Routing

Expand all | Collapse all

Backup-router chassis cluster SRX device

  • 1.  Backup-router chassis cluster SRX device

    Posted 12-12-2020 19:24
    Can someone please provide light on "what is the backup-router concept" for in a chassis cluster SRX device? 

    As far as I understand, in a chassis cluster, the primary node takes the charge for routing engine so to access into the secondary node the backup-router command useful. By saying this, can I use one IP address to monitor both nodes? Example - The monitoring systems monitor only one IP which is configured in the backup-router, instead of node0 and node1 fxp0 ports. Is this possible? If it is possible, would all SRX models behave the same?

    Also, how the routing works for backup-router IP? Because routing engine is only enabled on the primary node so traffic goes through the primary node. Is backup-router command does some magic which tells to the RE, if backup-router cmd configured, this is for secondary node management, something like that.....

    Thanks.


  • 2.  RE: Backup-router chassis cluster SRX device

     
    Posted 12-12-2020 23:27
    The backup router allows the node acting as backup, to have a forwarding route that allows the node to respond to management traffic directed to it. This is required because the backup node is not running the routing process. 

    In the following topology:


    Using the following configuration: 

    set routing-options static route 10.2.2/24 next-hop 10.1.1.254
    set groups node0 system host-name SRX-1
    set groups node0 system backup-router 10.1.1.254
    set groups node0 system backup-router destination 10.2.2/24
    set groups node0 interfaces fxp0 unit 0 family inet address 10.1.1.1/24
    set groups node1 system host-name SRX-2
    set groups node1 system backup-router 10.1.1.254
    set groups node1 system backup-router destination 10.2.2/24
    set groups node1 interfaces fxp0 unit 0 family inet address 10.1.1.2/24
    set apply-groups "${node}"

    If SRX-1 is the active node for RG0, and SRX-2 is the backup, RPD is running on the RE of SRX-1 but not on the RE of SRX-2. 

    Thus:

    - SRX-1 (node0) can use the static route installed in the routing table, and copied to the forwarding table by the RE, to respond to management traffic from the NMS 10.2.2.1. 
    - SRX-2 (node1) on the other hand, cannot use the static route, and relies on the backup-router to be able to respond to 10.2.2.1 

    In other words:  When a node is active it uses the static route when it is  the backup it uses the backup-router. 
    You cannot configure an IP address that applies to a node only when it is the  backup, but is also possible to configure an IP address that applies to a node only when it is active (master). 


    set routing-options static route 10.2.2/24 next-hop 10.1.1.254
    set groups node0 system host-name SRX-1
    set groups node0 system backup-router 10.1.1.254
    set groups node0 system backup-router destination 10.2.2/24
    set groups node0 interfaces fxp0 unit 0 family inet address 10.1.1.1/24
    set groups node0 interfaces fxp0 unit 0 family inet address 10.1.1.3/24 master-only

    set groups node1 system host-name SRX-2
    set groups node1 system backup-router 10.1.1.254
    set groups node1 system backup-router destination 10.2.2/24
    set groups node1 interfaces fxp0 unit 0 family inet address 10.1.1.2/24
    set groups node0 interfaces fxp0 unit 0 family inet address 10.1.1.3/24 master-only

    set apply-groups "${node}"

    Regards, 






    ------------------------------
    Yasmin Lara
    Juniper Ambassador
    JNCIE-SP, JNCIE-ENT, JNCIE-DC, JNCIE-SEC
    JNCDS-DC, JNCIA-DevOps, JNCIP-CLOUD, CCNP-ENT
    ------------------------------