Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Insert Additional SRX5K-SPC3 in a Multinode High Availability Setup

Insert SRX5K-SPC3 in a Multinode High Availability Setup

Starting in Junos OS Release 22.2R1, you can insert additional Service Processing Cards (SPC3) cards in a SRX5000-Line devices in Multinode High Availability setup without interrupting the existing traffic flow or without incurring downtime on your network.

We strongly recommend that you install the additional SPC3 card during a maintenance window, or during times of low-traffic as the backup node is not available for some time.

Requirements

Note the following requirements before you install additional SPC3 cards in a SRX5000-line device in a Multinode High Availability setup:

  • Each security device must have at least one SPC3 card installed.
  • When you are inserting a new SPC3 card, you must install it in a slot that has a higher number than the slots in which other SPCs are already installed. For example, if both nodes have an SPC3 card on slot 2, then you must insert the new SPC3 card in slot 3 or in a higher-numbered slot. You must not install the card in slot 0 or slot 1.
  • Use the following table to know whether you can insert an additional SPC3 card on an SRX5000 chassis without interrupting the traffic based on the count of already installed SPC3 cards.
    Existing Count of SPC3 Cards Count After Inserting Additional SPC3 Cards Installation Without Traffic Interruption
    1 2 Yes
    1 3 or more No
    2 3 or more No
    3 or more 4 or more Yes

Install Additional SPC3 Cards

Consider a Multinode High Availability setup with two SRX5000 line devices. You've two nodes—node 1 acting as the active node and node 2 as the backup node. You want to install SPC3 cards on both the nodes.

Familiarize yourself with the SPC3 installation procedure for your security device. See Installing an SRX5400 Services Gateway SPC, or Installing an SRX5600 Services Gateway SPC, or Installing an SRX5800 Services Gateway SPC.

The following procedures guide you how to install an additional SPC3 card in a Multinode High Availability system.

Case 1: Nonencrypted ICL

  1. Power off node 2 (backup node) using the request system power off command from operational mode.
  2. Insert an SPC3 card or cards on node 2.
  3. Boot up node 2.
  4. Run the show chassis high-availability information command. If the device displays an error with the SPU Slot Mismatch message, you must halt the installation procedure and redo the procedure. If there are no error messages, continue with the next step.
  5. When node 2 is back online and ready to failover on all SRGs, initiate a failover for all traffic and SRGs to node 2. You can use the request chassis high-availability failover services-redundancy-group command from the operational mode. When you run the command, the node 2 transitions to the active role.
  6. Power off node 1.
  7. Insert an SPC3 card or cards on node 1.
  8. Boot up node 1 after you complete the installation.

Case-2: Encrypted ICL

  1. Configure the set chassis high-availability hardware-upgrade statement and commit the configuration on both nodes.
  2. Power off node 2 (backup node) using the request system power off command from operational mode.
  3. Insert an SPC3 card or cards on node 2.
  4. Run the show chassis high-availability information command. If the device displays an error with the SPU Slot Mismatch message, you must halt the upgrade procedure to not cause any disruption to the traffic. If there are no error messages, continue with the next step.
  5. Boot up node 2.
  6. When node 2 is back online and ready to fail over on all SRGs, initiate a failover for all traffic and SRGs to node 2 using the request chassis high-availability failover services-redundancy-group command from the operational mode. When you run the command, the node 2 transitions to the active role.
  7. Power off node 1.
  8. Insert an SPC3 card or cards on node 1.
  9. Boot up node 1 after you complete the installation.
  10. After node 1 is back online, configure the delete chassis high-availability hardware-upgrade statement on both the nodes and commit the configuration.

How to Address SPC3 Slot Mismatch

If you face any issues while installing an additional SPC3 card, use the following steps to address the issue:

  1. Run the show chassis high-availability information command.

    If the device displays an error with the Peer Hardware Incompatible: SPU Slot Mismatch message, you must halt the upgrade procedure to not cause any disruption to the traffic.

  2. Run the show chassis fpc pic-status command to check mismatched chassis slots between the two nodes.

  3. Remove the wrongly placed card, and reinsert it into a correct slot, and perform the upgrade procedure once again.

See Also