You are here: Configure > Device Settings > Cluster (HA) Setup.
The Junos OS provides high availability on SRX Series device by using chassis clustering. SRX Series Services Gateways can be configured to operate in cluster mode, where a pair of devices can be connected together and configured to operate like a single node, providing device, interface, and service level redundancy.
Note Starting in Junos OS Release 20.1R1, you can configure SRX380 device using Cluster (HA) Setup.
A chassis cluster can be configured in the following modes:
Active/passive mode: In active/passive mode, transit traffic passes through the primary node while the backup node is used only in the event of a failure. When a failure occurs, the backup device becomes master and takes over all forwarding tasks.
Active/active mode: In active/active mode, has transit traffic passing through both nodes of the cluster all of the time.
Note In the J-Web cluster (HA) setup, you can only configure active/passive mode (RG1). Navigate to Configure > Device Settings > Cluster Configuration to configure active/active mode (RG1+).
You can set up chassis cluster using a simplified Cluster (HA) Mode wizard when the standalone SRX Series devices are in factory default. You can also create HA using the same wizard from Configure > Device Settings > Cluster (HA) Setup when the devices are already in the network.
Note In the factory default settings, a warning message is displayed in SRX300, SRX320, SRX320-POE, SRX340, SRX345, and SRX380 devices to disconnect the ports between the two nodes. This is to avoid displaying the details of the other nodes.
Before you begin:
Establish a chassis cluster connection between the two units, ensure that you have physical access to both the devices.
You must configure the two devices separately.
Your other unit must be on the same hardware and software version as the current unit.
Note that both units are erased and rebooted, after which all existing data is irretrievable. You have the option to save a backup copy of your configuration before rebooting.
To set up cluster (HA):
The Chassis Cluster Setup Wizard configuration page appears. This wizard guides you through configuring chassis cluster on a two-unit cluster.
Select the unit
The welcome page shows the possible chassis cluster connections that you can configure for your SRX Series device. It shows a graphical representation for primary unit (Node 0) and secondary unit (Node 1) and guides you to first configure the primary unit (node 0).
Note If you have already configured the primary node settings, then select No, this is the secondary unit (Node 1) and follow the instructions from Step 8.
Table 110: Primary Unit Configuration
Field | Description | Action |
|---|---|---|
| System Identity | ||
Node 0 Cluster ID | Specifies the number by which a cluster is identified. | Enter a number from 1 through 255. By default, 1 is assigned. |
Node 0 Priority | Specifies the device priority for being elected to be the master device in the VRRP group. | Enter a number from 1 through 255. By default, 200 is assigned. |
Node 1 Priority | Specifies the device priority for being elected to be the master device in the VRRP group. | Enter a number from 1 through 255. By default, 100 is assigned. |
Node 0 Host Name | Specifies the device host name of the node 0. | By default, host name is assigned. For example, SRX1500-01. |
Node 1 Host Name | Specifies the device host name of the node 1. | By default, host name is assigned. For example, SRX1500-02. |
Allow root user SSH login | Allows users to log in to the device as root through SSH. | Enable this option. |
| Management Interface | ||
| IPv4 Address Note: Make a note of the IPv4 address as you need it to access the settings after you commit the configuration. | ||
Node 0 Management IPv4 | Specifies the management IPv4 address of node 0. | Enter a valid IPv4 address for the management interface. |
Node 0 Subnet Mask | Specifies subnet mask for IPv4 address. | Enter a subnet mask for the IPv4 address. |
Node 1 Management IPv4 | Specifies the management IPv4 address of node 1. | Enter a valid IPv4 address for the management interface. |
Node 1 Subnet Mask | Specifies subnet mask for IPv4 address. | Enter a subnet mask for the IPv4 address. |
Static Route IP | Defines how to route to the other network devices. | Enter an IPv4 address for the static route. |
Static Route Subnet | Specifies the subnet for the static route IPv4 address. | Enter a subnet mask for the static route IPv4 address. |
Next Hop IPv4 | Specifies next hop gateway for the IPv4 address. | Enter a valid IPv4 address for the next hop. |
| IPv6 Address (Optional) | ||
Node 0 Management IPv6 | Specifies the management IPv6 address of node 0. | Enter a valid IPv6 address for the management interface. |
Node 0 Subnet Prefix | Specifies subnet prefix for IPv6 address. | Enter a subnet prefix for the IPv6 address. |
Node 1 Management IPv6 | Specifies the management IPv6 address of node 1. | Enter a valid IPv6 address for the management interface. |
Node 1 Subnet Prefix | Specifies subnet prefix for IPv6 address. | Enter a subnet prefix for the IPv6 address. |
Static Route IPv6 | Defines how to route to the other network devices. | Enter an IPv6 address for the static route. |
Static Route Subnet Prefix | Specifies the subnet prefix for the static route IPv6 address. | Enter a subnet prefix for the static route IPv6 address. |
Next Hop IPv6 | Specifies next hop gateway for the IPv6 address. | Enter a valid IPv6 address for the next hop. |
| Device Password | ||
Root Password | Specifies root password of the device. | Enter root password if not already configured for the device. |
Re-Enter Password | - | Reenter the root password. |
| Control Ports Note: This option is available only for SRX5600 and SRX5800 devices. | ||
Dual Link | Provides redundant link for failover. | By default, this option is disabled. Once you enable this option, the following fields appear:
|
Node 0 FPC | Specifies FPC slot number on which to configure the control port. | Select an option from the list. |
Node 0 Port | Specifies port number on which to configure the control port. | Select an option from the list. |
Node 1 FPC | Optional. Specifies FPC slot number on which to configure the control port. | Select an option from the list. |
Node 1 Port | Optional. Specifies port number on which to configure the control port. | Select an option from the list. |
| Save Backup (Optional) | ||
Save Backup (to client) | Saves backup of the current configuration to the client local machine. Note: When restarting the primary unit, J-Web deletes the existing configuration to configure chassis cluster. Therefore, it is recommended that you save a backup file of your current settings before committing the new configuration. | Enable the option to save the backup file of your settings. |
Table 111: Secondary Unit Configuration
Field | Description | Action |
|---|---|---|
| Secondary Unit Information | ||
Cluster ID | Specifies the number by which a cluster is identified. Note: Cluster ID must be same for both primary and secondary units. | Enter a number from 1 through 255. By default, 1 is assigned. |
| Device Password | ||
Root Password | Specifies root password of the device. | Enter new root password. |
Re-Enter Password | - | Reenter the root password. |
| Control Ports Note: This option is available only for SRX5600 and SRX5800 devices. | ||
Dual Link | Provides redundant link for failover. | By default, this option is disabled. Once you enable dual link option, the following fields appear:
|
Node 0 FPC | Specifies FPC slot number on which to configure the control port. | Select an option from the list. |
Node 0 Port | Specifies port number on which to configure the control port. | Select an option from the list. |
Node 1 FPC | Optional. Specifies FPC slot number on which to configure the control port. | Select an option from the list. |
Node 1 Port | Optional. Specifies port number on which to configure the control port. | Select an option from the list. |
| Save Backup (Optional) | ||
Save Backup (to client) | Saves backup of the current configuration to the client local machine. Note: When restarting the secondary unit, J-Web deletes the existing configuration to configure chassis cluster. Therefore, it is recommended that you save a backup file of your current settings before committing the new configuration. | Enable the option to save the backup file of your settings. |
Note
J-Web uses show chassis cluster status to verify control link status. Number on the link signifies if it is single (1) or dual links (2).
The control and fabric link status colors are as follows:
Green—Indicates that the links are up.
Red—Indicates that the links are down.
Orange—Indicates that one of the dual links is up.
Grey—Indicates that the fabric link is not configured.
If chassis cluster is not connected, then the connection is failed and the all possible failure reasons will be displayed. For information on troubleshooting tips, see Juniper Knowledge Search.
You can configure fabric link only after the chassis cluster is formed. For the first time configuration, the chassis status displays as The fabric ports links is not yet configured.
Table 112: Fabric Link Configuration
Field | Description | Action |
|---|---|---|
| Fabric Link Details | ||
Dual Link | Provides redundant link for failover. | Enable this option. |
| Link 1 | ||
Fabric 0 | Specifies the fabric port link for node 0. | Select an interface from the list. |
Fabric 1 | Specifies the fabric port link for node 1. | - |
| Link 2 (Optional) | ||
Fabric 0 | Specifies the secondary fabric port link for node 0. | Select an interface from the list. |
Fabric 1 | Specifies the secondary fabric port link for node 1. | - |
Note You can also use the pencil icon to edit the reth interface and delete icon to delete the reth interfaces.
