NFX250 新一代设备上的机箱群集
机箱群集(其中两台设备作为单个设备运行)可在 NFX250 NextGen 设备上提供高可用性 (HA)。机箱群集涉及同步配置文件和设备之间的动态运行时会话状态,这些都是机箱群集设置的一部分。
NFX250 新一代机箱群集概述
您可以将 NFX250 NextGen 设备配置为在群集模式下运行,方法是连接并配置一对设备,使其像单个节点一样运行,从而在设备、接口和服务级别提供冗余。
当两台设备配置为作为 机箱群集运行时,每台设备都将成为该群集的一个节点。两个节点相互备份,一个节点充当主设备,另一个节点充当辅助设备,确保在系统或硬件发生故障时进程和服务的有状态故障转移。如果主设备发生故障,辅助设备将接管流量处理。
群集的节点通过称为控制链路和交换矩阵链路的两个链路连接在一起。机箱群集中的设备可同步群集中的配置、内核和 PFE 会话状态,以促进高可用性、有状态服务的故障切换和负载平衡。
控制链路 - 同步节点之间的配置。向集群提交配置语句时,配置将通过控制接口自动同步。
要在机箱群集中创建控制链路,请将一个节点上的 ge-0/0/0 接口连接到第二个节点上的 ge-0/0/0 接口。
注意:您只能使用 ge-0/0/0 接口创建控制链路。
结构链路(数据链路)— 在节点之间转发流量。到达节点的流量需要在另一个节点上进行处理,将通过交换矩阵链路进行转发。同样,在需要通过另一个节点上的接口退出的节点上处理的流量将通过结构链路转发。
您可以使用除 ge-0/0/0 以外的任何接口来创建结构链路。
机箱群集模式
机箱群集可以配置为主动/被动或主动/主动模式。
Active/passive mode— 在主动/被动模式下,传输流量通过主节点,而备份节点仅在发生故障时使用。发生故障时,备份设备将成为主设备并接管所有转发任务。
Active/active mode—在主动/主动模式下,传输流量始终通过两个节点。
机箱群集接口
机箱群集接口包括:
冗余以太网 (reth) 接口 — 一种伪接口,包含来自集群每个节点的物理接口。主动节点的 reth 接口负责在机箱群集设置中传递流量。
一个接口必须至少包含一对快速以太网接口或一对千兆以太网接口,它们被称为冗余以太网接口(冗余父接口)的子接口。如果将每个节点中的两个或多个子接口分配给冗余以太网接口,则可以形成冗余以太网接口链路聚合组。
注意:您最多可以在 NFX250 NextGen 设备上配置 128 个 reth 接口。
控制接口 — 在集群中的两个节点之间提供控制链路的接口。此接口用于路由更新和控制平面信号流量,例如触发节点故障转移的检测信号和阈值信息。
注意:默认情况下,ge-0/0/0 接口配置为 NFX250 NextGen 设备上的专用控制接口。因此,您无法在 HA 模式下将任何配置应用于 ge-0/0/0。
交换矩阵接口 — 在群集的两个节点之间提供物理连接的接口。通过背对背连接一对以太网接口(每个节点一个)形成交换矩阵接口。集群的数据包转发引擎使用此接口传输传输流量并同步数据平面软件的运行时状态。您必须在配置中指定要用于结构接口的物理接口。
机箱群集限制
不支持同一节点的冗余 LAG (RLAG) 成员接口。每个节点具有多个子接口的 reth 接口称为 RLAG。
示例:在 NFX250 下一代设备上配置机箱群集
此示例说明如何在 NFX250 NextGen 设备上设置机箱群集。
要求
准备工作:
物理连接两台设备,并确保它们是相同的 NFX250 新一代型号。
确保两台设备运行的 Junos OS 版本相同
删除两个节点上控制端口 ge-0/0/0 的所有接口映射。
将节点 0 上的专用控制端口 ge-0/0/0 连接到节点 1 上的 ge-0/0/0 端口。
将节点 0 上的结构端口连接到节点 1 上的结构端口。
概述
图 1 显示了此示例中使用的拓扑。此示例说明如何设置基本主动/被动机箱群集。一台设备主动保持对机箱群集的控制。另一台设备被动地维护其群集故障转移功能状态,以防活动设备变为非活动状态。
注意:
此示例不详细描述其他配置,例如如何配置安全功能。它们本质上与独立配置相同。
图 1:NFX250 新一代机箱群集
配置
配置机箱群集
分步过程
在两个节点上配置群集 ID 并重新启动设备。设置群集 ID 和节点 ID 后,需要重新启动才能进入群集模式。
注意:您必须进入操作模式才能在两台设备上发出命令。
user@host1> set chassis cluster cluster-id 1 node 0 reboot user@host2> set chassis cluster cluster-id 1 node 1 reboot
两台设备上的群集 ID 相同,但节点 ID 必须不同,因为一台设备是节点 0,另一台设备是节点 1。群集 ID 的范围为 0 到 255,将其设置为 0 相当于禁用群集模式。
验证机箱群集是否已成功配置:
-
user@host1> show chassis cluster status Monitor Failure codes: CS Cold Sync monitoring FL Fabric Connection monitoring GR GRES monitoring HW Hardware monitoring IF Interface monitoring IP IP monitoring LB Loopback monitoring MB Mbuf monitoring NH Nexthop monitoring NP NPC monitoring SP SPU monitoring SM Schedule monitoring CF Config Sync monitoring RE Relinquish monitoring Cluster ID: 1 Node Priority Status Preempt Manual Monitor-failures Redundancy group: 0 , Failover count: 0 node0 1 primary no no None node1 1 secondary no no None -
