Juniper Junos SRX系列Cluster HA配置汇总

指定主备

On device A: >set chassis cluster cluster-id 1 node 0 reboot On device B: >set chassis cluster cluster-id 1 node 1 reboot 定义控制层端口 （可配置网管口） On device A: {primary:node0}

set groups node0 system host-name HQ-CS-FW-SRX550-1 set groups node1 system host-name HQ-CS-FW-SRX550-2 set apply-groups \"${node}\" //必配 -----------------

?set groups node0 interfaces fxp0 unit 0 family inet address ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?——Device A's management IP address on fxp0 interface ?set groups node1 interfaces fxp0 unit 0 family inet address ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?——Device B's management IP address on fxp0 interface ----------------配置网管地址 各设备型号控制线端口

SRX Series Chassis Cluster Slot Numbering, and Physical Port and Logical Interface Naming 4.定义数据层端口 On device A: {primary:node0}

-fab0 is node0 (Device A) interface for the data link

# set interfaces fab0 fabric-options member-interfaces ge-0/0/2 -fab1 is node1 (Device B) interface for the data link

# set interfaces fab1 fabric-options member-interfaces ge-9/0/2 5.配置 redundancy-group {primary:node0}

set chassis cluster redundancy-group 0 node 0 priority 100 set chassis cluster redundancy-group 0 node 1 priority 50 set chassis cluster redundancy-group 1 node 0 priority 100 set chassis cluster redundancy-group 1 node 1 priority 50

注： Redundancy Group 0 for the Routing Engine failover properties 必配 ? ? ?Redundancy Group 1 to define the failover properties for the Reth interfaces

? ? ? (all the interfaces will be in one Redundancy Group in this example) 建议所有端口放一个Group

6. 配置 端口监控 On device A: {primary:node0}

set chassis cluster redundancy-group 1 interface-monitor ge-0/0/3 weight 255 set chassis cluster redundancy-group 1 interface-monitor ge-0/0/4 weight 255 set chassis cluster redundancy-group 1 interface-monitor ge-9/0/3 weight 255 set chassis cluster redundancy-group 1 interface-monitor ge-9/0/4 weight 255 注：监控所有端口

? ? Interface monitoring is not recommended for redundancy-group 0. 7.配置 Reth interface 并划入 zone

Configure the Redundant Ethernet interfaces (Reth interface) and assign the Redundant interface to a zone. On device A: {primary:node0}

# set chassis cluster reth-count //配置reth 端口数量 留够数量 -for first interface in the group (on Device A) //配置reth端口，配置IP地址 # set interfaces ge-0/0/4 gigether-options redundant-parent reth1 -for second interface in the group (on Device B)

# set interfaces ge-9/0/4 gigether-options redundant-parent reth1 -set up redundancy group for interfaces

# set interfaces reth1 redundant-ether-options redundancy-group 1 # set interfaces reth1 unit 0 family inet -for first interface in the group (on Device A)

# set interfaces ge-0/0/3 gigether-options redundant-parent reth0 -for second interface in the group (on Device B)

# set interfaces ge-9/0/3 gigether-options redundant-parent reth0 -set up redundancy group for interfaces

# set interfaces reth0 redundant-ether-options redundancy-group 1 # set interfaces reth0 unit 0 family inet

? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? //reth端口，划zone # set security zones security-zone untrust interfaces reth0.0 # set security zones security-zone trust interfaces reth1.0 配置实例：

On device A: >set chassis cluster cluster-id 1 node 0 reboot On device B: >set chassis cluster cluster-id 1 node 1 reboot? set groups node0 system host-name HQ-CS-FW-SRX550-1 set groups node1 system host-name HQ-CS-FW-SRX550-2 set apply-groups \"${node}\"

set interfaces fab0 fabric-options member-interfaces ge-0/0/2 set interfaces fab1 fabric-options member-interfaces ge-9/0/2 set chassis cluster redundancy-group 0 node 0 priority 100 set chassis cluster redundancy-group 0 node 1 priority 50 set chassis cluster redundancy-group 1 node 0 priority 100 set chassis cluster redundancy-group 1 node 1 priority 50

