SRX

 View Only
last person joined: yesterday 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.

  • 1.  'Show chassis cluster status' output is different after upgrade on SRX1500. Not sure why?

    Posted 14 days ago

    We recently upgraded a SRX1500 cluster from 21.4R3-S4.9 to 23.4R2-S4.9.  The upgrade seemed to go well. However, after completing the steps from the following link...

     

    https://supportportal.juniper.net/s/article/SRX-How-to-upgrade-an-SRX-cluster-with-minimal-down-time

     

    When I run "show chassis cluster status", for Redundancy Group 1, it now shows "yes" for "Manual" for both node0 and node1 where it did not before... and, a priority of 255 for node 0 (with a priority of 1 for node1) where it was 100 before.  See before/after comparison below:

     

    Before upgrade:

    fw1> show chassis cluster status
Monitor Failure codes:
[output omitted]

Cluster ID: 7
Node   Priority Status               Preempt Manual   Monitor-failures

Redundancy group: 0 , Failover count: 1
node0  100      primary              no      no       None
node1  1        secondary            no      no       None

Redundancy group: 1 , Failover count: 9
node0  100      primary              no      no      None
node1  1        secondary            no      no      None
     

    After upgrade (current status):

    fw1> show chassis cluster status
Monitor Failure codes:
[output omitted]

Cluster ID: 7
Node   Priority Status               Preempt Manual   Monitor-failures

Redundancy group: 0 , Failover count: 1
node0  100      primary              no      no       None
node1  1        secondary            no      no       None

Redundancy group: 1 , Failover count: 1
node0  255      primary              no      yes      None
node1  1        secondary            no      yes      None
     

    Note, we rebooted node1 for good measure (a step not included in the instructions) once node0 was back online.

     

    Current (and backed up) configs show the following:

    fw1> show configuration | display set | match priority

    set chassis cluster redundancy-group 1 node 0 priority 100

    set chassis cluster redundancy-group 1 node 1 priority 1

    set chassis cluster redundancy-group 0 node 0 priority 100

    set chassis cluster redundancy-group 0 node 1 priority 1

     

    fw1> show configuration chassis cluster redundancy-group 0

    node 0 priority 100;

    node 1 priority 1;

     

    fw1> show configuration chassis cluster redundancy-group 1

    node 0 priority 100;

    node 1 priority 1;

    interface-monitor {

       ge-0/0/0 weight 255;

       ge-7/0/0 weight 255;

     

    Q: Is this a problem, and how do we get it back to the way it should be?  Why did it change?  What does 'Manual' mean and why is it "yes" now for RG1?



    ------------------------------
    ANDREW JINKS
    ------------------------------


  • 2.  RE: 'Show chassis cluster status' output is different after upgrade on SRX1500. Not sure why?
    Best Answer

    Posted 14 days ago

    The guide you linked to specifically asks you to failover RG  to node 0 on page 1. The command you need is in step 28 on page 7.

    request chassis cluster failover reset redundancy-group 1

    That will put it back to normal.



    ------------------------------
    Nikolay Semov
    ------------------------------

    Original Message


  • 3.  RE: 'Show chassis cluster status' output is different after upgrade on SRX1500. Not sure why?

    Posted 13 days ago

    I'm sure I used that command - I was copying and pasting, and pasted those last four lines, which included resetting both RG0 and RG1.  SHould I try again with RG1?  Does this need to be done in a maintenance window?  Will it failover?  Not sure what to expect or why it changed.  Thanks in advance.



    ------------------------------
    ANDREW JINKS
    ------------------------------

    Original Message


  • 4.  RE: 'Show chassis cluster status' output is different after upgrade on SRX1500. Not sure why?

    Posted 13 days ago

    From what you've posted it looks like node0 is supposed to be primary in that RG by config, and it is currently primary manually. In both case node 0 is primary, so  you're not transferring roles in RG1 between the devices, just taking it out of manual mode. In my experience, there's not hit to traffic when doing that, so in my opinion no need to wait for a maintenance window.

    That being said, however, imagine, if you will, being called in and asked what happened, and your answer starts with "Well some guy on the internet said [...]" In other words, your network is your network, a healthy dose of skepticism is, well, healthy. 



    ------------------------------
    Nikolay Semov
    ------------------------------

    Original Message


  • 5.  RE: 'Show chassis cluster status' output is different after upgrade on SRX1500. Not sure why?

    Posted 12 days ago

    Two guys on the internet.  I've run it multiple times without issue when in the state you are, but always be sensible as mentioned!



    ------------------------------
    CHARLES RAYER
    ------------------------------

    Original Message


  • 6.  RE: 'Show chassis cluster status' output is different after upgrade on SRX1500. Not sure why?

    Posted 10 days ago
    Edited by ANDREW JINKS 10 days ago

    Thanks!  I did and it worked.  Juniper support told me to do something else, so make that two guys on the internet plus one support guy saying something different.  I was getting mixed messages and the "two guys on the internet" solution is what worked.



    ------------------------------
    ANDREW JINKS
    ------------------------------

    Original Message


  • 7.  RE: 'Show chassis cluster status' output is different after upgrade on SRX1500. Not sure why?

    Posted 10 days ago
    Edited by ANDREW JINKS 10 days ago

    Ok so I ran the command (reset) and it did restore the chassis cluster status output back to normal without disrupting traffic flows.

    I wasn't that clear about the "reset" part of it as the page for that command tells you it will "undo the previous manual failover", which didn't sound like what I wanted to do, considering it was in the proper primary/secondary active/standby configuration already... it was just the "Priority" and "Manual" values that had changed, which 'reset' did sound like what I needed.  Confusing language.

    Also, in asking Juniper support the same question (via support ticket we already had open), they suggested I do something else: 

    >request chassis cluster failover node node-number redundancy-group redundancy-group-number

    ...which is to manually fail over, which wasn't the issue or necessary (I think) in this case and might actually blip traffic flows.  So it wasn't exactly "some guy on the internet said [...]", it was actually "Well support said [...] and it didn't work, but some guy on the internet said [..] and it did"...lol.

    I wanted some clarity on both, and yours was the one that worked.  I think what had happened was, I did run that reset command, but that was BEFORE we rebooted node1 again for good measure.  So, thanks much!



    ------------------------------
    ANDREW JINKS
    ------------------------------

    Original Message