root@host1> show chassis cluster information node0: -------------------------------------------------------------------------- Redundancy Group Information: Redundancy Group 0 , Current State: primary, Weight: 255 Time From To Reason Mar 15 11:33:47 hold secondary Hold timer expired Mar 15 11:34:03 secondary primary Only node present Chassis cluster LED information: Current LED color: Green Last LED change reason: No failures node1: -------------------------------------------------------------------------- Redundancy Group Information: Redundancy Group 0 , Current State: secondary, Weight: 255 Time From To Reason Mar 15 12:14:49 hold secondary Hold timer expired Chassis cluster LED information: Current LED color: Green Last LED change reason: No failures
设置机箱群集后,您可以进入配置模式并在主节点 node0 上执行所有配置。
-
配置节点 0 和 1 的主机名和带外管理 IP 地址:
user@host1# set groups node0 system host-name NFX250NG-1 user@host1# set groups node0 interfaces fxp0 unit 0 family inet address 172.16.100.1/24
user@host2# set groups node1 system host-name NFX250NG-2 user@host2# set groups node1 interfaces fxp0 unit 0 family inet address 172.16.100.2/24
如果要从为带外管理配置的子网以外的其他子网访问设备,请设置静态路由:
user@host1# set routing-options static route 198.51.100.0/24 next-hop 172.16.0.0 user@host1# set routing-options static route 203.0.113.0/24 next-hop 172.16.0.0
配置备份路由器以从外部网络访问路由器以进行带外管理
user@host1# set groups node0 system backup-router 172.16.0.0 user@host1# set groups node0 system backup-router destination 172.0.0.0/8 user@host1# set groups node0 system backup-router destination 203.0.0.0/8 user@host1# set groups node1 system backup-router 172.16.0.0 user@host1# set groups node1 system backup-router destination 172.0.0.0/8 user@host1# set groups node1 system backup-router destination 203.0.0.0/8
配置结构接口
分步过程
ge-0/0/0 接口是预定义的控制链路。因此,您应该选择设备上的任何其他接口来配置结构接口。例如,在以下配置中,ge-0/0/1 用作结构接口。
将以太网线缆的一端连接到 NFX250NG-1 设备上的 ge-0/0/1,将线缆的另一端连接到 NFX250NG-2 设备上的 ge-0/0/1。
将物理 LAN 映射到虚拟 WAN 端口:
user@host1> set vmhost virtualization-options interfaces ge-8/0/1 user@host1> set vmhost virtualization-options interfaces ge-1/0/1
配置与交换矩阵接口对应的前面板 (L2) 接口:
user@host1# set interfaces ge-0/0/1 mtu 9192 user@host1# set interfaces ge-0/0/1 unit 0 family ethernet-switching interface-mode access user@host1# set interfaces ge-0/0/1 unit 0 family ethernet-switching vlan members vlan100
user@host1# set interfaces sxe-0/0/0 mtu 9192 user@host1# set interfaces sxe-0/0/0 unit 0 family ethernet-switching interface-mode trunk user@host1# set interfaces sxe-0/0/0 unit 0 family ethernet-switching vlan members vlan100 user@host1# set vlans vlan100 vlan-id 100
将 L3 接口配置为结构成员:
user@host1# set chassis cluster fabric-member ge-1/0/1 vlan-id 100 user@host1# set interfaces fab0 fabric-options member-interfaces ge-1/0/1 user@host1# set groups fab chassis cluster fabric-member ge-1/0/1 vlan-id 100 user@host1# set groups fab chassis cluster fabric-member ge-8/0/1 vlan-id 100 user@host1# set groups fab interfaces fab0 fabric-options member-interfaces ge-1/0/1 user@host1# set groups fab interfaces fab1 fabric-options member-interfaces ge-8/0/1 user@host1# set groups fab vmhost virtualization-options interfaces ge-1/0/1 user@host1# set groups fab vmhost virtualization-options interfaces ge-8/0/1
配置结构接口的数据路径:
