Knowledge Base
Search our Knowledge Base sites to find answers to your questions.
Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles[SRX] How to configure Ethernet switching in chassis cluster mode
Solution:
Understanding Layer 2 Ethernet Switching Capability in Chassis Cluster on SRX-Branch
Ethernet ports support various Layer 2 features such as Spanning Tree Protocols (xSTP), DOT1X, Link Aggregation (LAG), Internet Group Membership Protocol (IGMP), GARP, VLAN Registration Protocol (GVRP), Link Layer Discovery Protocol (LLDP), and snooping. The enhanced feature extends Layer 2 switching capability to devices in a chassis cluster.
This feature allows users to use Ethernet switching features on both nodes of a chassis cluster. The Ethernet ports on either of the nodes can be configured for family Ethernet switching. Users can configure a Layer 2 VLAN domain with member ports from both of the nodes and the Layer 2 switching protocols on both of the devices. To ensure that Layer 2 switching works seamlessly across chassis cluster nodes, a dedicated physical link connecting the nodes is required. This type of link is called a switching fabric interface (swfab). Its function is to transmit Layer 2 traffic between the nodes.
Note:
-
Configuring a LAG with family ethernet switching is not supported.
-
Configuring a Reth with family ethernet switching is not supported. This is only supported in Transparent mode.
-
Behavior of the nodes may be unpredictable, if the Ethernet switching-related features are configured before configuring the swfab interface on both the nodes.
When chassis cluster failover occurs, a new primary node is elected and the Ethernet Switching Daemon (ESWD) runs in a different node. During failover, chassis control subsystem is restarted, and the traffic outage occurs until the PICs are up and the VLAN entries are re-programmed. After fail over, all Layer 2 protocols re-converge, because Layer 2 protocols states are not maintained in the secondary node.
Note: The Ethernet-switching subsystem runs only in the primary node.
The physical link used as the switch fabric members must be directly connected. Switching supported ports must be used for swfab interfaces. For SRX650, the swfab member ports must belong to the same GPIM. Members spanning across multiple GPIMs are not supported. New pseudo interfaces - swfab0 and swfab1 are created for Layer 2 fabric functionality. Users need to configure dedicated Ethernet ports on each side of the node to be associated with the swfab interface.
To configure swfab interfaces:
-
Configure swfab0 and swfab1 to associate switch fabric interfaces to enable switching across the nodes.
Note: swfab0 corresponds to node 0 and swfab1 corresponds to node 1.
Sample configuration on SRX650
ge-0/0/0, ge-9/0/0 are fxp0 (out-of-band management) ge-0/0/1,ge-9/0/1 are fxp1 (control link) ge-0/0/2, ge-9/0/2 are fab links and ge-2/0/5 and ge-11/0/5 are swfab members. ge-2/0/0,ge-11/0/0 are part of VLAN A and ge-2/0/1,ge-11/0/1 are part of VLAN B
CLI Configuration
interfaces {
ge-2/0/0 {
unit 0 {
family ethernet-switching {
vlan {
members A;
}
}
}
}
ge-2/0/1 {
unit 0 {
family ethernet-switching {
vlan {
members B;
}
}
}
}
ge-11/0/0 {
unit 0 {
family ethernet-switching {
vlan {
members A;
}
}
}
}
ge-11/0/1 {
unit 0 {
family ethernet-switching {
vlan {
members B;
}
}
}
}
fab0 {
fabric-options {
member-interfaces {
ge-0/0/2;
}
}
}
fab1 {
fabric-options {
member-interfaces {
ge-9/0/2;
}
}
}
swfab0 {
fabric-options {
member-interfaces {
ge-2/0/5;
}
}
}
swfab1 {
fabric-options {
member-interfaces {
ge-11/0/5;
}
}
}
}
vlans {
A {
vlan-id 100;
}
B {
vlan-id 200;
}
}
Verification
-
Use
show chassis cluster ethernet-switching interfacescommand to view the appropriate member interfaces.
{primary:node1}[edit]
root@SRX-650# run show chassis cluster ethernet-switching interfaces
swfab0:
Name Status
ge-2/0/5 up
swfab1:
Name Status
ge-11/0/5 up
-
Use
show chassis cluster ethernet-switching statusto display chassis cluster Ethernet switching status (probe status and switching domain).
{primary:node1}[edit]
root@SRX-650# run show chassis cluster ethernet-switching status
Cluster ID: 1
Node Priority Status Preempt Manual failover
Redundancy group: 0 , Failover count: 0
node0 100 primary no no
node1 1 secondary no no
Redundancy group: 1 , Failover count: 0
node0 100 primary no no
node1 1 secondary no no
Ethernet switching status:
Probe state is UP. Both nodes are in single Ethernet switching domain(s). If proper interface for swfab purpose (such as on-board interfaces on SRX650), and Ethernet-switching is not used, the status is displayed as Probe state is DOWN. Both nodes are in separate Ethernet switching domain(s).
-
Use
show chassis cluster ethernet-switching statisticsto display chassis cluster switch fabric probe statistics.
{primary:node1}[edit]
root@SRX-650# run show chassis cluster ethernet-switching statistics
Switch fabric link statistics:
Probe state : UP
Probes sent: 1866
Probes received: 1871
Probe recv errors: 0
Probe send errors: 0
Technical Documentation
For additional information and examples, refer to the Technical Documentation, Ethernet Switching on Chassis Cluster
Note: Layer3 routing from L2 ethernet-switching network via L3-interface Vlan.X in chassis cluster deployment is supported as of Junos OS 12.1X44-D20, 12.1X45-D10 and higher versions.
Getting Up and Running with Junos
Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search