Navigation
Table of Contents
Guide That Contains This Content
[+] Expand All
[-] Collapse All
High Availability Overview
The MetaFabric 1.0 solution is designed with both hardware and software redundancy throughout the data center.
Hardware Redundancy
The following hardware redundancy options are configured in the VDC 1.0 solution:
- Node-level physical redundancy, featuring edge routers, redundant core switches, POD switches, and an SRX firewall cluster
- Redundant FRUs ( power supply, fans)
- Redundant Routing Engine on edge routers, core-switches, POD switches
- Redundant switch fabric on edge router and core switches
Software Redundancy
The following software redundancy features are configured in the MetaFabric 1.0 solution:
QFabric-M Configuration
The QFabric-M features the following software redundancy configurations:
- Link/node-level redundancy using multichassis LAGs on edge router and core switches
- Redundant server node groups (RSNG) on POD1 and POD 2
(QFX3000-M QFabric system). This is configured on the PODs using the
following configuration commands:
set fabric resources node-group RSNG2 node-device n2set fabric resources node-group RSNG2 node-device n3 - OSPF LFA feature to enable backup next hop during failure events
- QFX3000-M QFabric system built-in architecture supports hardware and software redundancy
- Non-step software upgrade (NSSU) is supported on the QFX3000-M QFabric system
- Protocol graceful restart is configured using the following
command:
set groups global routing-options graceful-restart
 | Note: When NSR is enabled, graceful protocol restart is not supported. NSR is not currently supported on the QFX3000-M QFabric system. |
Configurint the Core and Edge Router
The core switches (EX9200) and edge routers (MX240) feature software redundancy configured as shown here:
- Graceful Routing Engine switchover (GRES) on Routing Engine
hardware failure. This is configured on MX Series platforms using
the following commands:
set groups global chassis redundancy routing-engine 0 masterset groups global chassis redundancy routing-engine 1 backupset groups global chassis redundancy failover on-loss-of-keepalivesset groups global chassis redundancy graceful-switchover - Nonstop software upgrade (NSSU) is supported on the QFX3000-M QFabric system and MX240
- In-service software upgrade (ISSU) is supported (EX9200)
Note: ISSU is supported only with the presence of 1-Gbps line cards available in the chassis (EX9200).
- Nonstop active routing (NSR) is supported. This is configured
using the following command:
set groups global routing-options nonstop-routingNote: When NSR is enabled, graceful protocol restart is not supported. NSR is not supported on the QFX3000-M QFabric system.
- Nonstop bridging (NSB) is enabled using the following
command:
set protocols layer2-control nonstop-bridgingNote: Nonstop bridging operates by synchronizing all protocol information for NSB-supported Layer 2 protocols between the master and backup Routing Engines. If the switch has a Routing Engine switchover, the NSB-supported Layer 2 protocol sessions remain active because they are already synchronized on the backup Routing Engine. The Routing Engine switchover is transparent to neighbor devices, which do not detect any changes related to the Layer 2 protocol sessions on the switch.
- Graceful protocol restart is also supported at the core
and edge. Configuration of this feature is performed using this command:
set groups global routing-options graceful-restart
Configuring the Perimeter Firewall
The edge firewalls (SRX3600) feature the following software redundancy configurations:
- Edge firewall (SRX3600) chassis cluster configuration
is performed using the following commands:
set groups global protocols layer2-control nonstop-bridgingset chassis cluster reth-count 4set chassis cluster redundancy-group 0 node 0 priority 129set chassis cluster redundancy-group 0 node 1 priority 128set chassis cluster redundancy-group 1 node 0 priority 129set chassis cluster redundancy-group 1 node 1 priority 128 - Fabric links between the SRX chassis are configured using
the following commands:
set interfaces fab0 fabric-options member-interfaces ge-5/0/15set interfaces fab1 fabric-options member-interfaces ge-18/0/15
Verification
The following verification commands (with sample output) can be used to confirm the configuration and function of high availability features.
