Understanding SRX Series Chassis Cluster Slot Numbering and Physical Port and Logical Interface Naming
See the hardware documentation for your particular model (SRX Series Services Gateways) for details about SRX Series Firewalls. See Interfaces User Guide for Security Devices for a full discussion of interface naming conventions.
After the devices are connected as a cluster, the slot numbering on the SRX acting as node 1 changes and thus the interface numbering will change. The slot number for each slot in both nodes is determined using the following formula:
cluster slot number = (node ID * maximum slots per node) + local slot number
In chassis cluster mode, the interfaces on the SRX acting as node 1 are renumbered internally.
This topic describes the slot numbering and physical port and logical interface naming conventions for SRX Series Firewalls in a chassis cluster and includes following sections:
Chassis Cluster Slot Numbering and Physical Port and Logical Interface Naming for SRX300, SRX320, SRX340, SRX345, SRX380, SRX1500, and SRX1600 devices.
For SRX340 and SRX345 devices, the fxp0 interface is a dedicated port. For SRX300 and SRX320 devices, after you enable chassis clustering and reboot the system, the built-in interface named ge-0/0/0 is repurposed as the management interface and is automatically renamed fxp0.
For SRX300, SRX320, SRX340, SRX345, and SRX380 devices, after you enable chassis clustering and reboot the system, the build-in interface named ge-0/0/1 is repurposed as the control interface and is automatically renamed fxp1. The SRX300, SRX320, SRX340, SRX345 and SRX380 devices support only Gigabit Ethernet ports as fabric link.
SRX1500 devices have 16 GE interfaces and 4 XE ports.
SRX1600 devices have 16 (1G), 4 (10G), 2 (25G), 2 (1G) ports. The 2 (1G) ports are HA control ports and are not used for forwarding traffic.
Table 1 shows the slot numbering, as well as the physical port and logical interface numbering, for both of the SRX Series Firewalls that become node 0 and node 1 of the chassis cluster after the cluster is formed.
|
Model |
Chassis |
Maximum Slots Per Node |
Slot Numbering in a Cluster |
Management Physical Port/Logical Interface |
Control Physical Port/Logical Interface |
Fabric Physical Port/Logical Interface |
|---|---|---|---|---|---|---|
|
SRX1600 |
Node 0 |
3 |
0 |
fxp0 |
Dedicated dual Control links with MACsec support |
Dual fabric links |
|
em0/em1 |
fab0 |
|||||
|
Node 1 |
7 |
fxp0 |
Dedicated dual Control links with MACsec support |
Dual fabric links |
||
|
em0/em1 |
fab1 |
|||||
|
SRX1500 |
Node 0 |
3 |
0 |
fxp0 |
Dedicated Control port |
Any Ethernet port |
|
em0 |
fab0 |
|||||
|
Node 1 |
7 |
fxp0 |
Dedicated Control port |
Any Ethernet port |
||
|
em0 |
fab1 |
|||||
|
SRX340,SRX345, and SRX380 |
Node 0 |
5 (PIM slots) |
0—4 |
fxp0 |
ge-0/0/1 |
Any Ethernet port |
|
fxp0 |
fxp1 |
fab0 |
||||
|
Node 1 |
5—9 |
fxp0 |
ge-5/0/1 |
Any Ethernet port |
||
|
fxp0 |
fxp1 |
fab1 |
||||
|
SRX320 |
Node 0 |
3 (PIM slots) |
0—2 |
ge-0/0/0 |
ge-0/0/1 |
Any Ethernet port |
|
fxp0 |
fxp1 |
fab0 |
||||
|
Node 1 |
3—5 |
ge-3/0/0 |
ge-3/0/1 |
Any Ethernet port |
||
|
fxp0 |
fxp1 |
fab1 |
||||
|
SRX300 |
Node 0 |
1(PIM slot) |
0 |
ge-0/0/0 |
ge-0/0/1 |
Any Ethernet port |
|
fxp0 |
fxp1 |
fab0 |
||||
|
Node 1 |
1 |
ge-1/0/0 |
ge-1/0/1 |
Any Ethernet port |
||
|
fxp0 |
fxp1 |
fab1 |
|
Interfaces |
Used as Fabric Port? |
Supports Z-Mode Traffic? |
Supports MACsec? |
|---|---|---|---|
|
16X1Gigabit Ethernet Interface -BASE-T RJ45 |
Yes |
Yes |
No |
|
2x 25G SFP28 |
Yes |
Yes |
No |
|
4x 10G SFP+ |
Yes |
Yes |
No |
After you enable chassis clustering, the two chassis joined together cease to exist as individuals and now represent a single system. As a single system, the cluster now has twice as many slots. (See Figure 1, Figure 2, Figure 3, Figure 4, and Figure 6.)
Chassis Cluster Slot Numbering and Physical Port and Logical Interface Naming for SRX4600 Devices
The SRX4600 devices use dedicated HA control and fabric ports.
