您的当前位置:首页Juniper Junos SRX系列Cluster HA配置汇总

Juniper Junos SRX系列Cluster HA配置汇总




On device A: >set chassis cluster cluster-id 1 node 0 reboot

On device B: >set chassis cluster cluster-id 1 node 1 reboot

定义控制层端口 (可配置网管口)

On device A:


set groups node0 system host-name HQ-CS-FW-SRX550-1

set groups node1 system host-name HQ-CS-FW-SRX550-2

set apply-groups \"${node}\" //必配


set groups node0 interfaces fxp0 unit 0 family inet address

——Device A's management IP address on fxp0


set groups node1 interfaces fxp0 unit 0 family inet address ——Device B's management IP address on fxp0 interface



SRX Series Chassis Cluster Slot Numbering, and Physical Port and Logical Interface Naming


On device A:


-fab0 is node0 (Device A) interface for the data link

# set interfaces fab0 fabric-options member-interfaces ge-0/0/2

-fab1 is node1 (Device B) interface for the data link

# set interfaces fab1 fabric-options member-interfaces ge-9/0/2

5.配置 redundancy-group


set chassis cluster redundancy-group 0 node 0 priority 100

set chassis cluster redundancy-group 0 node 1 priority 50

set chassis cluster redundancy-group 1 node 0 priority 100

set chassis cluster redundancy-group 1 node 1 priority 50

注: Redundancy Group 0 for the Routing Engine failover properties 必配

Redundancy Group 1 to define the failover properties for the Reth interfaces

(all the interfaces will be in one Redundancy Group in this example) 建议所有端口放一个Group

6. 配置 端口监控

On device A:


set chassis cluster redundancy-group 1 interface-monitor ge-0/0/3 weight 255

set chassis cluster redundancy-group 1 interface-monitor ge-0/0/4 weight 255

set chassis cluster redundancy-group 1 interface-monitor ge-9/0/3 weight 255

set chassis cluster redundancy-group 1 interface-monitor ge-9/0/4 weight 255


Interface monitoring is not recommended for redundancy-group 0.

7.配置 Reth interface 并划入 zone

Configure the Redundant Ethernet interfaces (Reth interface) and assign the Redundant interface to a zone.

On device A:


# set chassis cluster reth-count //配置reth 端口数量 留够数量

-for first interface in the group (on Device A) //配置reth端口,配置IP地址

# set interfaces ge-0/0/4 gigether-options redundant-parent reth1

-for second interface in the group (on Device B)

# set interfaces ge-9/0/4 gigether-options redundant-parent reth1

-set up redundancy group for interfaces

# set interfaces reth1 redundant-ether-options redundancy-group 1

# set interfaces reth1 unit 0 family inet address

-for first interface in the group (on Device A)

# set interfaces ge-0/0/3 gigether-options redundant-parent reth0

-for second interface in the group (on Device B)

# set interfaces ge-9/0/3 gigether-options redundant-parent reth0

-set up redundancy group for interfaces

# set interfaces reth0 redundant-ether-options redundancy-group 1

# set interfaces reth0 unit 0 family inet address


# set security zones security-zone untrust interfaces reth0.0

# set security zones security-zone trust interfaces reth1.0


On device A: >set chassis cluster cluster-id 1 node 0 reboot

On device B: >set chassis cluster cluster-id 1 node 1 reboot

set groups node0 system host-name HQ-CS-FW-SRX550-1

set groups node1 system host-name HQ-CS-FW-SRX550-2

set apply-groups \"${node}\"

