SRX Services Gateway
Highlighted
SRX Services Gateway

Remote Access and Crude ping availability of NODE1 when SRX345 and SRX1500 in HA Cluster

a month ago

Hi All,

 

I am keen to have our NMS systems carry out a crude check to ensure that NODE1 of an SRX cluster is responding to ICMP.

We gather all SNMP information via the loopback address that is operational over node0 and 1, however I find no easy way of alerting if node1 fails for example.

 

I just want to be able to introduce a remotely accessible address so that A) We can SSH to Node1 directly if needed from remote. B) We can get an ICMP response from Node1.

 

Is there a way to do this without have something connected into the FXP ports and using a second loopback for example that only Node1 can respond to?

 

I do not think this config is the answer to my issue.

 

set groups node0 system host-name SRX1500-HOSTNAME
set groups node0 system backup-router <Management-Gateway-IP>
set groups node0 system backup-router destination <Management Network>
set groups node0 interfaces fxp0 description MGMT
set groups node0 interfaces fxp0 unit 0 family inet address <Management IP>

set groups node1 system host-name SRX1500-HOSTNAME
set groups node1 system backup-router <Management-Gateway-IP>
set groups node1 system backup-router destination <Management Network>
set groups node1 interfaces fxp0 description MGMT
set groups node1 interfaces fxp0 unit 0 family inet address <Management IP>

set apply-groups "${node}"

 

1 REPLY 1
Highlighted
SRX Services Gateway

Re: Remote Access and Crude ping availability of NODE1 when SRX345 and SRX1500 in HA Cluster

[ Edited ]
a month ago

Hi Lee,

 

You need fxp0 interface on Node 1 in order to check the reachability/availability of Node 1.

 

As per the SRX cluster design, when the devices are brought into a cluster, the Routing Protocol Daemon will be active only on the Node where RG-0 is Active. So, the other node doesn't have any routing table populated. Hence, if you want to check the status of Node 1, you have only one option which is the Out-of-Band Management interface - fxp0.

 

The configuration which you have posted is the right one for your requirement. May I ask what is the problem in configuring fxp0 interface?

 

I hope this answers your query.



Thanks,
π00bm@$t€®.
Please, Mark My Solution Accepted if it Helped, Kudos are Appreciated too!!!
Feedback