Table 3 and Table 4 show the slot numbering, as well as the physical port and logical interface numbering, for both of the SRX Series Firewalls that become node 0 and node 1 of the chassis cluster after the cluster is formed.
For information on SRX3400 and SRX3600 devices, see Chassis Cluster support on SRX3400 and SRX3600 devices.
|
Model |
Chassis Cluster |
Maximum Slots Per Node |
Slot Numbering in a Cluster |
Management Physical Port/Logical Interface |
Control Physical Port/Logical Interface |
Fabric Physical Port/Logical Interface |
|---|---|---|---|---|---|---|
|
SRX4600 |
Node 0 |
1 |
0-6 |
fxp0 |
Dual (redundant) MACsec-enabled HA control ports (10GbE) are xe-0/0/0 and xe-0/0/1 It uses 1-Gigabit Ethernet SFP as control port. |
Dual (redundant) MACsec-enabled HA fabric ports (10GbE) Dual Fabric ports with macsec enabled are xe-0/0/2 and xe-0/0/3 |
|
Node 1 |
7-13 |
|
Device |
Renumbering Constant |
Node 0 Interface Name |
Node 1 Interface Name |
|---|---|---|---|
|
SRX4600 |
7 |
xe-1/0/0 |
xe-8/0/0 |
|
Interfaces |
Used as Fabric Port? |
Supports Z-Mode Traffic? |
Supports MACsec? |
|---|---|---|---|
|
Dedicated fabric ports |
Yes |
Yes |
Yes |
|
8X10-Gigabit Ethernet Interface SFPP ports |
Yes |
Yes |
No |
|
4X40-Gigabit Ethernet Interface QSFP28 ports |
Yes |
Yes |
No |
|
4x10-Gigabit Ethernet Interface SFPP ports |
Yes |
Yes |
No |
|
2X100-Gigabit Ethernet Interface QSFP28 slots |
No |
No |
No |
Mix and match of fabric ports are not supported. That is, you cannot use one 10-Gigabit Ethernet interface and one 40-Gigabit Ethernet interface for fabric links configuration. Dedicated fabric link supports only 10-Gigabit Ethernet Interface.
Figure 8 shows the slot numbering for both of the SRX Series Firewalls that become node 0 and node 1 of the chassis cluster after the cluster is formed.
Chassis Cluster Slot Numbering and Physical Port and Logical Interface Naming for SRX2300, SRX4100, and SRX4200 Devices
The SRX4100 and SRX4200 devices use two 1-Gigabit Ethernet/10-Gigabit Ethernet ports, labeled as CTL and FAB as control port and fabric port respectively.
Supported fabric interface types for SRX4100 and SRX4200 devices are 10-Gigabit Ethernet (xe) (10-Gigabit Ethernet Interface SFP+ slots).
|
Interfaces |
Used as Fabric Port? |
Supports Z-Mode Traffic? |
Supports MACsec? |
|---|---|---|---|
|
8X10-Gigabit Ethernet Interface SFPP ports |
Yes |
Yes |
No |
|
4X25-Gigabit Ethernet Interface SFP28 ports |
Yes |
Yes |
No |
|
8x10-Gigabit Ethernet Interface BASE-T RJ45 ports |
Yes |
Yes |
No |
|
2X100-Gigabit Ethernet Interface QSFP28 slots |
No |
No |
No |
SRX4100 and SRX4200 devices do not support direct attach copper (DAC) cables for chassis cluster control.
Table 7 shows the slot numbering, as well as the physical port and logical interface numbering, for both of the SRX Series Firewalls that become node 0 and node 1 of the chassis cluster after the cluster is formed
|
Model |
Chassis Cluster |
Maximum Slots Per Node |
Slot Numbering in a Cluster |
Management Physical Port/Logical Interface |
Control Physical Port/Logical Interface |
Fabric Physical Port/Logical Interface |
|---|---|---|---|---|---|---|
|
SRX2300 |
Node 0 |
1 |
0 |
fxp0 |
Dedicated control port, em0/em1 |
Revenue interfaces are used for dual fabric links, fab0. |
|
Node 1 |
7 |
Revenue interfaces are used for dual fabric links, fab1. |
||||
|
SRX4100 |
Node 0 |
1 |
0 |
fxp0 |
Dedicated control port, em0 |
Dedicated fabric port, any Ethernet port (for dual fabric-link), fab0 |
|
Node 1 |
7 |
Dedicated fabric port, and any Ethernet port (for dual fabric-link), fab1 |
||||
|
SRX4200 |
Node 0 |
1 |
0 |
fxp0 |
Dedicated control port,em0 |
Dedicated fabric port, and any Ethernet port (for dual fabric-link), fab0 |
|
Node 1 |
7 |
Dedicated fabric port, and any Ethernet port (for dual fabric-link), fab1 |
Figure 10 and Figure 11 shows the slot numbering for both of the SRX Series Firewalls that become node 0 and node 1 of the chassis cluster after the cluster is formed.