user@host1# set groups fab interfaces sxe-7/0/0 unit 0 family ethernet-switching vlan members vlan100 user@host1# set groups fab interfaces sxe-0/0/0 unit 0 family ethernet-switching vlan members vlan100 user@host1# set groups fab interfaces ge-0/0/9 mtu 9000 user@host1# set groups fab interfaces ge-0/0/9 unit 0 family ethernet-switching interface-mode access user@host1# set groups fab interfaces ge-0/0/9 unit 0 family ethernet-switching vlan members vlan100 user@host1# set groups fab interfaces ge-7/0/9 mtu 9000 user@host1# set groups fab interfaces ge-7/0/9 unit 0 family ethernet-switching interface-mode access user@host1# set groups fab interfaces ge-7/0/9 unit 0 family ethernet-switching vlan members vlan100 user@host1# set groups fab vlan vlan100 vlan-id 100 user@host1# set apply-groups fab
为结构成员和 reth 成员配置端口对等。端口对等可确保当由第 2 层数据平面 (FPC0) 控制的 LAN 接口发生故障时,第 3 层数据平面 (FPC1) 上的相应接口将被标记为关闭,反之亦然。这有助于将相应的冗余组故障转移到辅助节点。
user@host1# set groups node1 chassis cluster redundant-interface ge-8/0/1 mapping-interface ge-7/0/1 user@host1# set groups node0 chassis cluster redundant-interface ge-1/0/1 mapping-interface ge-0/0/1
使系统能够自动执行控制链路恢复。确定控制链路运行正常后,系统会在控制链路出现故障时禁用的节点上发出自动重新启动。当禁用的节点重新启动时,它将重新加入群集。
user@host1# set chassis cluster control-link-recovery
配置冗余组和冗余接口
分步过程
-
配置冗余组 1 和 2。
redundancy-group 1和控制redundancy-group 2数据平面并包括数据平面端口。每个节点在冗余组中都有接口。作为冗余组配置的一部分,您还必须定义控制平面和数据平面的优先级 - 控制平面首选哪个设备,数据平面首选哪个设备。对于机箱群集,首选更高的优先级。数字越大优先。在此配置中, 是
node 0与 关联的活动节点。 reth0 是 的成员,reth1 是 的成员redundancy-group 1redundancy-group 2redundancy-group 1。您必须通过节点 0 配置群集中的所有更改。如果节点 0 发生故障,则节点 1 将成为活动节点。user@host1# set chassis cluster reth-count 4 user@host1# set chassis cluster redundancy-group 1 node 0 priority 200 user@host1# set chassis cluster redundancy-group 1 node 1 priority 100 user@host1# set chassis cluster redundancy-group 2 node 0 priority 200 user@host1# set chassis cluster redundancy-group 2 node 1 priority 100 user@host1# set chassis cluster redundancy-group 1 preempt user@host1# set chassis cluster redundancy-group 2 preempt
将物理 LAN 映射到虚拟 WAN 端口以供成员使用:
user@host1# set vmhost virtualization-options interfaces ge-1/0/3 user@host1# set vmhost virtualization-options interfaces ge-1/0/4 user@host1# set vmhost virtualization-options interfaces ge-8/0/3 user@host1# set vmhost virtualization-options interfaces ge-8/0/4
配置与 reth 接口对应的前面板 (L2) 接口:
user@host1# set interfaces ge-0/0/3 unit 0 family ethernet-switching interface-mode access user@host1# set interfaces ge-0/0/3 unit 0 family ethernet-switching vlan members vlan300
user@host1# set interfaces ge-0/0/4 unit 0 family ethernet-switching interface-mode access user@host1# set interfaces ge-0/0/4 unit 0 family ethernet-switching vlan members vlan400
user@host1# set interfaces ge-7/0/3 unit 0 family ethernet-switching interface-mode access user@host1# set interfaces ge-7/0/3 unit 0 family ethernet-switching vlan members vlan300
user@host1# set interfaces ge-7/0/4 unit 0 family ethernet-switching interface-mode access user@host1# set interfaces ge-7/0/4 unit 0 family ethernet-switching vlan members vlan400
