SRX Chassis Cluster with Redundant LACP LAG trunk
Ok here is the config Example, we will be configuring a SRX240 Chassis Cluster to have a reth1 LAG of 2G using LACP.
on the srx first set the members, you can do this on each interface but I link smaller configs and use interface-range a lot.
interface-range reth1-members
member ge-0/0/10;
member ge-0/0/11;
member ge-5/0/10;
member ge-5/0/11;
gigether-options {
redundant-parent reth1;
}
as always here is the set version
set interfaces interface-range reth1-members member ge-0/0/10
set interfaces interface-range reth1-members member ge-0/0/11
set interfaces interface-range reth1-members member ge-5/0/10
set interfaces interface-range reth1-members member ge-5/0/11
set interfaces interface-range reth1-members gigether-options redundant-parent reth10
now configure the reth1 interface
reth1
description Trunk_4_SWT01-;
redundant-ether-options {
redundancy-group 1;
link-speed 1g;
minimum-links 1;
lacp {
active;
periodic fast;
}
}
unit 0 {
family inet {
address 192.168.51.254/24;
}
}
OK were all done on the SRX until test time, now for the EX Switch Side remember we need two different LACP on the switch to match the two SUB LAG LACP trunks on the SRX, I am using ase4 and ae5
ae4 members
interface-range ae4-members
member ge-0/0/21;
member ge-2/0/21;
ether-options {
802.3ad ae4;
}
set interfaces interface-range ae4-members member ge-0/0/21
set interfaces interface-range ae4-members member ge-2/0/21
set interfaces interface-range ae4-members ether-options 802.3ad ae4
ae4 interface
ae4
description Trunk_4_FW01-Node0;
aggregated-ether-options {
minimum-links 1;
link-speed 1g;
lacp {
active;
periodic fast;
}
}
unit 0 {
description FW01;
family ethernet-switching;
}
set interfaces ae4 description Trunk_4_FW01-Node0
set interfaces ae4 aggregated-ether-options minimum-links 1
set interfaces ae4 aggregated-ether-options link-speed 1g
set interfaces ae4 aggregated-ether-options lacp active
set interfaces ae4 aggregated-ether-options lacp periodic fast
set interfaces ae4 unit 0 description FW01
set interfaces ae4 unit 0 family ethernet-switching
ae5 members
interface-range ae5-members
member ge-1/0/21;
member ge-3/0/21;
ether-options {
802.3ad ae5;
}
set interfaces interface-range ae5-members member ge-1/0/21
set interfaces interface-range ae5-members member ge-3/0/21
set interfaces interface-range ae5-members ether-options 802.3ad ae5
ae5 interface
ae5
description Trunk_4_FW01-Node1;
aggregated-ether-options {
minimum-links 1;
link-speed 1g;
lacp {
active;
periodic fast;
}
}
unit 0 {
description FW01;
family ethernet-switching;
}
set interfaces ae5 description Trunk_4_FW01-Node1
set interfaces ae5 aggregated-ether-options minimum-links 1
set interfaces ae5 aggregated-ether-options link-speed 1g
set interfaces ae5 aggregated-ether-options lacp active
set interfaces ae5 aggregated-ether-options lacp periodic fast
set interfaces ae5 unit 0 description FW01
set interfaces ae5 unit 0 family ethernet-switching
OK now the cabling,
SRX-Node0-ge-0/0/10 to EXSwitch-member0-ge-0/0/21
SRX-Node1-ge-5/0/10 to EXSwitch-member0-ge-1/0/21
SRX-Node0-ge-0/0/11 to EXSwitch-member0-ge-2/0/21
SRX-Node1-ge-5/0/11 to EXSwitch-member0-ge-3/0/21
Now let check and see how we did
Switch ae4
>show interfaces ae4 detail
Physical interface: ae4, Enabled, Physical link is Up
Interface index: 132, SNMP ifIndex: 606, Generation: 135
Description: Trunk_4_FW01-Main
