Configure Chassis Cluster (High Availability) on a SRX650 device

Summary:

This article describes the basic setup of a Chassis Cluster (High Availability), also known as JSRP, on a SRX650 device.

Problem or Goal:

Configure SRX650 devices as a Chassis Cluster.

The following topology will be used for the configuration:



For other SRX devices, refer to the following articles:

SRX100	KB15669
SRX210	KB15505
SRX220	KB21312
SRX240	KB15504
SRX1400	TN10
SRX3000 series	TN10
SRX5000 series	TN10

Solution:

This section contains the following:

• Configuration
• Technical_Documentation
• Verification
• Troubleshooting

Configuration

The following are the basic steps required for configuring a Chassis Cluster on SRX650 devices. It is best to use a console connection to the SRX devices when following these steps.


Physically connect the two devices, making sure they are the same models. On the SRX 650 device, connect ge-0/0/1 on device A to ge-0/0/1 on device B. The ge-0/0/1 interface on device B will change to ge-9/0/1 after clustering happens.

For connecting the devices, it is helpful to know that after step2, the following will interface assignments will occur:

• ge-0/0/0 will be used as fxp0 for individual management of each of the devices
• ge-0/0/1 will become fxp1 and used as the control link between the two devices (This is also documented in KB15356.)
• The other interfaces are also renamed on the secondary device. For example, on a SRX 650 device, the ge-0/0/0 interface is renamed to ge-9/0/0 on the secondary node 1. Refer to the complete mapping for each SRX Series device: Node Interfaces on Active SRX Series Chassis Clusters.

Important:
The interfaces used for the control link, in this example ge-0/0/1, must be connected with a cable. A switch cannot be used for the control link connection.
Also, you will need to decide on a third link to connect the devices, which will be used for the fabric link between the devices. This can be ge-0/0/2 or any other open port either onboard or on a gPIM.

Set the devices into cluster mode with the following command and reboot the devices. Note that this is an operational mode and not a configure mode command.

> set chassis cluster cluster-id <0-15> node <0-1> reboot

For example:

On device A: >set chassis cluster cluster-id 1 node 0 reboot
On device B: >set chassis cluster cluster-id 1 node 1 reboot

• Cluster id will be the same on both devices, but the node id should be different as one device is node0 the other device is node1
• This command will need to be done on both devices
• The range for the cluster-id is 0-15. Setting it to 0 is the equivalent of disabling cluster mode.

After the reboot, note how the ge-0/0/0 and ge-0/0/1 interfaces are re-purposed to fxp0 and fxp1 respectively.

NOTE: The following steps 3- 8 can all be performed on the primary device (Device A), and they will be automatically copied over to the secondary device (Device B) when a commit is done.

Set up the device specific configurations such as host names and management IP addresses, this is specific to each device and is the only part of the configuration that is unique to its specific node. This is done by entering the following commands (all on the primary node):

On device A:
{primary:node0}
# set group node0 system host-name -Device A's host name
# set group node0 interfaces fxp0 unit 0 family inet address -Device A's management IP address on fxp0 interface
# set group node1 system host-name -Device B's host name
# set group node1 interfaces fxp0 unit 0 family inet address - Set this command is set so that the individual configs for each node set by the above commands is applied only to that node. (required)



Create FAB links (data plane links for RTO sync, etc).

On device A:
{primary:node0}
# set interfaces fab0 fabric-options member-interfaces ge-0/0/2 -fab0 is node0 (Device A) interface for the data link
# set interfaces fab1 fabric-options member-interfaces ge-9/0/2 -fab1 is node1 (Device B) interface for the data link


Set up the Redundancy Group 0 for the Routing Engine failover properties. Also setup Redundancy Group 1 (all the interfaces will be in one Redundancy Group in this example) to define the failover properties for the Reth interfaces.

Note: If you want to use multiple Redundancy Groups for the interfaces, refer to the Security Configuration Guide.

{primary:node0}
# set chassis cluster redundancy-group 0 node 0 priority 100
# set chassis cluster redundancy-group 0 node 1 priority 1
# set chassis cluster redundancy-group 1 node 0 priority 100
# set chassis cluster redundancy-group 1 node 1 priority 1


Set up the Interface monitoring. Monitoring the health of the interfaces is one way to trigger Redundancy group failover. Note: interface monitoring is not recommended for redundancy-group 0.

