Good day everybody.
I have an issue with a cluster of srx220
I've made cluster step-by-step based on https://kb.juniper.net/library/CUSTOMERSERVICE/GLOBAL_JTAC/NT260/SRX_HA_Deployment_Guide.pdf
I have a ssh sessions on reth
So when data plane failover in primary node
request chassis cluster failover redundancy-group 1 node 0
Data plane changed to second node. Ssh session (on reth 2 wich belongs redound group1) still alive and I can work with device using it
If I change control plane on nodes - ssh sessions interrupts. Sure I can reconnect it but as I understand tcp sessions must stay alive at second node ( when primary fail ) without disconnect.
As I see the sessions is synchronized
Session ID: 24, Policy name: self-traffic-policy/1, State: Active, Timeout: 1364, Valid
In: 192.168.1.100/5725 --> 192.168.1.200/22;tcp, If: reth2.0, Pkts: 1, Bytes: 40
Out: 192.168.1.200/22 --> 192.168.1.100/5725;tcp, If: .local..0, Pkts: 1, Bytes: 40
Session ID: 25, Policy name: self-traffic-policy/1, State: Active, Timeout: 1800, Valid
In: 192.168.1.100/5727 --> 192.168.1.200/22;tcp, If: reth2.0, Pkts: 269, Bytes: 21272
Out: 192.168.1.200/22 --> 192.168.1.100/5727;tcp, If: .local..0, Pkts: 289, Bytes: 40916
Total sessions: 2
node1:
--------------------------------------------------------------------------
Session ID: 13376, Policy name: self-traffic-policy/1, State: Backup, Timeout: 44, Valid
In: 192.168.1.100/5725 --> 192.168.1.200/22;tcp, If: reth2.0, Pkts: 22, Bytes: 3856
Out: 192.168.1.200/22 --> 192.168.1.100/5725;tcp, If: .local..0, Pkts: 20, Bytes: 4937
Session ID: 13385, Policy name: self-traffic-policy/1, State: Backup, Timeout: 1332, Valid
In: 192.168.1.100/5727 --> 192.168.1.200/22;tcp, If: reth2.0, Pkts: 228, Bytes: 17024
Out: 192.168.1.200/22 --> 192.168.1.100/5727;tcp, If: .local..0, Pkts: 246, Bytes: 33177
Total sessions: 2
But if physical interface from primary node for contol plane ( Redundancy group: 0) is fail or node is down all tcp traffic is interrupted.
To tell the truth I don't care about ssh. But I want create ipsec tunnels with ospf inside on this reth. Will it broken in the same way ?
Or I do something wrong ?
#ClusterSRXTCP