Posts Tagged ‘chassis’
I was required to check (as this customer did not have a trap collector) which node was active for redundancy group 0 on a SRX cluster. So I thought I would check for a SNMP OID that is only presented by the active RG0 node. This script uses snmpwalk and is configured to use SNMP v2c (this can be easily changed). It has been tested on:
- CentOS 5
- Junos 11.4R2
- SNMP v2c
Here is the little hacky shell script:
[bash]
#!/bin/bash
# Cooper Lees <me@cooperlees.com>
# Dirty Cluster RG0 checker
# Lasted Updated: 20120818
HOST=$1
COMMUNITY=$2
if [ "$HOST" == "" ] || [ "$COMMUNITY" == "" ]; then
echo "ERROR: No host or SNMP community specified"
exit 2
fi
SNMPOUTPUT=$(snmpwalk -v 2c -c $COMMUNITY $HOST 1.3.6.1.4.1.2636.3.1.14.1.7)
echo $SNMPOUTPUT | grep "INTEGER: 2" > /dev/null
if [ $? == 0 ]; then
echo "Host $HOST is the Chassis cluster ACTIVE RE"
exit 0
fi
echo $SNMPOUTPUT | grep "No Such Object available on this agent at this OID" > /dev/null
if [ $? == 0 ]; then
echo "Host $HOST is the INACTIVE RE"
exit 2
fi
echo "WTF - Something is not right ..."
exit 3
[/bash]
It checks for the "jnxRedundancyState" OID - this OID reports on RE states and is only accurate on Junos routers (e.g. M and MX series etc.).
Enjoy ...
Tags: 0, board, chassis, check, cluster, control, engine, group, nagios, redundancy, routing, srx, status, system, zero
Posted in g33k, juniper |
Here is a table of the ports that are used for chassis cluster control link and management ports on Branch SRX devices.
The quoted ports are the 'stand alone' non clustered port names (not node1's port names once clustered). In a SRX cluster the PIM slots on node1 start at the last PIM slot of node0 + 1. For example, a SRX240 cluster's node1 starts at PIM 5. It's control link port is effectively ge-5/0/1).
| Model |
FXP0 (Management) |
FXP1 (Control Link) |
| SRX100 |
fe-0/0/6 |
fe-0/0/7 |
| SRX210 |
fe-0/0/6 |
fe-0/0/7 |
| SRX220 |
ge-0/0/6 (> 11.0) |
ge-0/0/7 |
| SRX240 |
ge-0/0/0 |
ge-0/0/1 |
| SRX550 |
ge-0/0/0 |
ge-0/0/1 |
| SRX650 |
ge-0/0/0 |
ge-0/0/1 |
*fab0 and fab1 interfaces (Data Link) are always configurable, e.g.:
- set interfaces fab0 fabric-options member-interfaces ge-0/0/2
- set interfaces fab1 fabric-options member-interfaces ge-5/0/2
Tags: branch, chassis, cluster, control, fxp, fxp0, fxp1, interface, junos, link, management, srx
Posted in g33k, juniper |
So when I was googiling around looking for working configurations of Junos (EX in this case) AE working with a Cisco vPC (Virtual Port Channel) I could not find any examples ... So I said that I would post one. I will not be covering how to set up a VPC, if you're interested in that side visit Cisco's guide here. I will also not discuss how to configure a Juniper Virtual Chassis (more info here). The devices used in this example are 2 x Cisco 7k (running NX-OS 4) and 2 x Juniper EX4500 switches (running Junos 11.4R1) in a Mixed Mode virtual chassis with 2 x ex4200s.
The goal, as network engineers is to use all bandwidth when it's available (if feasible) and avoid legacy protocols to stop layer 2 loops such as Spanning-Tree. vPC from Cisco and VC technologies allow LACP (Link Control Aggregation Protocol) links to span physical chassis, allow the network engineer to avoid single points of failure and harness all available bandwidth. If a physical chassis was lost, you would still be operation in a degraded fashion, e.g. 1/2 the available bandwidth until the second chassis returned.
To configure the Cisco Nexus side you would require the following configuration on each vPC configured chassis. I found that VLAN pruning can be happily done and a Natvie VLAN1 is not needed if CDP is not mandatory (I did not test making CDP able to traverse the trunk through the Juniper - Would love to hear if someone does!).
[plain]
conf t
interface port-channel69
description Good practice
switchport mode trunk
vpc 69
mtu 9216
switchport trunk allowed vlan 69
interface Ethernetx/x
channel-group 69 mode active
[/plain]
Handy Cisco Debug Commands:
- show vpc
- show run interface port-channel69 member
- show vpc consistency-parameters int port-channel 69
- show port-channel summary
The Juniper side would only require the following, this configuration is identical (you just choose different member interfaces) even if you don't have a Virtual Chassis configuration.