set interfaces fab0 fabric-options member-interfaces ge-0/0/2

set interfaces fab1 fabric-options member-interfaces ge-9/0/2

set chassis cluster redundancy-group 0 node 0 priority 100

set chassis cluster redundancy-group 0 node 1 priority 50

set chassis cluster redundancy-group 1 node 0 priority 100

set chassis cluster redundancy-group 1 node 1 priority 50

set chassis cluster redundancy-group 1 interface-monitor ge-0/0/6 weight 255

set chassis cluster redundancy-group 1 interface-monitor ge-0/0/7 weight 255

set chassis cluster redundancy-group 1 interface-monitor ge-9/0/6 weight 255

set chassis cluster redundancy-group 1 interface-monitor ge-9/0/7 weight 255

set chassis cluster reth-count 20

set interfaces ge-0/0/6 gigether-options redundant-parent reth0

set interfaces ge-9/0/6 gigether-options redundant-parent reth0

set interfaces reth0 redundant-ether-options redundancy-group 1

set interfaces reth0 unit 0 family inet address

set interfaces ge-0/0/7 gigether-options redundant-parent reth1

set interfaces ge-9/0/7 gigether-options redundant-parent reth1

set interfaces reth1 redundant-ether-options redundancy-group 1

set interfaces reth1 unit 0 family inet address

set security zones security-zone untrust interfaces reth0.0

set security zones security-zone trust host-inbound-traffic protocols all

set security zones security-zone trust interfaces reth1.0 host-inbound-traffic system-services all

set security zones security-zone trust interfaces reth1.0 host-inbound-traffic protocols all

----------------排错 查看指令------------------------

show chassis cluster status

show chassis cluster interfaces

show chassis cluster statistics

show chassis cluster control-plane statistics

show chassis cluster data-plane statistics

show chassis cluster status redundancy-group 1


request chassis cluster failover node 【node-number】 redundancy-group 【group-number】


• node 【node-number】 Number of the chassis cluster node to which the

redundancy group fails over.

Range: 0 through 1

• redundancy-group 【group-number】 —Number of the redundancy group on which to initiate

manual failover.

Redundancy group 0 is a special group consisting of the two Routing Engines in the chassis cluster.

After a manual failover, you must use the 【request chassis cluster failover reset】 command before initiating another failover.

Sample : user@host> request chassis cluster failover node 0 redundancy-group 1

user@host> request chassis cluster failover reset redundancy-group 0


user@host> clear chassis cluster statistics


Cleared control-plane statistics


Cleared data-plane statistics


Clear chassis cluster failover-count

Srx Cluster upgrade

1. Load the new image file on node 0.

2. Perform the image upgrade without rebooting the node by entering:

user@host> request system software add image_name

3. Load the new image file on node 1.

4. Repeat Step 2.

5. Reboot both nodes simultaneously.

不间断升级:request system software in-service-upgrade (Maintenance) ISSU

request system software in-service-upgrade image_name

Options Explaination :

• image_name—Location and name of the software upgrade package to be installed.

• no-copy—(Optional) Installs the software upgrade package but does not save the copies of package files.

• no-sync—Stops the flow state from synchronizing when the old secondary node has booted with a new Junos OS image.

This parameter applies to SRX100, SRX210, SRX220, SRX240, and SRX650 devices

only. It is required for an ICU.

• no-tcp-syn-check—(Optional) Creates a window wherein the TCP SYN check for the incoming packets is disabled. The default value for the window is 7200 seconds (2 hours).

This parameter applies to SRX100, SRX210, SRX220, SRX240, and SRX650 devices


• no-validate—(Optional) Disables the configuration validation step at installation. The system behavior is similar to that of the request system software add command.

This parameter applies to SRX100, SRX210, SRX220, SRX240, and SRX650 devices only.

• reboot—Reboots each device in the chassis cluster pair after installation is completed.

This parameter applies to SRX1400, SRX3400, SRX3600, SRX5600, and SRX5800 devices only. It is required for an ISSU. (The devices in a cluster are automatically rebooted following an ICU.)

• unlink—(Optional) Removes the software package after successful installation.

user@host> request system software in-service-upgrade /var/tmp/junos-srxsme-11.2R2.2-domestic.tgz no-sync

ISSU: Validating package