user@host1# set interfaces sxe-0/0/1 unit 0 family ethernet-switching interface-mode trunk user@host1# set interfaces sxe-0/0/1 unit 0 family ethernet-switching vlan members vlan300 user@host1# set interfaces sxe-0/0/1 unit 0 family ethernet-switching vlan members vlan400
user@host1# set interfaces sxe-7/0/1 unit 0 family ethernet-switching interface-mode trunk user@host1# set interfaces sxe-7/0/1 unit 0 family ethernet-switching vlan members vlan300 user@host1# set interfaces sxe-7/0/1 unit 0 family ethernet-switching vlan members vlan400
user@host1# set vlans vlan300 vlan-id 300 user@host1# set vlans vlan400 vlan-id 400
将 WAN(L3) 接口配置为 reth 成员:
user@host1# set interfaces ge-1/0/3 gigether-options redundant-parent reth0 user@host1# set interfaces ge-8/0/3 gigether-options redundant-parent reth0 user@host1# set interfaces ge-1/0/4 gigether-options redundant-parent reth1 user@host1# set interfaces ge-8/0/4 gigether-options redundant-parent reth1
配置接口:
配置 reth0:
user@host1# set interfaces reth0 vlan-tagging user@host1# set interfaces reth0 redundant-ether-options redundancy-group 1 user@host1# set interfaces reth0 unit 0 vlan-id 300 user@host1# set interfaces reth0 unit 0 family inet address 192.0.2.0/24
配置 reth1:
user@host1# set interfaces reth1 vlan-tagging user@host1# set interfaces reth1 redundant-ether-options redundancy-group 2 user@host1# set interfaces reth1 unit 0 vlan-id 400 user@host1# set interfaces reth1 unit 0 family inet address 198.51.100.0/24
为 reth 接口成员配置接口监控:
user@host1# set chassis cluster redundancy-group 1 interface-monitor ge-1/0/3 weight 255 user@host1# set chassis cluster redundancy-group 1 interface-monitor ge-8/0/3 weight 255 user@host1# set chassis cluster redundancy-group 2 interface-monitor ge-1/0/4 weight 255 user@host1# set chassis cluster redundancy-group 2 interface-monitor ge-8/0/4 weight 255
为 reth 接口成员配置端口对等:
user@host1# set groups node1 chassis cluster redundant-interface ge-8/0/3 mapping-interface ge-7/0/3 user@host1# set groups node1 chassis cluster redundant-interface ge-8/0/4 mapping-interface ge-7/0/4 user@host1# set groups node0 chassis cluster redundant-interface ge-1/0/3 mapping-interface ge-0/0/3 user@host1# set groups node0 chassis cluster redundant-interface ge-1/0/4 mapping-interface ge-0/0/4
配置安全策略以允许从 LAN 到 WAN 以及从 WAN 到 LAN 的流量:
user@host1# set security policies default-policy permit-all user@host1# set security zones security-zone trust host-inbound-traffic system-services all user@host1# set security zones security-zone trust host-inbound-traffic protocols all user@host1# set security zones security-zone trust interfaces all
验证
验证机箱群集状态
目的
验证机箱群集及其接口的状态。
行动
在操作模式下,发出以下命令:
验证群集的状态:
root@host1> show chassis cluster status Monitor Failure codes: CS Cold Sync monitoring FL Fabric Connection monitoring GR GRES monitoring HW Hardware monitoring IF Interface monitoring IP IP monitoring LB Loopback monitoring MB Mbuf monitoring NH Nexthop monitoring NP NPC monitoring SP SPU monitoring SM Schedule monitoring CF Config Sync monitoring RE Relinquish monitoring IS IRQ storm Cluster ID: 1 Node Priority Status Preempt Manual Monitor-failures Redundancy group: 0 , Failover count: 1 node0 1 primary no no None node1 1 secondary no no None Redundancy group: 1 , Failover count: 1 node0 200 primary yes no None node1 100 secondary yes no None Redundancy group: 2 , Failover count: 1 node0 200 primary yes no None node1 100 secondary yes no None验证冗余组的状态:
root@host1> show chassis cluster information node0: -------------------------------------------------------------------------- Redundancy Group Information: Redundancy Group 0 , Current State: primary, Weight: 255 Time From To Reason Jun 8 11:24:14 hold secondary Hold timer expired Jun 8 11:24:30 secondary primary Only node present Redundancy Group 1 , Current State: primary, Weight: 255 Time From To Reason Jun 8 11:24:14 hold secondary Hold timer expired Jun 8 11:24:30 secondary primary Only node present Redundancy Group 2 , Current State: primary, Weight: 255 Time From To Reason Jun 8 11:24:14 hold secondary Hold timer expired Jun 8 11:24:30 secondary primary Only node present Chassis cluster LED information: Current LED color: Green Last LED change reason: No failures node1: -------------------------------------------------------------------------- Redundancy Group Information: Redundancy Group 0 , Current State: secondary, Weight: 255 Time From To Reason Jun 8 11:25:24 hold secondary Hold timer expired Redundancy Group 1 , Current State: secondary, Weight: 255 Time From To Reason Jun 8 11:25:24 hold secondary Hold timer expired Redundancy Group 2 , Current State: secondary, Weight: 255 Time From To Reason Jun 8 11:25:23 hold secondary Hold timer expired Chassis cluster LED information: Current LED color: Green Last LED change reason: No failures验证接口的状态:
root@host1> show chassis cluster interfaces Control link status: Up Control interfaces: Index Interface Monitored-Status Internal-SA Security 0 em1 Up Disabled Disabled Fabric link status: Up Fabric interfaces: Name Child-interface Status Security (Physical/Monitored) fab0 ge-1/0/1 Up / Up Disabled fab0 fab1 ge-8/0/1 Up / Up Disabled fab1 Redundant-ethernet Information: Name Status Redundancy-group reth0 Up 1 reth1 Up 2 reth2 Down Not configured reth3 Down Not configured Redundant-pseudo-interface Information: Name Status Redundancy-group lo0 Up 0 Interface Monitoring: Interface Weight Status Redundancy-group (Physical/Monitored) ge-8/0/3 255 Up / Up 1 ge-1/0/3 255 Up / Up 1 ge-8/0/4 255 Up / Up 2 ge-1/0/4 255 Up / Up 2验证端口对等接口的状态:
root@host1> show chassis cluster port-peering node0: -------------------------------------------------------------------------- Port peering interfaces: Backend L3 Mapped Peer L2 Interface Status Interface Status ge-1/0/3 Up ge-0/0/3 Up ge-1/0/4 Up ge-0/0/4 Up ge-1/0/1 Up ge-0/0/1 Up node1: -------------------------------------------------------------------------- Port peering interfaces: Backend L3 Mapped Peer L2 Interface Status Interface Status ge-8/0/3 Up ge-7/0/3 Up ge-8/0/4 Up ge-7/0/4 Up ge-8/0/1 Up ge-7/0/1 Up