Limitations of Chassis Clustering

On an SRX Series or a J Series device, when defining chassis clustering, be aware of the following restrictions:

• The following features are not supported when chassis clustering is enabled on the device:
  • Packet-based forwarding for MPLS and International Organization for Standardization (ISO) protocol familes.
  • Any function that depends on the configurable interfaces:
    • lsq-0/0/0—Link services Multilink Point-to-Point Protocol (MLPPP), Multilink Frame Relay (MLFR), and Compressed Real-Time Transport Protocol (CRTP).
    • gr-0/0/0—Generic routing encapsulation (GRE) and tunneling.
    • ip-0/0/0—IP-over-IP (IP-IP) encapsulation.
    • pd-0/0/0, pe/0/0/0, and mt-0/0/0—All multicast protocols.
    • lt-0/0/0—Real-time performance monitoring (RPM).
    • WXC Integrated Services Module (WXC ISM 200).
    • ISDN BRI
    • Layer 2 Ethernet switching

      The factory default configuration for SRX100, SRX210, and SRX240 devices automatically enables Layer 2 Ethernet switching. Because Layer 2 Ethernet switching is not supported in chassis cluster mode, for these devices, if you use the factory default configuration, you must delete the Ethernet switching configuration before you enable chassis clustering.

      Caution: Enabling chassis clustering while Ethernet switching is enabled is not a supported configuration. Doing so might result in undesirable behavior from the devices, leading to possible network instability.

      The default configuration for other SRX Series devices and all J Series devices does not automatically enable Ethernet switching. However, if you have enabled Ethernet switching, be sure to disable it before enabling clustering on these devices too. See Disabling Switching on SRX100, SRX210, and SRX240 Devices Before Enabling Chassis Clustering.

• On SRX Series devices, only two of the 10 ports on each PIC of 40-port 1-Gigabit Ethernet I/O cards (IOCs) for SRX5600 and SRX5800 devices can simultaneously enable IP address monitoring. Because there are four PICs per IOC, this permits a total of eight ports per IOC to be monitored. If more than two ports per PIC on 40-port 1-Gigabit Ethernet IOCs are configured for IP address monitoring, the commit will succeed but a log entry will be generated, and the accuracy and stability of IP address monitoring cannot be ensured. This limitation does not apply to any other IOCs or devices.
• On SRX3400, SRX3600, SRX5600, and SRX5800 devices, IP address monitoring is not permitted on redundant Ethernet interface LAGs or on child interfaces of redundant Ethernet interface LAGs.
• On SRX3000 and SRX5000 line chassis clusters, screen statistics data can be gathered on the primary device only.
• On J Series devices, a Fast Ethernet port from a 4-port Ethernet PIM cannot be used as a fabric link port in a chassis cluster.
• On SRX3400, SRX3600, SRX5600, and SRX5800 devices, in-service software upgrade (ISSU) does not support version downgrading. That is, ISSU does not support running an ISSU install of a Junos OS version that is earlier than the currently installed version.
• On SRX3400, SRX3600, SRX5600, and SRX5800 devices, only redundant Ethernet interfaces (reth) are supported for IKE external interface configuration in IPsec VPN. Other interface types can be configured but IPsec VPN might not work.