On device A:
{primary:node0}
# set chassis cluster redundancy-group 1 interface-monitor ge-1/0/0 weight 255
# set chassis cluster redundancy-group 1 interface-monitor ge-10/0/0 weight 255
# set chassis cluster redundancy-group 1 interface-monitor ge-1/0/1 weight 255
# set chassis cluster redundancy-group 1 interface-monitor ge-10/0/1 weight 255


Setup the Redundant Ethernet interfaces (Reth interface) and assign the Redundant interface to a zone. Make sure that you setup your max number of redundant interfaces as follows:

On device A:
{primary:node0}
# set chassis cluster reth-count
# set interfaces gigether-options redundant-parent reth0 -for first interface in the group (on Device A)
# set interfaces gigether-options redundant-parent reth0 -for second interface in the group (on Device B)
# set interfaces reth0 redundant-ether-options redundancy-group -set up redundancy group for interfaces
# set interfaces reth0.0 family inet address
# set security zones security-zone interfaces reth0.0


For example:

On device A:
{primary:node0}
# set chassis cluster reth-count 2
# set interfaces ge-1/0/0 gigether-options redundant-parent reth1 -for first interface in the group (on Device A)
# set interfaces ge-10/0/0 gigether-options redundant-parent reth1 -for second interface in the group (on Device B)
# set interfaces reth1 redundant-ether-options redundancy-group 1 -set up redundancy group for interfaces
# set interfaces reth1 unit 0 family inet address 1.2.0.233/24
# set interfaces ge-1/0/1 gigether-options redundant-parent reth0 -for first interface in the group (on Device A)
# set interfaces ge-10/0/1 gigether-options redundant-parent reth0 -for second interface in the group (on Device B)
# set interfaces reth0 redundant-ether-options redundancy-group 1 -set up redundancy group for interfaces
# set interfaces reth0 unit 0 family inet address 10.16.8.1/24
# set security zones security-zone untrust interfaces reth1.0
# set security zones security-zone trust interfaces reth0.0


Commit and changes will be copied over to the Secondary Node, Device B.

On device A:
{primary:node0}
# commit


This will prepare the basic clustering setting for both the devices.

TIP: If you want to manage this cluster via NSM, refer to KB20795.

Technical Documentation

Junos Security Configuration Guide

• HTML - Chassis Cluster
• PDF - Part 11 - Chassis Cluster

Verification

You can check the cluster status with the following commands.

show chassis cluster status
show chassis cluster interfaces
show chassis cluster statistics
show chassis cluster control-plane statistics
show chassis cluster data-plane statistics
show chassis cluster status redundancy-group 2

Refer to the Junos Security Configuration Guide for what these commands mean:

• HTML - Verifying the Chassis Cluster Configuration

Troubleshooting

• Resolution Guide - SRX Chassis Cluster

Purpose:

Configuration

Related Links:

User ID Password

• Login assistance

ASK THE KB

Question or KB ID:

RELATED TOPICS

• Install Search Engine PlugIn
• Submit a Support Case
• KB Feedback

Google mail or Google chat Remote logout feature

Most of the people will use Gmail, because it's simple and easy to access chat & mails in one place. Sometimes we login at work place or internet café, if you feel someone is accessing your mailbox, you can check using Account activity feature in Gmail.

Last account activity
Clicking the Details link next to the Last account activity line at the bottom of any Gmail page shows information about recent activity in your mail.

How to use this data
If you're concerned about unauthorized access to your mail, you'll be able to use this data to find out if and when someone gained access.

Your current IP address is displayed below the Recent activity table.

Concurrent sessions
If your mail is currently being accessed from another location, we'll list the other session(s) in the Concurrent session information table. This could mean that you simply have another browser window open with Gmail loaded, or that your home computer is logged in to Gmail while you're accessing your mail from work. If you're concerned about any concurrent access, you can sign out all sessions other than your current session by clicking Sign out all other sessions.

Browse BLOCKED websites with Opera Mini™ 4 beta simulator & other smart ways

Many Websites are blocked all over the world using Web Filters. Here with this article I am proving some tips and trips to overcome blocked or Banned sites.

