Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[SRX] Example: Simulating control-link failure on the SRX chassis cluster

0

0

Article ID: KB32377 KB Last Updated: 23 May 2018Version: 1.0
Summary:

Sometimes, there may be a need to perform control-link failure for testing purposes. Instead of manually disabling the control ports for testing and bringing the interfaces down, this article provides an example of how a control-link failure can be simulated on the SRX chassis cluster (SRX5400, SRX5600, and SRX5800).

Symptoms:

Control links on SRX5400, SRX5600, and SRX5800 devices are set up by connecting and configuring the control ports on each SPC card.

For example, to configure control ports for use as control links in a chassis cluster on each node separately:

set chassis cluster control-ports fpc 0 port 0
set chassis cluster control-ports fpc 12 port 0
commit

Often, however, these control ports are manually disabled in configuration mode to simulate control-link failure for testing.

Note: These control ports are often referred to as the em0/em1 interfaces in documentation.

{primary:node0}[edit]
root@FW-cluster-100# set interfaces em0 disable

{primary:node0}
root@FW-cluster-100>
Message from syslogd@FW-cluster-100 at Nov 15 13:08:24  ...
FW-cluster-100 node0.fpc7 CMLC: Going disconnected; Routing engine chassis socket closed abruptly
Message from syslogd@FW-cluster-100 at Nov 15 13:08:24  ...
FW-cluster-100 node0.fpc2 CMLC: Going disconnected; Routing engine chassis socket closed abruptly
Message from syslogd@FW-cluster-100 at Nov 15 13:08:24  ...
FW-cluster-100 node0.fpc0 CMLC: Going disconnected; Routing engine chassis socket closed abruptly
Message from syslogd@FW-cluster-100 at Nov 15 13:08:24  ...
FW-cluster-100 node0.fpc1 CMLC: Going disconnected; Routing engine chassis socket closed abruptly
Message from syslogd@FW-cluster-100 at Nov 15 13:08:25  ...
FW-cluster-100 node0.fpc7 RDP: Remote side closed connection: rdp.(fpc7:49161).(primaryRouter:pfe)

{primary:node0}
root@FW-cluster-100> show chassis cluster status
Monitor Failure codes:
    CS  Cold Sync monitoring        FL  Fabric Connection monitoring
    GR  GRES monitoring             HW  Hardware monitoring
    IF  Interface monitoring        IP  IP monitoring
    LB  Loopback monitoring         MB  Mbuf monitoring
    NH  Nexthop monitoring          NP  NPC monitoring
    SP  SPU monitoring              SM  Schedule monitoring
    CF  Config Sync monitoring

Cluster ID: 1
Node   Priority Status         Preempt Manual   Monitor-failures

Redundancy group: 0 , Failover count: 1
node0  0        primary        no      no       IF
node1  0        secondary      no      no       IF


Redundancy group: 1 , Failover count: 1
node0  0        primary        no      no       IF SP CS HW
node1  0        secondary      no      no       IF SP CS HW



{primary:node0}
root@FW-cluster-100> show chassis cluster interfaces
Control link status: Up

Control interfaces:
    Index   Interface   Monitored-Status   Internal-SA
    0       em0         Up                 Disabled
    1       em1         Up                 Disabled

Fabric link status: Down

Fabric interfaces:
    Name    Child-interface    Status
                               (Physical/Monitored)
    fab0    xe-6/3/0           Down / Down
    fab0
    fab1
    fab1

Redundant-ethernet Information:
    Name         Status      Redundancy-group
    reth0        Down        1
    reth1        Down        1
    reth2        Down        Not configured
    reth3        Down        Not configured
    reth4        Down        Not configured
    reth5        Down        Not configured
    reth6        Down        Not configured
    reth7        Down        Not configured
    reth8        Down        Not configured
    reth9        Down        Not configured
    reth10       Down        Not configured
    reth11       Down        Not configured

Redundant-pseudo-interface Information:
    Name         Status      Redundancy-group
    lo0          Up          0

Interface Monitoring:
    Interface         Weight    Status    Redundancy-group
    reth0             255       Down      0
    reth1             255       Down      0
    reth1             255       Down      1
    reth0             255       Down      1


When the disable command is executed, the priority of all RG0+ redundant-groups changes to 0 and all the interfaces go down.

Cause:

The em0/em1 interfaces should never be disabled. These interfaces are internal interfaces that are used for communication between the control plane (RE) and the data plane (PFEs). If these interfaces are disabled, there will be no communication between the control plane and the data plane and all interfaces will go into a disabled state.

Solution:

To simulate control-link failure on the SRX chassis cluster (SRX5400, SRX5600, and SRX5800), use one of the following options:

  1. Remove the cable for the control link at least on one side of the chassis.
  2. In configuration mode, configure another set of ports as control ports on both nodes on which no connection exists.

    • For example, if there is a cable connection between ports 0 of FPC 0 from both nodes, which are configured as control ports with the following command:
      set chassis cluster control-ports fpc 0 port 0
      set chassis cluster control-ports fpc 12 port 0
    • Then this part of the configuration must be removed by using the following command, leaving the cable connection still in place:
      delete chassis cluster control-ports fpc 0
      delete chassis cluster control-ports fpc 12
    • Following this, another set of ports must be configured as control ports for which there is no cable connection between the nodes:
set chassis cluster control-ports fpc 0 port 1
set chassis cluster control-ports fpc 12 port 1

Related Links

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search