Table 113: Add Reth Interface
Field | Description | Action |
|---|---|---|
RETH Name | Specifies the reth interface name. | Enter a name for reth interface. |
Node 0 Interfaces | Specifies the list of Node 0 interfaces. | Select an interface from the Available column and move it to the Selected column. |
Node 1 | Specifies the Node 1 interfaces based on the node 0 interfaces. | - |
| Advance Settings | ||
LACP Configuration | Optional. Configure Link Aggregation Control Protocol (LACP). | - |
LACP Mode | Optional. Specifies the LACP mode. Available options are:
| Select an option from the list. |
Periodicity | Optional. Specifies the interval at which the interfaces on the remote side of the link transmit link aggregation control protocol data units (PDUs). Available options are:
| Select an option from the list. |
Description | Optional. Specifies the description for LACP. | Enter a description. |
VLAN Tagging | Optional. Specifies whether or not to enable VLAN tagging. | Enable this option. |
Redundancy Group | Specifies the number of the redundancy group that the reth interface belongs to. | - |
Virtual reth interface is created.
Table 114: Add Reth Logical Interface
Field | Description | Action |
|---|---|---|
| General | ||
Reth Interface Name | Specifies the name of the reth interface. | Enter a name for the reth interface. |
Logical Interface Unit | Specifies the logical interface unit. | Enter the logical interface unit. |
Description | Specifies the description of the reth interface. | Enter the description. |
VLAN ID | Optional. Specifies the VLAN ID. | Enter the VLAN ID. |
| IPv4 Address | ||
IPv4 Address | Specifies the IPv4 address. | Click + and enter a valid IP address. |
Subnet Mask | Specifies the subnetmask for IPv4 address. | Enter a valid subnetmask. |
| IPv6 Address (Optional) | ||
IPv6 Address | Specifies the IPv6 address. | Enter a valid IP address. |
Prefix Length | Specifies the number of bits set in the subnet mask. | Enter the prefix length. |
Note
With factory default configuration, trust and untrust zones are displayed by default.
You can edit the security zone, add new zones, and delete the newly added zones. You will receive an error message while committing if you try to delete a default zone. This is because, the default zones are referenced in the security policies.
You can also edit zone description, application tracking, source identity log, interfaces, system services, protocols, and traffic control options.
Table 115: Create Zones
Field | Description | Action |
|---|---|---|
| General Information | ||
Name | Specifies the name of the zone. | Enter a name for the zone. |
Description | Specifies a description for the zone. | Enter a description for the zone. |
Application Tracking | Enables application tracking (AppTrack) to collect statistics for the application usage on the device, and when the session closes | Enable this option. |
Source Identity Log | Specifies the source-identity-log parameter as part of the configuration for a zone to enable it to trigger user identity logging when that zone is used as the source zone (from-zone) in a security policy. | Enable this option. |
| Interfaces | ||
Interfaces | Specifies the list of reth interfaces available. | Select an interface from the Available column and move it to the Selected column. |
| System Services | ||
Except | Drops the selected services. | Enable this option if you want to drop the selected services. |
Services | Specify the types of incoming system service traffic that can reach the device for all interfaces in a zone. | Select a service from the Available column and move it to the Selected column. |
| Protocols | ||
Except | Drops the selected protocols. | Enable this option if you want to drop the selected protocols. |
Protocols | Specify the types of routing protocol traffic that can reach the device on a per-interface basis. | Select a protocol from the Available column and move it to the Selected column. |
| Traffic Control Options | ||
TCP Reset | Specifies the device to send a TCP segment with the RST (reset) flag set to 1 (one) in response to a TCP segment with any flag other than SYN set and that does not belong to an existing session. | Enable this option. |
A cluster setup success message appears.
If you click the Cluster (HA) Setup menu again, a cluster setup success message appears and you can click Cluster Configuration to view and edit the chassis cluster configuration.
Note If the chassis cluster configuration fails after you click Finish, then edit the configuration as required and commit the changes again.