Linux, FreeBSD, Juniper, Cisco / Network security articles and troubleshooting guides

Juniper SRX cluster - How the hostname is configured
Page 1 of 1

Author:  mandrei99 [ Sat Jan 31, 2015 7:04 pm ]
Post subject:  Juniper SRX cluster - How the hostname is configured

A Juniper SRX firewall adopts a different behavior when cluster enabled and rebooted.
Depending on the model, it will change the role of specific fe-/ge- interfaces to behave as cluster management and as cluster control link, a 3rd interface will be (upon configuration) a member of fabric interface for data plane inter-communication between the two cluster nodes.

root@SRX-node> set chassis cluster cluster-id ?
Possible completions:
  <cluster-id>         Cluster identifier (0..15)
  node                 Node identifier (0..1)
  reboot               Reboot the system after setting the identifiers
root@SRX-node> set chassis cluster cluster-id 1 node ?
Possible completions:
  <node>               Node identifier (0..1)

A chassis cluster is made of maximum two SRX nodes: node0 and node1. This is set with above command and it takes effect after reboot.

Both nodes need to have different hostnames, fxp0 (management interface) IP addresses and few other split configuration parts.

On SRX platforms, Junos supports a global configuration part and a node specific configuration part. The hostname and the individual split configs for each SRX chassis cluster node are set in the node specific part.

Then the node specific Junos configuration is applied based on the “apply-group” instruction.

Example: Setting Junos configuration for node0 in an SRX cluster:

# set groups node0 system host-name SRX-Cluster-Node0
# set groups node0 interfaces fxp0 unit 0 family inet address

Setting the corresponding apply-group:
# set apply-groups "${node}"

Node hostname in SRX chassis cluster:

root@SRX-Cluster-Node0# show system host-name | display inheritance
## 'SRX-Cluster-Node0' was inherited from group 'node0'
host-name SRX-Cluster-Node0;

The “display inheritance” junos cli filter allows to see specific configuration inheritance origin. This case the config group “node0”.

Page 1 of 1 All times are UTC - 5 hours [ DST ]
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group