Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

vSRX Cluster Staging and Provisioning for VMware

 

Staging and provisioning a vSRX cluster includes the following tasks:

Deploying the VMs and Additional Network Interfaces

The vSRX cluster uses three interfaces exclusively for clustering (the first two are predefined):

  • Out-of-band management interface (fxp0).

  • Cluster control link (em0).

  • Cluster fabric links (fab0 and fab1). For example, you can specify ge-0/0/0 as fab0 on node0 and ge-7/0/0 as fab1 on node1.

Initially, the VM has only two interfaces. A cluster requires three interfaces (two for the cluster and one for management) and additional interfaces to forward data. You can add interfaces through the VMware vSphere Web Client.

  1. On the VMware vSphere Web Client, click Edit Virtual Machine Settings for each VM to create additional interfaces.
  2. Click Add Hardware and specify the attributes in Table 1.

    Table 1: Hardware Attributes

    Attribute

    Description

    Adapter Type

    Select VMXNET 3 from the list.

    Network label

    Select the network label from the list.

    Connect at power on

    Ensure that there is a check mark next to this option.

Creating the Control Link Connection Using VMware

To connect the control interface through the control vSwitch using the VMware vSphere Web Client:

  1. Choose Configuration > Networking.
  2. Click Add Networking to create a vSwitch for the control link.

    Choose the following attributes:

    • Connection Type

      • Virtual Machines

    • Network Access

      • Create a vSphere switch

      • No physical adapters

    • Port Group Properties

      • Network Label: HA Control

      • VLAN ID: None(0)

      Note

      Port groups are not VLANs. The port group does not segment the vSwitch into separate broadcast domains unless the domains have different VLAN tags.

      • To use a VLAN as a dedicated vSwitch, you can use the default VLAN tag (0) or specify a VLAN tag.

      • To use a VLAN as a shared vSwitch and use a port group, assign a VLAN tag on the port group for each chassis cluster link.

  3. Right-click on the control network, click Edit Settings, and select Security.
  4. Set the promiscuous mode to Accept, and click OK, as shown in Figure 1.
    Figure 1: Promiscuous Mode
    Promiscuous Mode
    Note

    You must enable promiscuous mode on the control vSwitch for chassis cluster.

    You can use the vSwitch default settings for the remaining parameters.

  5. Click Edit Settings for both vSRX VMs to add the control interface (Network adapter 2) into the control vSwitch.

See Figure 2 for vSwitch properties and Figure 3 for VM properties for the control vSwitch.

Figure 2: Control vSwitch Properties
Control vSwitch Properties
Figure 3: Virtual Machine Properties for the Control vSwitch
Virtual Machine Properties for the Control
vSwitch

The control interface will be connected through the control vSwitch. See Figure 4.

Figure 4: Control Interface Connected through the Control vSwitch
Control Interface Connected through the Control
vSwitch

Creating the Fabric Link Connection Using VMware

To connect the fabric interface through the fabric vSwitch using the VMware vSphere Web Client:

  1. Choose Configuration > Networking.
  2. Click Add Networking to create a vSwitch for the fabric link.

    Choose the following attributes:

    • Connection Type

      • Virtual Machines

    • Network Access

      • Create a vSphere switch

      • No physical adapters

    • Port Group Properties

      • Network Label: HA Fabric

      • VLAN ID: None(0)

      Note

      Port groups are not VLANs. The port group does not segment the vSwitch into separate broadcast domains unless the domains have different VLAN tags.

      • To use a VLAN as a dedicated vSwitch, you can use the default VLAN tag (0) or specify a VLAN tag.

      • To use VLAN as a shared vSwitch and use a port group, assign a VLAN tag on the port group for each chassis cluster link.

    Click Properties to enable the following features:

    • General-> Advanced Properties:

      • MTU: 9000

    • Security-> Effective Polices:

      • MAC Address Changes: Accept

      • Forged Transmits: Accept

  3. Click Edit Settings for both vSRX VMs to add the fabric interface into the fabric vSwitch.

See Figure 5 for vSwitch properties and Figure 6 for VM properties for the fabric vSwitch.

Figure 5: Fabric vSwitch Properties
Fabric vSwitch Properties
Figure 6: Virtual Machine Properties for the Fabric vSwitch
Virtual Machine Properties for the Fabric
vSwitch

The fabric interface will be connected through the fabric vSwitch. See Figure 7.

Figure 7: Fabric Interface Connected Through the Fabric vSwitch
Fabric Interface Connected Through the Fabric
vSwitch

Creating the Data Interfaces Using VMware

To map all the data interfaces to the desired networks:

  1. Choose Configuration > Networking.
  2. Click Add Networking to create a vSwitch for fabric link.

    Choose the following attributes:

    • Connection Type

      • Virtual Machines

    • Network Access

      • Create a vSphere switch

      • No physical adapters

    • Port Group Properties

      • Network Label: chassis cluster Reth

      • VLAN ID: None(0)

      Click Properties to enable the following features:

      • Security-> Effective Polices:

        • MAC Address Changes: Accept

        • Forged Transmits: Accept

The data interface will be connected through the data vSwitch using the above procedure.

Prestaging the Configuration from the Console

The following procedure explains the configuration commands required to set up the vSRX chassis cluster. The procedure powers up both nodes, adds the configuration to the cluster, and allows SSH remote access.

  1. Log in as the root user. There is no password.
  2. Start the CLI.
  3. Enter configuration mode.
  4. Copy the following commands and paste them into the CLI:
  5. Set the root authentication password by entering a cleartext password, an encrypted password, or an SSH public key string (DSA or RSA).
  6. To enable SSH remote access:
  7. To enable IPv6:

    This step is optional and requires a system reboot.

  8. Commit the configuration to activate it on the device.
  9. When you have finished configuring the device, exit configuration mode.

Connecting and Installing the Staging Configuration

After the vSRX cluster initial setup, set the cluster ID and the node ID, as described in Configuring a vSRX Chassis Cluster in Junos OS.

After reboot, the two nodes are reachable on interface fxp0 with SSH. If the configuration is operational, the show chassis cluster status command displays output similar to that shown in the following sample output.

vsrx> show chassis cluster status

A cluster is healthy when the primary and secondary nodes are present and both have a priority greater than 0.