Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Configuring SRX Device Clusters in Junos Space using Secure Console

 

You can create a cluster of two SRX-series devices that are combined to act as a single system, or create a single-device cluster and then add a second device to the cluster later. You can also configure a standalone device from an existing cluster device. You can do this using the Secure Console feature in the Devices workspace.

You can configure an SRX-series cluster in the following modes:

  • Active/passive clustering

  • Active/active clustering

In the active/passive mode, the transit traffic passes through the primary node, while the backup node is used only in the event of a failure. When failure occurs, the backup device becomes the primary and takes over all the forwarding tasks.

In the active/active mode, the transit traffic always passes through both the nodes of the cluster.

Note

To discover and manage an SRX device cluster that is already configured, you must perform the device discovery workflow independently for each cluster node. You can add and discover the cluster devices using the Web UI. The discovery process is common for both standalone devices and cluster devices. For more information, see Running Device Discovery Profiles.

This topic includes the following tasks:

Configuring a Standalone Device from a Single-node Cluster

You can configure a standalone device from device that is currently configured as a single-node cluster.

To configure a single-node cluster as a standalone device:

  1. On the Junos Space Network Management Platform user interface, select Devices > Device Management.
  2. Select the single-node cluster and select Device Access > SSH to Device from the Actions menu.

    The SSH to Device pop-up window is displayed.

    Note

    If you have cleared the Allow users to auto log in to devices using SSH option on the Modify Applications page, the SSH to Device pop-up window is displayed. The IP address is automatically displayed in the IP address field. Enter the username and password in the User name and Password fields respectively.

  3. In the IP Address field, enter a valid IP address for the device.
  4. In the Username field, enter the user name for the device.
  5. In the Password field, enter the password to access the device.

    The name and password must match the name and password configured on the device.

  6. In the Port field, enter the port number to use for the SSH connection.

    The default value is 22. If you want to change the value, specify a value specified in the SSH port for device connection field on the Modify Application Settings page in the Administration workspace.

  7. Click Connect.

    The SSH terminal window is displayed.

    Note

    You may receive error messages such as “Unable to Connect”, “Authentication Error”, or “Connection Lost or Terminated”, which are displayed as standard text in terminal window. If you receive an error message, all other functionality in the terminal window is stopped. You should close this terminal window and open a new SSH session.

  8. Enter the set chassis command to remove the cluster configuration:
    set chassis cluster cluster-id 0 node 0
  9. Reboot the device, by entering the command:
    request system reboot
  10. Copy the outbound-ssh configuration from group node to system level, for example:
    set system services outbound-ssh client 00089BBC494A device-id 6CFF68
    set system services outbound-ssh client 00089BBC494A secret "$ABC123"
    set system services outbound-ssh client 00089BBC494A services netconf
    set system services outbound-ssh client 00089BBC494A 10.155.70.252 port 7804
  11. Copy the system log configuration from group node to system level:
    set system syslog file default-log-messages any any
    set system syslog file default-log-messages structured-data
  12. Copy the fxp0 interface setting from group node to system level, for example:
    set interfaces fxp0 unit 0 family inet address 10.155.70.223/19
  13. Delete the outbound-ssh configuration from the group node, for example:
    delete groups node0 system services outbound-ssh
  14. Delete the system log configuration from the group node, for example:
    delete groups node0 system syslog file default-log-messages any any
    delete groups node0 system syslog file default-log-messages structured-data
  15. Delete the interfaces configuration from the group node, for example:
    delete groups node0 interfaces fxp0 unit 0 family inet address 10.155.70.223/19
  16. Commit the configuration changes on the device:
    commit

    In the Junos Space user interface, the device connection status will go down and then up again. After the device connection is back up, you can verify that the device you configured displays as a standalone device.

  17. To terminate the SSH session, type exit from the terminal window prompt, and press Enter.
  18. Click in the top right corner of the terminal window to close the window.

Configuring a Standalone Device from a Two-Node Cluster

You can configure a standalone device from the secondary peer device in a cluster.

Note

You cannot use the primary peer in a two-node cluster to configure a standalone device.

To configure a secondary peer device in a cluster as a standalone device:

  1. On the Junos Space Network Management Platform user interface, select Devices > Device Management.
  2. Select the secondary peer device and select Device Access > SSH to Device from the Actions menu.

    The SSH to Device pop-up window is displayed.

  3. Select the single-node cluster and select Device Access > SSH to Device from the Actions menu.

    The SSH to Device pop-up window is displayed.

    Note

    If you have cleared the Allow users to auto log in to devices using SSH option on the Modify Applications page, the SSH to Device pop-up window is displayed. The IP address is automatically displayed in the IP address field. Enter the username and password in the User name and Password fields respectively.

  4. In the IP Address field, enter a valid IP address for the device.
  5. In the Username field, enter the user name for the device.
  6. In the Password field, enter the password to access the device.

