdrais@cml-p-qv-vsrx-cn2> show chassis cluster status             
    Monitor Failure codes:
        CS  Cold Sync monitoring        FL  Fabric Connection monitoring
        GR  GRES monitoring             HW  Hardware monitoring
        IF  Interface monitoring        IP  IP monitoring
        LB  Loopback monitoring         MB  Mbuf monitoring
        NH  Nexthop monitoring          NP  NPC monitoring              
        SP  SPU monitoring              SM  Schedule monitoring
        CF  Config Sync monitoring      RE  Relinquish monitoring
     
    Cluster ID: 1
    Node   Priority Status               Preempt Manual   Monitor-failures
    
    Redundancy group: 0 , Failover count: 1
    node0  129      disabled             no      yes      None           
    node1  255      primary              no      yes      None           
    
    Redundancy group: 1 , Failover count: 1
    node0  129      disabled             no      yes      None           
    node1  255      primary              no      yes      None           
    
    Redundancy group: 2 , Failover count: 1
    node0  129      disabled             no      yes      None           
    node1  255      primary              no      yes      None           
    
    {primary:node1}
    emdrais@cml-p-qv-vsrx-cn2> 

     Status of secondary node:

    {disabled:node0}
    emdrais@gzp-p-qv-vsrx-cn1> show chassis cluster interfaces 
    Control link status: Up
    
    Control interfaces: 
        Index   Interface   Monitored-Status   Internal-SA   Security
        0       em0         Up                 Disabled      Disabled  
    
    Fabric link status: Up
    
    Fabric interfaces: 
        Name    Child-interface    Status                    Security
                                   (Physical/Monitored)
        fab0    ge-0/0/0           Up   / Up                 Disabled   
        fab0    ge-0/0/7           Up   / Up                 Disabled   
        fab1    ge-7/0/0           Up   / Up                 Disabled   
        fab1    ge-7/0/7           Up   / Up                 Disabled   
    
    Redundant-ethernet Information:     
        Name         Status      Redundancy-group
        reth0        Up          1                
        reth1        Up          1                
        reth2        Up          1                
        reth3        Up          1                
        reth4        Up          1                
        reth5        Down        Not configured   
        reth6        Down        Not configured   
        reth7        Down        Not configured   
        reth8        Down        Not configured   
        reth9        Down        Not configured   
       
    Redundant-pseudo-interface Information:
        Name         Status      Redundancy-group
        lo0          Up          0                
    
    {disabled:node0}
    emdrais@gzp-p-qv-vsrx-cn1> show chassis cluster status            
    Monitor Failure codes:
        CS  Cold Sync monitoring        FL  Fabric Connection monitoring
        GR  GRES monitoring             HW  Hardware monitoring
        IF  Interface monitoring        IP  IP monitoring
        LB  Loopback monitoring         MB  Mbuf monitoring
        NH  Nexthop monitoring          NP  NPC monitoring              
        SP  SPU monitoring              SM  Schedule monitoring
        CF  Config Sync monitoring      RE  Relinquish monitoring
     
    Cluster ID: 1
    Node   Priority Status               Preempt Manual   Monitor-failures
    
    Redundancy group: 0 , Failover count: 0
    node0  129      disabled             no      yes      None           
    node1  255      primary              no      yes      None           
    
    Redundancy group: 1 , Failover count: 0
    node0  129      disabled             no      yes      None           
    node1  255      primary              no      yes      None           
    
    Redundancy group: 2 , Failover count: 0
    node0  129      disabled             no      yes      None           
    node1  255      primary              no      yes      None           
    
    {disabled:node0}
    emdrais@gzp-p-qv-vsrx-cn1> 

     

    Today I've introduced below lines to recover the cluster automatically:

     

    set groups DBSS chassis cluster control-link-recovery

     

    But still secondary nodes is in disabled state?

    Want to see cluster normal after control link recover automatically.

    Please suggest me.

    Regards.



  • 2.  Re: vSRX becomes disabled state

    Posted 11-02-2020 02:58

    What is the latency between the two vSRX of the cluster along this link?

    This must be under 100ms for stable operation and can cause this type of behavior if it is too high.

     

    https://kb.juniper.net/library/CUSTOMERSERVICE/GLOBAL_JTAC/NT21/LAHAAppNotev4.pdf