Hi, all! I am trying to set up a chassis cluster with SRX380s and running into some issues. I have worked with SRX devices a lot in the past, but never in a clustered configuration. My normal process is to create VLAN interfaces (irb.X, where X is the VLAN ID) and set physical ports to ethernet-switching to allow the specified VLANs to pass traffic. This does not seem to work for redundant ethernet interfaces on a chassis cluster.
According to this article (Ethernet Switching on Chassis Cluster), it seems like that is not supported unless you are in transparent mode (which I am not, nor do I want to be). So if I am unable to use ethernet-switching on reth interfaces and can only use the reth.0 logical unit, how am I supposed to get this thing connected and passing traffic?
I want the SRX380 cluster to be my router and contain the gateway addresses for all of our networks, and connect to downstream switches (using reth interfaces... I think). I don't think that's an overly complicated setup, but I cannot seem to get network traffic flowing (i.e., pinging to/from the chassis cluster results in 100% lost packets). Any help is greatly appreciated.
Here is the relevant configuration hierarchy:
chassis {
cluster {
reth-count 2;
redundancy-group 0 {
node 0 priority 100;
node 1 priority 1;
}
redundancy-group 1 {
node 0 priority 100;
node 1 priority 1;
interface-monitor {
ge-0/0/5 weight 255;
ge-3/0/5 weight 255;
}
}
}
}
...
security {
policies {
from-zone trust to-zone trust {
policy trust-to-trust {
match {
source-address any;
destination-address any;
application any;
}
then {
permit;
}
}
}
from-zone trust to-zone untrust {
policy trust-to-untrust {
match {
source-address any;
destination-address any;
application any;
}
then {
permit;
}
}
}
}
zones {
security-zone trust {
host-inbound-traffic {
system-services {
all;
}
protocols {
all;
}
}
interfaces {
irb.60;
irb.10;
}
}
}
}
interfaces {
ge-0/0/5 {
gigether-options {
redundant-parent reth1;
}
}
ge-3/0/5 {
gigether-options {
redundant-parent reth1;
}
}
fab0 {
fabric-options {
member-interfaces {
ge-0/0/2;
}
}
}
fab1 {
fabric-options {
member-interfaces {
ge-3/0/2;
}
}
}
irb {
unit 10 {
family inet {
address 192.168.10.1/24;
}
}
unit 60 {
family inet {
address 192.168.60.1/24;
}
}
}
reth1 {
redundant-ether-options {
redundancy-group 1;
}
unit 0 {
family ethernet-switching {
interface-mode trunk;
vlan {
members all;
}
}
}
}
swfab0 {
fabric-options {
member-interfaces {
ge-0/0/3;
}
}
}
swfab1 {
fabric-options {
member-interfaces {
ge-3/0/3;
}
}
}
}
vlans {
A {
vlan-id 10;
l3-interface irb.10;
}
B {
vlan-id 60;
l3-interface irb.60;
}
}
------------------------------
Matthew Washington
------------------------------