Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Navigation
Guide That Contains This Content
[+] Expand All
[-] Collapse All

    Chassis Cluster Provisioning on vSRX

    Chassis cluster requires the following direct connections between the two vSRX instances:

    • Control link, or virtual network, which acts in active/passive mode for the control plane traffic between the two vSRX instances
    • Fabric link, or virtual network, which acts in active/active mode for the data traffic between the two vSRX instances

      Note: You can optionally create two fabric links for more redundancy.

    The vSRX cluster uses the following interfaces:

    • Out-of-band Management interface (fxp0)
    • Cluster control interface (em0)
    • Cluster fabric interface (fab0 on node0, fab1 on node1)

    Note: The control interface must be the second vNIC. You can optionally configure a second fabric link for increased redundancy.

    Figure 1: vSRX Chassis Cluster

    vSRX Chassis Cluster

    vSRX supports chassis cluster using the virtio driver and interfaces, with the following considerations:

    • When you enable chassis cluster, you must also enable jumbo frames (MTU size = 9000) to support the fabric link on the virtio network interface.
    • If you configure a chassis cluster across two physical hosts, disable igmp-snooping on each host physical interface that the vSRX control link uses to ensure that the control link heartbeat is received by both nodes in the chassis cluster.
      hostOS# echo 0 > /sys/devices/virtual/net/<bridge-name>/bridge/multicast_snooping
    • After you enable chassis cluster, the vSRX instance maps the second vNIC to the control link, em0. You can map any other vNICs to the fabric link.

    Note: For virtio interfaces, link status update is not supported. The link status of virtio interfaces is always reported as Up. For this reason, a vSRX instance using virtio and chassis cluster cannot receive link up and link down messages from virtio interfaces.

    The virtual network MAC aging time determines the amount of time that an entry remains in the MAC table. We recommend that you reduce the MAC aging time on the virtual networks to minimize the downtime during failover.

    For example, you can use the brctl setageing bridge 1 command to set aging to 1 second for the Linux bridge.

    You configure the virtual networks for the control and fabric links, then create and connect the control interface to the control virtual network and the fabric interface to the fabric virtual network.

    Modified: 2017-09-13