Setup SRX1400 in cluster over layer2 switching network

Posted on February 28, 2012 by Onno

2. Configuring the switchports for the fabric, control links and the 2 Gbps traffic links

One thing your need to be aware of, and I didn’t find it in the documentation, is that where the fabric links can be in one single VLAN, the two control links need to be in their own VLAN! When you fail to do so, your cluster will initially start, but then fail.

I’ve set up 5 VLAN’s:
vlan100 = Untrust
vlan200 = Trust
vlan300 = Fabric
vlan301 = Control link 1
vlan302 = Control link 2

Then for the untrust and trust aggregated links I’ve used:
ae1, untrust node0
ae2, trust node0
ae3, untrust node1
ae4, trust node1

The fabric ports require jumbo frames, so we set the maximum MTU of 9216 on those ports. NOTE! Disable any other security feature like RSTP, Stormcontrol and igmp-snooping on the ports used by the control links. Just to be sure I also recommend to disable these features on the fabric ports.

Below you’ll see the example EX4200 port configurations for the mentioned switchports.

Fabric:
{master:0}
root@labswitch1> show configuration interfaces ge-0/0/1
mtu 9216;
unit 0 {
    family ethernet-switching {
        port-mode access;
        vlan {
            members vlan300;
        }
    }
}

{master:0}
root@labswitch1> show configuration interfaces ge-0/0/2
mtu 9216;
unit 0 {
    family ethernet-switching {
        port-mode access;
        vlan {
            members vlan300;
        }
    }
}
Control1:
{master:0}
root@labswitch1> show configuration interfaces ge-0/0/3
unit 0 {
    family ethernet-switching {
        port-mode access;
        vlan {
            members vlan301;
        }
    }
}
Control2:
{master:0}
root@labswitch1> show configuration interfaces ge-0/0/4
unit 0 {
    family ethernet-switching {
        port-mode access;
        vlan {
            members vlan302;
        }
    }
}
Untrust node0/1:
{master:0}
root@labswitch1> show configuration interfaces ae1
description "node0 Untrust";
unit 0 {
    family ethernet-switching {
        port-mode trunk;
        vlan {
            members vlan100;
        }
    }
}

{master:0}
root@labswitch1> show configuration interfaces ae2
description "node1 Untrust";
unit 0 {
    family ethernet-switching {
        port-mode trunk;
        vlan {
            members vlan100;
        }
    }
}
Trust node0/1:
{master:0}
root@labswitch1> show configuration interfaces ae3
description "node0 Trust";
unit 0 {
    family ethernet-switching {
        port-mode trunk;
        vlan {
            members vlan200;
        }
    }
}

{master:0}
root@labswitch1> show configuration interfaces ae4
description "node1 trust";
unit 0 {
    family ethernet-switching {
        port-mode trunk;
        vlan {
            members vlan200;
        }
    }
}

Having the switch connections set up properly, we continue configuring the cluster itself.

Pages: 1 2 3 4 5
This entry was posted in How To, Juniper and tagged , , , , , , , , , , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *