Junos OS

 View Only
last person joined: 2 days ago 

Ask questions and share experiences about Junos OS.

Redundant Ethernet interfaces on SRX380 Chassis Cluster

  • 1.  Redundant Ethernet interfaces on SRX380 Chassis Cluster

    Posted 05-31-2024 14:53

    Hi, all!  I am trying to set up a chassis cluster with SRX380s and running into some issues.  I have worked with SRX devices a lot in the past, but never in a clustered configuration.  My normal process is to create VLAN interfaces (irb.X, where X is the VLAN ID) and set physical ports to ethernet-switching to allow the specified VLANs to pass traffic.  This does not seem to work for redundant ethernet interfaces on a chassis cluster.

    According to this article (Ethernet Switching on Chassis Cluster), it seems like that is not supported unless you are in transparent mode (which I am not, nor do I want to be).  So if I am unable to use ethernet-switching on reth interfaces and can only use the reth.0 logical unit, how am I supposed to get this thing connected and passing traffic?

    I want the SRX380 cluster to be my router and contain the gateway addresses for all of our networks, and connect to downstream switches (using reth interfaces... I think).  I don't think that's an overly complicated setup, but I cannot seem to get network traffic flowing (i.e., pinging to/from the chassis cluster results in 100% lost packets).  Any help is greatly appreciated.

    Here is the relevant configuration hierarchy:

    chassis {
        cluster {
            reth-count 2;
            redundancy-group 0 {
                node 0 priority 100;
                node 1 priority 1;
            }
            redundancy-group 1 {
                node 0 priority 100;
                node 1 priority 1;
                interface-monitor {
                    ge-0/0/5 weight 255;
                    ge-3/0/5 weight 255;
                }
            }
        }
    }
    ...
    security {
        policies {
            from-zone trust to-zone trust {
                policy trust-to-trust {
                    match {
                        source-address any;
                        destination-address any;
                        application any;
                    }
                    then {
                        permit;
                    }
                }
            }
            from-zone trust to-zone untrust {
                policy trust-to-untrust {
                    match {
                        source-address any;
                        destination-address any;
                        application any;
                    }
                    then {
                        permit;
                    }
                }
            }
        }
        zones {
            security-zone trust {
                host-inbound-traffic {
                    system-services {
                        all;
                    }
                    protocols {
                        all;
                    }
                }
                interfaces {
                    irb.60;
                    irb.10;
                }
            }
        }
    }
    interfaces {
        ge-0/0/5 {
            gigether-options {
                redundant-parent reth1;
            }
        }
        ge-3/0/5 {
            gigether-options {
                redundant-parent reth1;
            }
        }
        fab0 {
            fabric-options {
                member-interfaces {
                    ge-0/0/2;
                }
            }
        }
        fab1 {
            fabric-options {
                member-interfaces {
                    ge-3/0/2;
                }
            }
        }
        irb {
            unit 10 {
                family inet {
                    address 192.168.10.1/24;
                }
            }
            unit 60 {
                family inet {
                    address 192.168.60.1/24;
                }
            }
        }
        reth1 {
            redundant-ether-options {
                redundancy-group 1;
            }
            unit 0 {
                family ethernet-switching {
                    interface-mode trunk;
                    vlan {
                        members all;
                    }
                }
            }
        }
        swfab0 {
            fabric-options {
                member-interfaces {
                    ge-0/0/3;
                }
            }
        }
        swfab1 {
            fabric-options {
                member-interfaces {
                    ge-3/0/3;
                }
            }
        }
    }
    vlans {
        A {
            vlan-id 10;
            l3-interface irb.10;
        }
       B {
            vlan-id 60;
            l3-interface irb.60;
        }
    }



    ------------------------------
    Matthew Washington
    ------------------------------