[plain]
set interfaces xe-0/0/39 ether-options 802.3ad ae0
set interfaces xe-1/0/39 ether-options 802.3ad ae0
set interfaces ae0 description "Good Practice"
set interfaces ae0 mtu 9216
set interfaces ae0 aggregated-ether-options lacp active
set interfaces ae0 unit 0 family ethernet-switching port-mode trunk
set interfaces ae0 unit 0 family ethernet-switching vlan members pr0nNet
set vlans pr0nNet vlan-id 69
set vlans pr0nNet l3-interface vlan.69 #If a L3 RVI is required
[/plain]
Handy Juniper Debug Commands:
- show interface terse ae0
- show lacp interfaces (you want your interfaces to be collecting and distributing)
- show interface ae0 extensive
Please let me know if I have done anything that is not optimal - always eager to learn, I am definitely not (and proud of it) a Cisco expert.
Tags: 11.4R1, channel, chassis, ex, junos, lacp, nexus, nx-os, port, port-channel, vc, vcp, virtual
Posted in cisco, g33k, juniper |
EX VC tip of the moment: Use apply-groups to add specific config to each node.
For example:
[plain]
set groups member0 system host-name member0
set groups member1 system host-name member1
set groups member2 system host-name member2
set apply-groups member0
set apply-groups member1
set apply-groups member2
[/plain]
Tags: apply-group, chassis, config, configuration, vc, virtual
Posted in g33k, juniper |
If you are unfortunately working on a JUNOS chassis cluster that does not have the out-of-band management patched (fxp0) then you must use an alternate way to connect to specific nodes and copy files. You are able to copy files and login from to the non active node via the following methods.
To copy files or log in JUNOS gives you the following options:
Copy files from one node to another
[plain]
Copy Method A, using CLI:
> file copy /var/tmp/abc.log node1:/var/log/
Copy Method B, using shell, follow the commands in order:
> start shell user root
% rcp -T /var/tmp/abc.log node1:/var/log/
[/plain]
Ref link http://kb.juniper.net/InfoCenter/index?page=content&id=KB17410
Login from node0 to node1
The command mentioned does not work on 3k and 5k devices.
[plain]
% rlogin -Jk -T node1 (This is shell command)
[/plain]
Tags: chassis, cluster, copy, file, junos, login, node0, node1, rcp, rsh
Posted in g33k, juniper |
So a co-worker and I spent some time playing around with JunOS 11's (I believe it came in with 11 - correct me if wrong) reth's ability to now be LACP interfaces, as well as just plain redundant. It was not immediately clear how the switch was required to be set up in order to facilitate this new, awesome feature.
- This was used with a ex4200 virtual chassis cluster and SRX Chassis Cluster -
Here is how we got it happily working (assuming you have a chassis cluster up and running):
SRX Config:
set interfaces ge-2/0/0 gigether-options redundant-parent reth1
set interfaces ge-2/0/1 gigether-options redundant-parent reth1
set interfaces ge-2/0/2 gigether-options redundant-parent reth1
set interfaces ge-2/0/3 gigether-options redundant-parent reth1
set interfaces ge-11/0/0 gigether-options redundant-parent reth1
set interfaces ge-11/0/1 gigether-options redundant-parent reth1
set interfaces ge-11/0/2 gigether-options redundant-parent reth1
set interfaces ge-11/0/3 gigether-options redundant-parent reth1
set interfaces reth1 redundant-ether-options redundancy-group 1
set interfaces reth1 redundant-ether-options lacp passive
EX Config:
set interfaces ge-0/0/0 ether-options 802.3ad ae1
set interfaces ge-0/0/1 ether-options 802.3ad ae2
set interfaces ge-0/0/2 ether-options 802.3ad ae1
set interfaces ge-0/0/3 ether-options 802.3ad ae2
set interfaces ge-1/0/0 ether-options 802.3ad ae2
set interfaces ge-1/0/1 ether-options 802.3ad ae1
set interfaces ge-1/0/2 ether-options 802.3ad ae2
set interfaces ge-1/0/3 ether-options 802.3ad ae1
set interfaces ae1 aggregated-ether-options lacp active
set interfaces ae2 aggregated-ether-options lacp active
Now we have LACP bandwidth and redundancy - Either the switch or SRX can die, in theory.
* Have not tested the failover yet - But will before this set up goes to production - Will update the post *
Tags: australia, chassis, cluster, ex, firewall, ict, junos, lacp, networks, north, redundant, reth, router, srx, switch, sydney, virtual
Posted in g33k, juniper |