1. Try using some smart Websites
   
1. SurfGator (http://www.surfgator.info)
   
   
   

   

2. Mowser (http://mowser.com)
   

   

3. Bitty (http://www.bitty.com/) With this web site, they inbuilt one mini browser it will help you
   
4. Try Google mobile search (http://google.com/gwt/n)
   
   
5. ikuphi (http://www.ikuphi.com)
   
   
   

   ikuphi.com is a free anonymous web based proxy service. With ikuphi.com Proxy you can browse your favorite web sites anonymously and even from behind a firewall with blocked ports. Whether you're on the job, at school or college university, a public terminal, or anywhere else with a web browser, you can use ikuphi.com Proxy to view your favorite web sites!
   
   Your privacy is obviously important to you, and ikuphi.com Proxy ensures your privacy by letting you browse the Web as an anonymous user. Web sites often track, log, and analyze your IP address, geographical information, web browser, and other personal information.ikuphi.com Proxy makes your browsing experience totally anonymous by hiding information such as your IP address from web servers.
   

   
   
   

   
   6. Ghost Surf
   Invisibility on the Internet By surfing the Web you are exposed to hackers, bombarded by advertisements and subjected to spyware. Everything you do and download online can be watched. Hackers, Webmasters, other users of your computer and even your boss can see your surfing habits. Your personal and credit card information is readily available. Anti-virus and firewall applications don't solve these problems. GhostSurf Platinum is the answer. GhostSurf Platinum protects your privacy and prevents Internet pests from spoiling your online experience. GhostSurf ensures your safety online by providing an anonymous. you can download using below link http://download.tenebril.com/pub/bin/ghostsurf-trial.exe
   

7. PHProxy (http://www.phproxy.com/)

8. Copy and Paste this link into the browser and try http://google.com/gwt/n

Microsoft's New HD Photo Format Could Be JPEG Killer

Microsoft hopes its new digital-photo file format will one day replace the widely used JPEG format as the industry standard for electronic photography and digital imaging.

Microsoft on Tuesday said an international standards body has agreed to vote on whether to accept the company's new digital-photo file format as a standard, which Microsoft hopes will one day replace the widely used JPEG format as the industry standard for electronic photography and digital imaging.

The Joint Photographic Expert Group has agreed to submit formal balloting of HD Photo to JPEG's national delegations for approval by the fall. The tentative name for the spec is JPEG XR.

Expected to help Microsoft's cause is the fact that the company is making the technology available without charge. "Microsoft's royalty-free commitment will help the JPEG committee foster widespread adoption of the specification and help ensure that it can be implemented by the widest possible audience," JPEG said in a statement.

Microsoft claims the new file format would enable digital photographers and editors to capture and transmit higher quality images at half the size of photos created in today's JPEG standard. The company also claims HD Photo produces fewer unwanted visual artifacts and offers lossless data compression, which means no visual information is lost when the file is shrunk and then recreated to its original size.

The current JPEG standard has been around for 20 years and is used by photographers at major news organizations such as the Associated Press. It's also found in image editing programs, including those built by Adobe Systems, and is supported in digital cameras and printers.

Microsoft has already released HD Photo in the market through its own products. The file format is natively supported by its new Windows Vista operating system and in .Net Framework 3.0. HD Photo is also supported by Apple's Mac OS X operating system.

In trying to drive the technology further into the market, Microsoft has developed a plug-in that adds HD Photo support to Adobe's popular Photoshop editing program.

The format is supported on various Microsoft products as well as Apple's Mac OS X operating system.

Microsoft SharedView - an excellent gift from Bill Gates uncle

Recently, Microsoft has released the beta version of ShareView, a new kind of instant messenger. It could let you:

+ Share your documents (every kinds of files)
+ Share your desktop view with others
+ Make a conference with multi-users
+ Integration with Microsoft Word
Here are 3 simple but powerful SharedView actions:-
CONNECT - Connect with up to 15 people in different locations and invite them to share with you.

SHOW - Share, review, and update documents with multiple people in real-time.

SHARE
- with up to 15 people in a session. Anyone can share, and the person sharing can give control to anyone else.

You could manage, host the conference, invite others, let someone see these documents but not other ones. It is really a great and my wished tool to me for a long time. As an entrepreneur, currently, I often work with freelancers, clients and partners remotely. It is hard to discuss and finalize the design just by emails or direct meetings.

If you are in my same situation, let try it, I guarantee that you would love it soon. And in the future, if we could have a chance to work together, it must easily for both of us, right?

You can have more information & download from below URL:
http://www.connect.microsoft.com/site/sitehome.aspx?SiteID=94