Knowledge Center Search


 

How to configure Ethernet Switching in Chassis Cluster mode

  [KB21422] Show KB Properties

  [KB21422] Hide KB Properties

Categories:
Knowledge Base ID: KB21422
Last Updated: 12 Feb 2014
Version: 6.0

Summary:
This article provides information about Ethernet switching support in cluster mode for SRX -Branch devices.

Problem or Goal:
Supported platforms:
  • SRX240 & SRX 650 (Junos 11.1 or later)
  • SRX 210, SRX220 (Junos 11.2 or later)
  • SRX550 (Junos 12.1 or later)
With Junos 10.4 and below, if Chassis Clustering is enabled on an SRX device, ethernet-switching is not supported.  This article provides a configuration example.

Cause:

Solution:

Understanding Layer 2 Ethernet Switching Capability in Chassis Cluster on SRX-Branch

Ethernet ports support various Layer 2 features such as Spanning Tree Protocols (xSTP), DOT1X, Link Aggregation (LAG), Internet Group Membership Protocol (IGMP), GARP, VLAN Registration Protocol (GVRP), Link Layer Discovery Protocol (LLDP), and snooping. The enhanced feature extends Layer 2 switching capability to devices in a chassis cluster.

This feature allows users to use Ethernet switching features on both nodes of a chassis cluster. The Ethernet ports on either of the nodes can be configured for family Ethernet switching. Users can configure a Layer 2 VLAN domain with member ports from both of the nodes and the Layer 2 switching protocols on both of the devices. To ensure that Layer 2 switching works seamlessly across chassis cluster nodes, a dedicated physical link connecting the nodes is required. This type of link is called a switching fabric interface (swfab). Its function is to transmit Layer 2 traffic between the nodes.

Note:
  • Configuring a LAG with members across nodes is not supported.
  • Behavior of the nodes may be unpredictable, if the Ethernet switching-related features are configured before configuring the swfab interface on both the nodes.

When chassis cluster failover occurs, a new primary node is elected and the Ethernet Switching Daemon (ESWD) runs in a different node. During failover, chassis control subsystem is restarted, and the traffic outage occurs until the PICs are up and the VLAN entries are re-programmed. After fail over, all Layer 2 protocols re-converge, because Layer 2 protocols states are not maintained in the secondary node.

Note: The Ethernet-switching subsystem runs only in the primary node

The physical link used as the switch fabric members must be directly connected. Switching supported ports must be used for swfab interfaces. For SRX650, the swfab member
ports must belong to the same GPIM. Members spanning across multiple GPIMs are not supported. New pseudointerfaces -  swfab0 and swfab1 are created for Layer 2 fabric functionality. Users need to configure dedicated Ethernet ports on each side of the node to be associated with the swfab interface.

To configure swfab interfaces:
  • Configure swfab0 and swfab1 to associate switch fabric interfaces to enable switching across the nodes.
Note: swfab0 corresponds to node 0 and swfab1corresponds to node 1.

Sample configuration on SRX650




ge-0/0/0, ge-9/0/0 are fxp0 (out-of-band management)
ge-0/0/1,ge-9/0/1 are fxp1 (control link)
ge-0/0/2, ge-9/0/2 are fab links and ge-2/0/5 and ge-11/0/5 are swfab members.

ge-2/0/0,ge-11/0/0 are part of  VLAN  A and ge-2/0/1,ge-11/0/1 are part of  VLAN B



CLI Configuration

interfaces {
    ge-2/0/0 {
        unit 0 {
            family ethernet-switching {
                vlan {
                    members A;
                }
            }
        }
    }
    ge-2/0/1 {
        unit 0 {
            family ethernet-switching {
                vlan {
                    members B;
                }
            }
        }
    }
    ge-11/0/0 {
        unit 0 {
            family ethernet-switching {
                vlan {
                    members A;
                }
            }
        }
    }
    ge-11/0/1 {
        unit 0 {
            family ethernet-switching {
                vlan {
                    members B;
                }
            }
        }
    }
    fab0 {
        fabric-options {
            member-interfaces {
                ge-0/0/2;
            }
        }
    }
    fab1 {
        fabric-options {
            member-interfaces {
                ge-9/0/2;
            }
        }
    }
    swfab0 {
        fabric-options {
            member-interfaces {
                ge-2/0/5;
            }
        }
    }
    swfab1 {
        fabric-options {
            member-interfaces {
                ge-11/0/5;
            }
        }
    }
   
}

vlans {
    A {
        vlan-id 100;
    }
    B {
        vlan-id 200;
    }
}
Verification:

  1. Use show chassis cluster ethernet-switching interfaces command to view the appropriate member interfaces.
    {primary:node1}[edit]
    root@SRX-650# run show chassis cluster ethernet-switching interfaces 
    swfab0:
    
        Name               Status      
        ge-2/0/5           up         
    swfab1:
    
        Name               Status      
    
  2. ge-11/0/5 up Use show chassis cluster ethernet-switching status to display chassis cluster ethernet switching status (probe status and switching domain)
    {primary:node1}[edit]
    root@SRX-650# run show chassis cluster ethernet-switching status 
    Cluster ID: 1 
    Node                  Priority          Status    Preempt  Manual failover
    
    Redundancy group: 0 , Failover count: 0
        node0                   100         primary        no       no  
        node1                   1           secondary       no       no  
    
    Redundancy group: 1 , Failover count: 0
        node0                   100         primary        no       no  
        node1                   1           secondary       no       no  
    Ethernet switching status:
    

    Probe state is UP. Both nodes are in single Ethernet switching domain(s). If proper interface for swfab purpose (such as on-board interfaces on SRX650), and Ethernet-switching is not used, the status is displayed as Probe state is DOWN. Both nodes are in separate Ethernet switching domain(s).

  3. Use show chassis cluster ethernet-switching statistics to display chassis cluster switch fabric probe statistics
    {primary:node1}[edit]
    root@SRX-650# run show chassis cluster ethernet-switching statistics 
    
    Switch fabric link statistics:
        Probe state : UP
        Probes sent: 1866
        Probes received: 1871
        Probe recv errors: 0
        Probe send errors: 0
    


Technical Documentation:
For additional information and examples, refer to the Technical Documentation, Layer 2 Ethernet Switching Capability in Chassis Cluster Mode:
http://www.juniper.net/techpubs/en_US/junos11.2/information-products/topic-collections/security/software-all/security/index.html?topic-54874.html.

NOTE: Layer3 routing from L2 ethernet-switching network via L3-interface Vlan.X in chassis cluster deployment is supported as of Junos OS 12.1X44-D20, 12.1X45-D10 and higher versions.



Purpose:
Configuration
Implementation

Related Links:

 

 

ASK THE KB

Question or KB ID:


 


 

 
Copyright© 1999-2012 Juniper Networks, Inc. All rights reserved.