tech note

インフラ技術や車についてつぶやいていくブログ

SRX 冗長化初期設定メモ

f:id:tea_cat:20180913013643j:plain

前提

fabric

ge-0/0/6
ge-0/0/7

reth0

ge-0/0/2
ge-0/0/3

reth1

ge-0/0/4
ge-0/0/5

rethは2本でLACP LAGとしています。( ←部)

Zone

UNTRUST

reth0

TRUST

reth1

設定削除、rootパスワード設定

# delete
This will delete the entire configuration
Delete everything under this level? [yes,no] (no) yes

# set system root-authentication plain-text-password
New password:
Retype new password:

# commit and-quit

コントロールリンク、ファブリックリンクを結線

筐体毎に決められているコントロールリンク、任意のファブリックリンクを直結します。

ClusterIDとどちらがnodeXか設定しreboot

1号機
> set chassis cluster cluster-id 1 node 0 reboot
2号機
> set chassis cluster cluster-id 1 node 1 reboot

ファブリックリンクを設定(任意のInterfaceでOK)

root# set interfaces fab0 fabric-options member-interfaces ge-0/0/6

{primary:node0}[edit]
root# set interfaces fab0 fabric-options member-interfaces ge-0/0/7

{primary:node0}[edit]
root# set interfaces fab1 fabric-options member-interfaces ge-9/0/6

{primary:node0}[edit]
root# set interfaces fab1 fabric-options member-interfaces ge-9/0/7

redundancy-groupを設定

{primary:node0}[edit]
root# set chassis cluster redundancy-group 0 node 0 priority 100

{primary:node0}[edit]
root# set chassis cluster redundancy-group 0 node 1 priority 1

{primary:node0}[edit]
root# set chassis cluster redundancy-group 1 node 0 priority 100

{primary:node0}[edit]
root# set chassis cluster redundancy-group 1 node 1 priority 1

reth作成

{primary:node0}[edit]
root# set chassis cluster reth-count 2

{primary:node0}[edit]
root# set interfaces reth0 redundant-ether-options redundancy-group 1

{primary:node0}[edit]
root# set interfaces reth0 redundant-ether-options link-speed 1g ←

{primary:node0}[edit]
root# set interfaces reth0 redundant-ether-options lacp active ←

{primary:node0}[edit]
root# set interfaces reth0 redundant-ether-options lacp periodic slow ←

{primary:node0}[edit]
root# set interfaces reth0 unit 0 family inet address XXX.XXX.XXX.XXX/26


{primary:node0}[edit]
root# set interfaces reth1 redundant-ether-options redundancy-group 1

{primary:node0}[edit]
root# set interfaces reth1 redundant-ether-options link-speed 1g  ←

{primary:node0}[edit]
root# set interfaces reth1 redundant-ether-options lacp active ←

{primary:node0}[edit]
root# set interfaces reth1 redundant-ether-options lacp periodic slow ←

{primary:node0}[edit]
root# set interfaces reth1 unit 0 family inet address 10.3.28.252/24

Interfaceの割当

root# set interfaces ge-0/0/2 gigether-options redundant-parent reth0

{primary:node0}[edit]
root# set interfaces ge-0/0/3 gigether-options redundant-parent reth0 ←

{primary:node0}[edit]
root# set interfaces ge-9/0/2 gigether-options redundant-parent reth0

{primary:node0}[edit]
root# set interfaces ge-9/0/3 gigether-options redundant-parent reth0 ←

{primary:node0}[edit]
root#

{primary:node0}[edit]
root# set interfaces ge-0/0/4 gigether-options redundant-parent reth1

{primary:node0}[edit]
root# set interfaces ge-0/0/5 gigether-options redundant-parent reth1 ←

{primary:node0}[edit]
root# set interfaces ge-1/0/4 gigether-options redundant-parent reth1

{primary:node0}[edit]
root# set interfaces ge-1/0/5 gigether-options redundant-parent reth1 ←

セキュリティゾーンの設定

root# set security zones security-zone UNTRUST interfaces reth0.0

{primary:node0}[edit]
root# set security zones security-zone TRUST interfaces reth1.0

commit

root# commit and-quit