set chassis cluster redundancy-group 1 interface-monitor ge-0/0/6 weight 255 set chassis cluster redundancy-group 1 interface-monitor ge-0/0/7 weight 255 set chassis cluster redundancy-group 1 interface-monitor ge-9/0/6 weight 255 set chassis cluster redundancy-group 1 interface-monitor ge-9/0/7 weight 255 set chassis cluster reth-count 20

set interfaces ge-0/0/6 gigether-options redundant-parent reth0 set interfaces ge-9/0/6 gigether-options redundant-parent reth0 set interfaces reth0 redundant-ether-options redundancy-group 1

set interfaces reth0 unit 0 family inet

set interfaces ge-0/0/7 gigether-options redundant-parent reth1 set interfaces ge-9/0/7 gigether-options redundant-parent reth1 set interfaces reth1 redundant-ether-options redundancy-group 1 set interfaces reth1 unit 0 family inet

set security zones security-zone untrust interfaces reth0.0

set security zones security-zone trust host-inbound-traffic protocols all

set security zones security-zone trust interfaces reth1.0 host-inbound-traffic system-services all set security zones security-zone trust interfaces reth1.0 host-inbound-traffic protocols all ----------------排错 查看指令------------------------ show chassis cluster status show chassis cluster interfaces show chassis cluster statistics

show chassis cluster control-plane statistics show chassis cluster data-plane statistics show chassis cluster status redundancy-group 1 关于切换

request chassis cluster failover node 【node-number】 redundancy-group 【group-number】 explaination:

? node 【node-number】 Number of the chassis cluster node to which the redundancy group fails over.?

Range: 0 through 1

? redundancy-group 【group-number】 —Number of the redundancy group on which to initiate manual failover.?

Redundancy group 0 is a special group consisting of the two Routing Engines in the chassis cluster.

After a manual failover, you must use the 【request chassis cluster failover reset】 command before initiating another failover.

Sample : user@host> request chassis cluster failover node 0 redundancy-group 1 ? ? ? ? ? ? ? ? ?user@host> request chassis cluster failover reset redundancy-group 0 清除HA统计数据

user@host> clear chassis cluster statistics ?清除控制心跳数据统计

Cleared control-plane statistics ?清除数据心跳线统计

Cleared data-plane statistics 清除Cluster数据统计

Clear chassis cluster failover-count Srx Cluster upgrade

1. Load the new image file on node 0.

2. Perform the image upgrade without rebooting the node by entering: user@host> request system software add image_name 3. Load the new image file on node 1. 4. Repeat Step 2.

5. Reboot both nodes simultaneously.

不间断升级：request system software in-service-upgrade (Maintenance) ?ISSU request system software in-service-upgrade image_name

Options ?Explaination :

? image_name—Location and name of the software upgrade package to be installed. ? no-copy—(Optional) Installs the software upgrade package but does not save the copies of package files.?

? no-sync—Stops the flow state from synchronizing when the old secondary node has booted with a new Junos OS image.?

This parameter applies to SRX100, SRX210, SRX220, SRX240, and SRX650 devices only. It is required for an ICU.

? no-tcp-syn-check—(Optional) Creates a window wherein the TCP SYN check for the incoming packets is disabled. The default value for the window is 7200 seconds (2 hours).? This parameter applies to SRX100, SRX210, SRX220, SRX240, and SRX650 devices only.

? no-validate—(Optional) Disables the configuration validation step at installation. The system behavior is similar to that of the request system software add command.?

This parameter applies to SRX100, SRX210, SRX220, SRX240, and SRX650 devices only.? ? reboot—Reboots each device in the chassis cluster pair after installation is completed.

This parameter applies to SRX1400, SRX3400, SRX3600, SRX5600, and SRX5800 devices only. It is required for an ISSU. (The devices in a cluster are automatically rebooted following an ICU.)? ? unlink—(Optional) Removes the software package after successful installation. user@host> request system software in-service-upgrade /var/tmp ISSU: Validating package