Link-level type: Ethernet, MTU: 1514, Speed: 2Gbps, BPDU Error: None, MAC-REWRITE Error: None, Loopback: Disabled, Source filtering: Disabled, Flow control: Disabled,
Minimum links needed: 1, Minimum bandwidth needed: 0
Device flags : Present Running
Interface flags: SNMP-Traps Internal: 0x0
Current address: 00:1f:12:31:56:87, Hardware address: 00:1f:12:31:56:87
Last flapped : 2013-08-04 15:34:55 EDT (00:04:46 ago)
Statistics last cleared: Never
Traffic statistics:
Input bytes : 9282502 2048 bps
Output bytes : 505549141 2048 bps
Input packets: 36169 2 pps
Output packets: 3936096 2 pps
IPv6 transit statistics:
Input bytes : 0
Output bytes : 0
Input packets: 0
Output packets: 0
Logical interface ae4.0 (Index 133) (SNMP ifIndex 788) (Generation 251)
Description: FW01
Flags: SNMP-Traps 0x0 Encapsulation: ENET2
Statistics Packets pps Bytes bps
Bundle:
Input : 0 0 0 0
Output: 0 0 0 0
Link:
ge-0/0/21.0
ge-2/0/21.0
LACP info: Role System System Port Port Port
priority identifier priority number key
ge-0/0/21.0 Actor 127 00:1f:12:31:56:80 127 15 5
ge-0/0/21.0 Partner 127 00:10:db:ff:70:00 127 23 130
ge-2/0/21.0 Actor 127 00:1f:12:31:56:80 127 17 5
ge-2/0/21.0 Partner 127 00:10:db:ff:70:00 127 24 130
LACP Statistics: LACP Rx LACP Tx Unknown Rx Illegal Rx
ge-0/0/21.0 291 444 0 0
ge-2/0/21.0 295 445 0 0
Marker Statistics: Marker Rx Resp Tx Unknown Rx Illegal Rx
ge-0/0/21.0 0 0 0 0
ge-2/0/21.0 0 0 0 0
Protocol eth-switch, Generation: 281, Route table: 0
Flags: None
Switch ae5
>show interfaces ae5 detail
Physical interface: ae5, Enabled, Physical link is Up
Interface index: 133, SNMP ifIndex: 607, Generation: 136
Description: Trunk_4_FW01-Main
Link-level type: Ethernet, MTU: 1514, Speed: 2Gbps, BPDU Error: None, MAC-REWRITE Error: None, Loopback: Disabled, Source filtering: Disabled, Flow control: Disabled,
Minimum links needed: 1, Minimum bandwidth needed: 0
Device flags : Present Running
Interface flags: SNMP-Traps Internal: 0x0
Current address: 00:1f:12:31:56:88, Hardware address: 00:1f:12:31:56:88
Last flapped : 2013-08-04 15:34:55 EDT (00:06:10 ago)
Statistics last cleared: Never
Traffic statistics:
Input bytes : 101462 3608 bps
Output bytes : 6447381 2560 bps
Input packets: 778 3 pps
Output packets: 45906 3 pps
IPv6 transit statistics:
Input bytes : 0
Output bytes : 0
Input packets: 0
Output packets: 0
Logical interface ae5.0 (Index 136) (SNMP ifIndex 790) (Generation 254)
Description: FW01
Flags: SNMP-Traps 0x0 Encapsulation: ENET2
Statistics Packets pps Bytes bps
Bundle:
Input : 0 0 0 0
Output: 0 0 0 0
Link:
ge-1/0/21.0
ge-3/0/21.0
LACP info: Role System System Port Port Port
priority identifier priority number key
ge-1/0/21.0 Actor 127 00:1f:12:31:56:80 127 16 6
ge-1/0/21.0 Partner 127 00:10:db:ff:70:00 127 25 130
ge-3/0/21.0 Actor 127 00:1f:12:31:56:80 127 18 6
ge-3/0/21.0 Partner 127 00:10:db:ff:70:00 127 26 130
LACP Statistics: LACP Rx LACP Tx Unknown Rx Illegal Rx
ge-1/0/21.0 350 502 0 0
ge-3/0/21.0 351 502 0 0
Marker Statistics: Marker Rx Resp Tx Unknown Rx Illegal Rx
ge-1/0/21.0 0 0 0 0
ge-3/0/21.0 0 0 0 0
Protocol eth-switch, Generation: 284, Route table: 0
Flags: None
SRX reth1
> show interfaces reth1 detail
Physical interface: reth1, Enabled, Physical link is Up
Interface index: 129, SNMP ifIndex: 571, Generation: 132
Description: Trunk_4_SWT01-
Link-level type: Ethernet, MTU: 1514, Speed: 2Gbps, BPDU Error: None, MAC-REWRITE Error: None, Loopback: Disabled, Source filtering: Disabled, Flow control: Disabled,
Minimum links needed: 1, Minimum bandwidth needed: 0