    The name and password must match the name and password configured on the device.

  7. In the Port field, enter the port number to use for the SSH connection.

    The default value is 22. If you want to change the value, specify a value specified in the SSH port for device connection field on the Modify Application Settings page in the Administration workspace.

  8. Click Connect.

    The SSH terminal window is displayed.

    Note

    You may receive error messages such as “Unable to Connect”, “Authentication Error”, or “Connection Lost or Terminated”, which are displayed as standard text in terminal window. If you receive an error message, all other functionality in the terminal window is stopped. You should close this terminal window and open a new SSH session.

  9. Disconnect the HA cable from the device that you want to configure as a standalone device.
  10. Enter the set chassis command for the peer device, for example:
    set chassis cluster cluster-id 0 node 1
  11. Reboot the device, by entering the command:
    request system reboot
  12. Copy the outbound-ssh configuration from group level to system level, for example:
    set system services outbound-ssh client 00089BBC494A device-id 6CFF68
    set system services outbound-ssh client 00089BBC494A secret "$ABC123"
    set system services outbound-ssh client 00089BBC494A services netconf
    set system services outbound-ssh client 00089BBC494A 10.155.70.252 port 7804
  13. Copy the system log configuration from group level to system level:
    set system syslog file default-log-messages any any
    set system syslog file default-log-messages structured-data
  14. Copy the fxp0 interface setting from group level to system level, for example:
    set interfaces fxp0 unit 0 family inet address 10.155.70.223/19
  15. Delete the outbound-ssh configuration from the group level, for example:
    delete groups node1 system services outbound-ssh
  16. Delete the system log configuration from the group level, for example:
    delete groups node1 system syslog file default-log-messages any any
    delete groups node1 system syslog file default-log-messages structured-data
  17. Delete the interfaces configuration from the group level, for example:
    delete groups node1 interfaces fxp0 unit 0 family inet address 10.155.70.223/19
  18. Commit the configuration changes on the device:
    commit

    In the Junos Space user interface, the device connection status will go down and then up again. After the device connection is back up, you can verify that the device you configured displays as a standalone device.

    After the device connections are up, verify the following changes in the Manage Devices inventory landing page:

    • The device you configured now displays as a standalone device.

    • The cluster that formerly included a primary and secondary peer device now displays the primary peer device only.

  19. To terminate the SSH session, type exit from the terminal window prompt, and press Enter.
  20. Click in the top right corner of the terminal window to close the window.

Configuring a Primary Peer in a Cluster from a Standalone Device

You can create a device cluster from two standalone devices. Use the following procedure to configure a standalone device as the primary peer in a cluster.

To configure a primary peer in a cluster from a standalone device:

  1. On the Junos Space Network Management Platform user interface, select Devices > Device Management.
  2. Select the primary peer in the cluster and select Device Access > SSH to Device from the Actions menu.

    The SSH to Device pop-up window is displayed.

    Note

    If you have cleared the Allow users to auto log in to devices using SSH option on the Modify Applications page, the SSH to Device pop-up window is displayed. The IP address is automatically displayed in the IP address field. Enter the username and password in the User name and Password fields respectively.

  3. In the IP Address field, enter a valid IP address for the device.
  4. In the Username field, enter the user name for the device.
  5. In the Password field, enter the password to access the device.

    The name and password must match the name and password configured on the device.

  6. In the Port field, enter the port number to use for the SSH connection.

    The default value is 22. If you want to change the value, specify a value specified in the SSH port for device connection field on the Modify Application Settings page in the Administration workspace.

  7. Click Connect.

    The SSH terminal window is displayed.

    Note

    You may receive error messages such as “Unable to Connect”, “Authentication Error”, or “Connection Lost or Terminated”, which are displayed as standard text in terminal window. If you receive an error message, all other functionality in the terminal window is stopped. You should close this terminal window and open a new SSH session.

  8. For the standalone device, enter the command:
    set chassis cluster cluster-id 1 node 0
  9. Reboot the device, by entering the command:
    request system reboot
  10. Copy the outbound-ssh configuration from the system level to the group level, for example:
    set groups node0 system services outbound-ssh client 00089BBC494A device-id 6CFF68
    set groups node0 system services outbound-ssh client 00089BBC494A secret "$ABC123"
    set groups node0 system services outbound-ssh client 00089BBC494A services netconf
    set groups node0 system services outbound-ssh client 00089BBC494A 10.155.70.252 port 7804
  11. Copy the fxp0 interface configuration from the system level to the group level, for example:
    set groups node0 interfaces fxp0 unit 0 family inet address 10.155.70.223/19
  12. Copy the system log configuration from system level to group level:
    set groups node0 system syslog file default-log-messages any any
    set groups node0 system syslog file default-log-messages structured-data
  13. Delete the outbound-ssh configuration from the system level, for example:
    delete system services outbound-ssh
  14. Delete the system log configuration from the system level, for example:
    delete system syslog file default-log-messages any any
    delete system syslog file default-log-messages structured-data
  15. Delete the interfaces configuration from the system level, for example:
    delete interfaces fxp0 unit 0 family inet address 10.155.70.223/19
  16. Commit the configuration changes on the device again:
    commit

    After the device connection is up, verify the following changes:

    • In the Manage Devices inventory landing page:

      • The cluster icon appears for the device.

      • The new cluster device appears as the primary device.

    • In the physical inventory landing page, Junos Space Network Management Platform displays chassis information for the primary device cluster.

  17. To terminate the SSH session, type exit from the terminal window prompt, and press Enter.
  18. Click in the top right corner of the terminal window to close the window.

Configuring a Secondary Peer in a Cluster from a Standalone Device

If a device cluster contains only a primary peer, you can configure a standalone device to function as a secondary peer in the cluster. Use the following procedure to ensure that Junos Space Network Management Platform is able to manage both devices.

To add a standalone device to a cluster:

  1. On the Junos Space Network Management Platform user interface, select Devices > Device Management.
  2. Select the device and select Device Access > SSH to Device from the Actions menu.

    The SSH to Device pop-up window is displayed.

    Note

    If you have cleared the Allow users to auto log in to devices using SSH option on the Modify Applications page, the SSH to Device pop-up window is displayed. The IP address is automatically displayed in the IP address field. Enter the username and password in the User name and Password fields respectively.

  3. In the IP Address field, enter a valid IP address for the device.
  4. In the Username field, enter the user name for the device.
  5. In the Password field, enter the password to access the device.

    The name and password must match the name and password configured on the device.

  6. In the Port field, enter the port number to use for the SSH connection.

    The default value is 22. If you want to change the value, specify a value specified in the SSH port for device connection field on the Modify Application Settings page in the Administration workspace.

  7. Click Connect.

    The SSH terminal window is displayed.

    From the terminal window prompt, you can enter CLI commands to create a standalone device from the device cluster.

    Note

    You may receive error messages such as “Unable to Connect”, “Authentication Error”, or “Connection Lost or Terminated”, which are displayed as standard text in terminal window. If you receive an error message, all other functionality in the terminal window is stopped. You should close this terminal window and open a new SSH session.

  8. For the standalone device, enter the command:
    set chassis cluster cluster-id 1 node 1
  9. Enter the command:
    request system reboot
  10. Copy the outbound-ssh configuration from the system level to the group level, for example:
    set groups node1 system services outbound-ssh client 00089BBC494A device-id 6CFF68
    set groups node1 system services outbound-ssh client 00089BBC494A secret "$ABC123"
    set groups node1 system services outbound-ssh client 00089BBC494A services netconf
    set groups node1 system services outbound-ssh client 00089BBC494A 10.155.70.252 port 7804
  11. Copy the fxp0 interface configuration from the system level to the group level, for example:
    set groups node1 interfaces fxp0 unit 0 family inet address 10.155.70.223/19
  12. Copy the system log configuration from system level to group level:
    set groups node1 system syslog file default-log-messages any any
    set groups node1 system syslog file default-log-messages structured-data
  13. Delete the outbound-ssh configuration from the system level, for example:
    delete system services outbound-ssh
  14. Delete the system log configuration from the system level, for example:
    delete system syslog file default-log-messages any any
    delete system syslog file default-log-messages structured-data
  15. Delete the interfaces configuration from the system level, for example:
    delete interfaces fxp0 unit 0 family inet address 10.155.70.223/19
  16. Commit the configuration changes on the device again:
    commit
  17. Connect the HA cable to each device in the cluster.
  18. Establish an SSH connection to the primary device in the cluster.
  19. On the primary device, make some trivial change to the device, for example, add a description, and commit the change:
    commit

    After the device connections are up for both devices in the cluster, verify the following changes:

    • In the Manage Devices inventory landing page:

      • Each peer device displays the other cluster member.

      • The cluster icon appears for each member device.

      • One device appears as the primary device and the other as the secondary device in the cluster.

    • In the physical inventory landing page, chassis information appears for each peer device in the cluster.

  20. To terminate the SSH sessions, type exit from the terminal window prompt, and press Enter.
  21. Click in the top right corner of the terminal window to close the window.

Configuring a Cluster with Loopback Interface

By default, the SRX devices are configured to be managed through the fxp0 Ethernet management interface.

If the device is managed through non-fxp0 interface (loopback address), add the following additional command to the device so that the SRX device is considered as a cluster in Junos Space:

Command: set chassis cluster network-management cluster-master

Note

All other cluster configuration commands remain the same for both the Active/Active mode, and Active/Passive mode.