Chassis Cluster Overview

Chassis clustering provides network node redundancy by grouping a pair of the same kind of supported SRX Series devices or J Series devices into a cluster. The devices must be running the same version of the Junos operating system (Junos OS). The control ports on the respective nodes are connected to form a control plane that synchronizes the configuration and kernel state to facilitate the high availability of interfaces and services. Similarly, the data plane on the respective nodes is connected over the fabric ports to form a unified data plane. The fabric link allows for the management of cross-node flow processing and for the management of session redundancy.

The control plane software operates in active or backup mode. When configured as a chassis cluster, the two nodes back up each other, with one node acting as the primary device and the other as the secondary device, ensuring stateful failover of processes and services in the event of system or hardware failure. If the primary device fails, the secondary device takes over processing of traffic.

The data plane software operates in active/active mode. In a chassis cluster, session information is updated as traffic traverses either device, and this information is transmitted between the nodes over the fabric link to guarantee that established sessions are not dropped when a failover occurs. In active/active mode, it is possible for traffic to ingress the cluster on one node and egress from the other node.

Note: In Junos OS Release 10.4, SRX Series and J Series devices running IP version 6 (IPv6) can be deployed in active/active (failover) chassis cluster configurations in addition to the existing support of active/passive (failover) chassis cluster configurations. An interface can be configured with an IPv4 address, IPv6 address, or both. Address book entries can include any combination of IPv4 addresses, IPv6 addresses, and domain name system (DNS) names.

Chassis cluster functionality includes:

• Resilient system architecture, with a single active control plane for the entire cluster and multiple Packet Forwarding Engines. This architecture presents a single device view of the cluster.
• Synchronization of configuration and dynamic runtime states between nodes within a cluster.
• Monitoring of physical interfaces, and failover if the failure parameters cross a configured threshold.
• Support for Generic Routing Encapsulation (GRE) and IP-over-IP IPv4 tunnels used to route encapsulated IPv4/IPv6 traffic by means of two internal interfaces, gr-0/0/0 and ip-0/0/0, respectively. These interfaces are created by Junos OS at system bootup and are used only for processing GRE and IP-over-IP tunnels. See Junos OS Interfaces Configuration Guide for Security Devices .

At any given instant, a cluster can be in one of the following states: hold, primary, secondary-hold, secondary, ineligible, and disabled. A state transition can be triggered because of any event, such as interface monitoring, SPU monitoring, failures, and manual failovers.