Results
- Verify that all the protocols sessions are up in the backup
Routing Engine. This command output verifies that NSR is configured
properly in the EX9200:
root@VDC-edge-r01-re0> show ospf neighborAddress Interface State ID Pri Dead 192.168.1.2 ae0.0 Full 192.168.168.2 254 38 192.168.26.3 irb.0 Full 192.168.168.3 128 39 192.168.26.2 irb.0 Full 192.168.168.2 254 37
root@VDC-edge-r2-re0> show ospf neighborAddress Interface State ID Pri Dead 192.168.1.1 ae0.0 Full 192.168.168.1 254 35 192.168.26.3 irb.0 Full 192.168.168.3 128 34 192.168.26.1 irb.0 Full 192.168.168.1 254 39
root@VDC-edge-fw01-n1> show ospf neighborAddress Interface State ID Pri Dead 192.168.25.2 reth0.0 Full 192.168.168.5 255 34 192.168.25.1 reth0.0 Full 192.168.168.4 255 35 192.168.26.2 reth1.0 Full 192.168.168.2 254 35 192.168.26.1 reth1.0 Full 192.168.168.1 254 36
root@VDC-core-sw1-re0> show ospf neighborAddress Interface State ID Pri Dead 192.168.2.2 ae20.0 Full 192.168.168.5 255 33 192.168.25.2 irb.10 Full 192.168.168.5 255 39 192.168.25.3 irb.10 Full 192.168.168.3 128 39 192.168.50.2 irb.50 Full 192.168.168.5 255 35 192.168.50.3 irb.50 Full 192.168.168.6 128 37 192.168.51.2 irb.51 Full 192.168.168.5 255 36 192.168.51.3 irb.51 Full 192.168.168.6 128 35 192.168.52.2 irb.52 Full 192.168.168.5 255 38 192.168.52.3 irb.52 Full 192.168.168.6 128 31 192.168.53.2 irb.53 Full 192.168.168.5 255 37 192.168.53.3 irb.53 Full 192.168.168.6 128 33 192.168.54.2 irb.54 Full 192.168.168.5 255 34 192.168.54.3 irb.54 Full 192.168.168.7 128 36 192.168.55.2 irb.55 Full 192.168.168.5 255 33 192.168.55.3 irb.55 Full 192.168.168.7 128 35 192.168.20.2 irb.20 Full 192.168.168.5 255 39 192.168.20.3 irb.20 Full 192.168.168.20 128 39
root@VDC-core-sw2-re0> show ospf neighborAddress Interface State ID Pri Dead 192.168.2.1 ae20.0 Full 192.168.168.4 255 38 192.168.25.1 irb.10 Full 192.168.168.4 255 32 192.168.25.3 irb.10 Full 192.168.168.3 128 31 192.168.50.3 irb.50 Full 192.168.168.6 128 38 192.168.50.1 irb.50 Full 192.168.168.4 255 34 192.168.51.1 irb.51 Full 192.168.168.4 255 39 192.168.51.3 irb.51 Full 192.168.168.6 128 37 192.168.52.1 irb.52 Full 192.168.168.4 255 35 192.168.52.3 irb.52 Full 192.168.168.6 128 33 192.168.53.1 irb.53 Full 192.168.168.4 255 39 192.168.53.3 irb.53 Full 192.168.168.6 128 34 192.168.54.1 irb.54 Full 192.168.168.4 255 35 192.168.54.3 irb.54 Full 192.168.168.7 128 38
root@VDC-pod1-sw1> show ospf neighborAddress Interface State ID Pri Dead 192.168.50.2 vlan.50 Full 192.168.168.5 255 34 192.168.50.1 vlan.50 Full 192.168.168.4 255 39 192.168.51.2 vlan.51 Full 192.168.168.5 255 35 192.168.51.1 vlan.51 Full 192.168.168.4 255 39 192.168.52.2 vlan.52 Full 192.168.168.5 255 36 192.168.52.1 vlan.52 Full 192.168.168.4 255 35 192.168.53.2 vlan.53 Full 192.168.168.5 255 37 192.168.53.1 vlan.53 Full 192.168.168.4 255 38 192.168.55.1 irb.55 Full 192.168.168.4 255 32 192.168.55.3 irb.55 Full 192.168.168.7 128 37 192.168.20.1 irb.20 Full 192.168.168.4 255 34 192.168.20.3 irb.20 Full 192.168.168.20 128 31
- 2. Verify thatNSR is configured properly. This is done
by confirming that all OSPF sessions are in a “Full” state
in the backup Routing Engine. The command below was run on the MX240:
root@vdc-edge-r2-re1> show ospf neighborAddress Interface State ID Pri Dead 192.168.1.1 ae0.0 Full 192.168.168.1 254 0 192.168.26.3 irb.0 Full 192.168.168.3 128 0 192.168.26.1 irb.0 Full 192.168.168.1 254 0
- 3. Verify that GRES is configured properly. This is done
by confirming that the backup Routing Engine is ready for switchover.
The command below was run on the MX240:
root@vdc-edge-r2-re1> show system switchoverGraceful switchover: On Configuration database: Ready Kernel database: Synchronizing Peer state: Steady State