Device flags : Present Running
Interface flags: SNMP-Traps Internal: 0x0
Current address: 00:10:db:ff:70:01, Hardware address: 00:10:db:ff:70:01
Last flapped : 2013-08-04 19:34:56 UTC (00:06:51 ago)
Statistics last cleared: Never
Traffic statistics:
Input bytes : 207204 3936 bps
Output bytes : 218116 3952 bps
Input packets: 1671 0 pps
Output packets: 1727 2 pps
Ingress queues: 8 supported, 4 in use
Queue counters: Queued packets Transmitted packets Dropped packets
0 best-effort 0 0 0
1 expedited-fo 0 0 0
2 assured-forw 0 0 0
3 network-cont 0 0 0
Egress queues: 8 supported, 4 in use
Queue counters: Queued packets Transmitted packets Dropped packets
0 best-effort 4 4 0
1 expedited-fo 0 0 0
2 assured-forw 0 0 0
3 network-cont 1727 1727 0
Queue number: Mapped forwarding classes
0 best-effort
1 expedited-forwarding
2 assured-forwarding
3 network-control
Logical interface reth1.0 (Index 98) (SNMP ifIndex 622) (Generation 165)
Flags: SNMP-Traps 0x0 Encapsulation: ENET2
Statistics Packets pps Bytes bps
Bundle:
Input : 0 0 0 0
Output: 0 0 0 0
Link:
ge-0/0/10.0
Input : 0 0 0 0
Output: 17 0 3107 0
ge-0/0/11.0
Input : 0 0 0 0
Output: 17 0 3107 0
ge-5/0/10.0
Input : 0 0 0 0
Output: 17 0 3139 0
ge-5/0/11.0
Input : 0 0 0 0
Output: 18 0 3328 0
LACP info: Role System System Port Port Port
priority identifier priority number key
ge-0/0/10.0 Actor 127 00:10:db:ff:70:00 127 23 2
ge-0/0/10.0 Partner 127 00:1f:12:31:56:80 127 15 5
ge-0/0/11.0 Actor 127 00:10:db:ff:70:00 127 24 2
ge-0/0/11.0 Partner 127 00:1f:12:31:56:80 127 17 5
ge-5/0/10.0 Actor 127 00:10:db:ff:70:00 127 25 2
ge-5/0/10.0 Partner 127 00:1f:12:31:56:80 127 16 6
ge-5/0/11.0 Actor 127 00:10:db:ff:70:00 127 26 2
ge-5/0/11.0 Partner 127 00:1f:12:31:56:80 127 18 6
LACP Statistics: LACP Rx LACP Tx Unknown Rx Illegal Rx
ge-0/0/10.0 418 416 0 0
ge-0/0/11.0 419 420 0 0
ge-5/0/10.0 419 417 0 0
ge-5/0/11.0 419 417 0 0
Marker Statistics: Marker Rx Resp Tx Unknown Rx Illegal Rx
ge-0/0/10.0 0 0 0 0
ge-0/0/11.0 0 0 0 0
ge-5/0/10.0 0 0 0 0
ge-5/0/11.0 0 0 0 0
Security: Zone: Null
Flow Statistics :
Flow Input statistics :
Self packets : 0
ICMP packets : 0
VPN packets : 0
Multicast packets : 0
Bytes permitted by policy : 0
Connections established : 0
Flow Output statistics:
Multicast packets : 0
Bytes permitted by policy : 0
Flow error statistics (Packets dropped due to):
Address spoofing: 0
Authentication failed: 0
Incoming NAT errors: 0
Invalid zone received packet: 0
Multiple user authentications: 0
Multiple incoming NAT: 0
No parent for a gate: 0
No one interested in self packets: 0
No minor session: 0
No more sessions: 0
No NAT gate: 0
No route present: 0
No SA for incoming SPI: 0
No tunnel found: 0
No session for a gate: 0
No zone or NULL zone binding 0
Policy denied: 0
Security association not active: 0
TCP sequence number out of window: 0
Syn-attack protection: 0
User authentication errors: 0
Protocol inet, MTU: 1500, Generation: 178, Route table: 0
Flags: Sendbcast-pkt-to-re
Addresses, Flags: Is-Preferred Is-Primary
Destination: 192.168.51/24, Local: 192.168.51.254, Broadcast: 192.168.51.255, Generation: 177
And there you have it a 2 node SRX240H connected to a 4 member EX4200
Virtual Chassis. All up and running at 2Gbps LACP trunk form the SRX
to the Switch.
Note on the Switch configuration I omitted the vlan portion of the configuration and I assume you can handle that part AOK.
Fonte: http://juniperguru.wordpress.com/2013/08/04/srx-chassis-cluster-with-redundant-lacp-lag-trunk/