The node 1 renumbers its interfaces by adding the total number of system FPCs to the original FPC number of the interface. For example, see Table 8 for interface renumbering on the SRX Series Firewalls (SRX4100 and SRX4200).
|
Device |
Renumbering Constant |
Node 0 Interface Name |
Node 1 Interface Name |
|---|---|---|---|
|
SRX1600 |
7 |
xe-0/1/0 |
xe-7/1/0 |
|
SRX2300 |
7 |
xe-0/2/0 |
xe-7/2/0 |
|
SRX4100 |
7 |
xe-0/0/0 |
xe-7/0/0 |
|
SRX4200 |
7 |
xe-0/0/1 |
xe-7/0/1 |
On SRX4100 and SRX4200 devices, when the system comes up as chassis cluster, the xe-0/0/8 and xe-7/0/8 interfaces are automatically set as fabric interfaces links. You can set up another pair of fabric interfaces using any pair of 10-Gigabit interfaces to serve as the fabric between nodes. Note that, the automatically created fabric interfaces cannot be deleted. However, you can delete the second pair of fabric interfaces (manually configured interfaces).
Chassis Cluster Slot Numbering and Physical Port and Logical Interface Naming for SRX5800, SRX5600, and SRX5400 Devices
For chassis clustering, all SRX Series Firewalls have a built-in management interface
named fxp0. For most SRX Series Firewalls, the
fxp0 interface is a dedicated port.
For the SRX5000 line, control interfaces are configured on SPCs.
Table 9 shows the slot numbering, as well as the physical port and logical interface numbering, for both of the SRX Series Firewalls that become node 0 and node 1 of the chassis cluster after the cluster is formed.
|
Model |
Chassis Cluster |
Maximum Slots Per Node |
Slot Numbering in a Cluster |
Management Physical Port/Logical Interface |
Control Physical Port/Logical Interface |
Fabric Physical Port/Logical Interface |
|---|---|---|---|---|---|---|
|
SRX5800 |
Node 0 |
12 (FPC slots) |
0—11 |
Dedicated Gigabit Ethernet port |
Control port on an SPC |
Any Ethernet port |
|
fxp0 |
em0 |
fab0 |
||||
|
Node 1 |
12—23 |
Dedicated Gigabit Ethernet port |
Control port on an SPC |
Any Ethernet port |
||
|
fxp0 |
em0 |
fab1 |
||||
|
SRX5600 |
Node 0 |
6 (FPC slots) |
0—5 |
Dedicated Gigabit Ethernet port |
Control port on an SPC |
Any Ethernet port |
|
fxp0 |
em0 |
fab0 |
||||
|
Node 1 |
6—11 |
Dedicated Gigabit Ethernet port |
Control port on an SPC |
Any Ethernet port |
||
|
fxp0 |
em0 |
fab1 |
||||
|
SRX5400 |
Node 0 |
3 (FPC slots) |
0—2 |
Dedicated Gigabit Ethernet port |
Control port on an SPC |
Any Ethernet port |
|
fxp0 |
em0 |
fab0 |
||||
|
Node 1 |
3—5 |
Dedicated Gigabit Ethernet port |
Control port on an SPC |
Any Ethernet port |
||
|
fxp0 |
em0 |
fab1 |
After you enable chassis clustering, the two chassis joined together cease to exist as individuals and now represent a single system. As a single system, the cluster now has twice as many slots. (See Figure 12.)
FPC Slot Numbering in SRX Series Firewall Cards
SRX5600 and SRX5800 devices have Flex I/O Cards (Flex IOCs) that have two slots to accept the following port modules:
-
SRX-IOC-4XGE-XFP 4-Port XFP
-
SRX-IOC-16GE-TX 16-Port RJ-45
-
SRX-IOC-16GE-SFP 16-Port SFP
You can use these port modules to add from 4 to 16 Ethernet ports to your SRX Series Firewall. Port numbering for these modules is
slot/port module/port
where slot is the number of the slot in the device in which the Flex IOC is installed; port module is 0 for the upper slot in the Flex IOC or 1 for the lower slot when the card is vertical, as in an SRX5800 device; and port is the number of the port on the port module. When the card is horizontal, as in an SRX5400 or SRX5600 device, port module is 0 for the left-hand slot or 1 for the right-hand slot.
SRX5400 devices support only SRX5K-MPC cards. The SRX5K-MPC cards also have two slots to accept the following port modules:
-
SRX-MIC-10XG-SFPP 10-port-SFP+ (xe)
-
SRX-MIC-20GE-SFP 20-port SFP (ge)
-
SRX-MIC-1X100G-CFP 1-port CFP (et)
-
SRX-MIC-2X40G-QSFP 2-port QSFP (et)
See the hardware guide for your specific SRX Series model (SRX Series Services Gateways).