Juniper SRX Cluster HA設定

測試環境：SRX 220H 兩台
SRX 220H Cluster默認端口
(fxp0)管理端口：Ge-0/0/6 
(Control Plane：fxp1)控制端口：Ge-0/0/7 
(Fabric Link也叫Data Plane：fab)數據同步端口：Ge-0/0/1
使用集群則集群後接口標示為：Ge-0/0/0-7; Ge-3/0/0-7
不同型號集群後端口顯示不同，參考官方手冊
------------------------------------------------------------------------------
配置設定
On device A:>set chassis cluster cluster-id 1 node 0 reboot
On device B:>set chassis cluster cluster-id 1 node 1 reboot
On device A:
set groups node0 system host-name SRX-Primary
set groups node0 interfaces fxp0 unit 0 family inet address 10.10.30.189/24
set groups node1 system host-name SRX-Secondby
set groups node1 interfaces fxp0 unit 0 family inet address 10.10.30.190/24
set apply-groups "${node}"
set interfaces fab0 fabric-options member-interfaces ge-0/0/1
set interfaces fab1 fabric-options member-interfaces ge-3/0/1
set chassis cluster redundancy-group 0 node 0 priority 100
set chassis cluster redundancy-group 0 node 1 priority 1
set chassis cluster redundancy-group 1 node 0 priority 100
set chassis cluster redundancy-group 1 node 1 priority 1
set chassis cluster redundancy-group 1 interface-monitor ge-0/0/3 weight 255
set chassis cluster redundancy-group 1 interface-monitor ge-0/0/4 weight 255
set chassis cluster redundancy-group 1 interface-monitor ge-0/0/5 weight 255
set chassis cluster redundancy-group 1 interface-monitor ge-3/0/3 weight 255
set chassis cluster redundancy-group 1 interface-monitor ge-3/0/4 weight 255
set chassis cluster redundancy-group 1 interface-monitor ge-3/0/5 weight 255
set chassis cluster reth-count 3
set interfaces ge-0/0/3 gigether-options redundant-parent reth0
set interfaces ge-3/0/3 gigether-options redundant-parent reth0
set interfaces reth0 redundant-ether-options redundancy-group 1
set interfaces reth0 unit 0 family inet address 192.168.3.1/24
set interfaces ge-0/0/4 gigether-options redundant-parent reth1
set interfaces ge-3/0/4 gigether-options redundant-parent reth1
set interfaces reth1 redundant-ether-options redundancy-group 1
set interfaces reth1 unit 0 family inet address 192.168.4.1/24
set interfaces ge-0/0/5 gigether-options redundant-parent reth2
set interfaces ge-3/0/5 gigether-options redundant-parent reth2
set interfaces reth2 redundant-ether-options redundancy-group 1
set interfaces reth2 unit 0 family inet address 192.168.5.1/24
set security zones security-zone trust interfaces reth0.0
set security zones security-zone untrust interfaces reth1.0
set security zones security-zone DMZ interfaces reth2.0
------------------------------------------------------------------------------
配置說明
On device A: >set chassis cluster cluster-id 1 node 0 reboot
//定義cluster-id 和node，同一個集群cluster-id 必須相同，取值範圍為0-15，0 代表禁用集群；node 取值範圍為0-1, 0代表主設備
On device B: >set chassis cluster cluster-id 1 node 1 reboot
//定義cluster-id 和node，同一個集群cluster-id 必須相同，取值範圍為0-15，0 代表禁用集群；node 取值範圍為0-1, 0代表主設備
On device A:
set groups node0 system host-name SRX-Primary
set groups node0 interfaces fxp0 unit 0 family inet address 10.10.30.189/24
set groups node1 system host-name SRX-Secondby
set groups node1 interfaces fxp0 unit 0 family inet address 10.10.30.190/24
//為集群設備配置單獨的名字和管理IP 地址
set apply-groups "${node}"
//讓以上的全域配置應用到每個獨立的節點上
set interfaces fab0 fabric-options member-interfaces ge-0/0/1
set interfaces fab1 fabric-options member-interfaces ge-3/0/1
//定義數據同步端口並關聯連接埠
set chassis cluster redundancy-group 0 node 0 priority 100
set chassis cluster redundancy-group 0 node 1 priority 1
set chassis cluster redundancy-group 1 node 0 priority 100
set chassis cluster redundancy-group 1 node 1 priority 1
//設置冗餘組的對不同節點的優先級，優先級範圍1-254.值越大優先級越高，一般習慣定義2 個冗餘組，redundancy-group 0 用於控制引擎，redundancy-group 1 用於控制數據引擎，當然也可以為每組冗餘連接埠放在一個redundancy-group 組中
set chassis cluster redundancy-group 1 interface-monitor ge-0/0/3 weight 255
set chassis cluster redundancy-group 1 interface-monitor ge-0/0/4 weight 255
set chassis cluster redundancy-group 1 interface-monitor ge-0/0/5 weight 255
set chassis cluster redundancy-group 1 interface-monitor ge-3/0/3 weight 255
set chassis cluster redundancy-group 1 interface-monitor ge-3/0/4 weight 255
set chassis cluster redundancy-group 1 interface-monitor ge-3/0/5 weight 255
//配置接口監控在數據冗餘口，不建議配置接口監控在redundancy-group 0，當監控到接口故障後優先級降255，實現數據口冗餘自動切換
set chassis cluster reth-count 3
//定義集群最多支持多少組冗餘接口，必須不低於當前配置的冗餘口組數目，否則將有超過數量的冗餘口不能正常工作，超過冗餘組的冗餘接口的路由訊息都不生效
set interfaces ge-0/0/3 gigether-options redundant-parent reth0
set interfaces ge-3/0/3 gigether-options redundant-parent reth0
set interfaces reth0 redundant-ether-options redundancy-group 1
//把物理連接埠加入到冗餘接口reth，並把接口reth0 加入數據冗餘組redundancy-group 1
set interfaces reth0 unit 0 family inet address 192.168.3.1/24
//為冗餘邏輯接口配置IP 地址
set interfaces ge-0/0/4 gigether-options redundant-parent reth1
set interfaces ge-3/0/4 gigether-options redundant-parent reth1
set interfaces reth1 redundant-ether-options redundancy-group 1
//把物理連接埠加入到冗餘接口reth，並把接口reth1 加入數據冗餘組redundancy-group 1
set interfaces reth1 unit 0 family inet address 192.168.4.1/24
//為冗餘邏輯接口配置IP 地址
set interfaces ge-0/0/5 gigether-options redundant-parent reth2
set interfaces ge-3/0/5 gigether-options redundant-parent reth2
set interfaces reth2 redundant-ether-options redundancy-group 1
//把物理連接埠加入到冗餘接口reth，並把接口reth2 加入數據冗餘組redundancy-group 1
set interfaces reth2 unit 0 family inet address 192.168.5.1/24
//為冗餘邏輯接口配置IP 地址
set security zones security-zone trust interfaces reth0.0
set security zones security-zone untrust interfaces reth1.0
set security zones security-zone DMZ interfaces reth2.0
//把集群的邏輯接口關聯到ZONE