Juniper J6350 HA setup

Basic HA setup for J6350
This is just config file. 
groups {
node0 {
system {
host-name juniper01-device;
}
interfaces {
fxp0 {
unit 0 {
family inet {
address 172.16.0.1/30;
}
}
}
}
}
node1 {
system {
host-name juniper02-device;
}
interfaces {
fxp0 {
unit 0 {
family inet {
address 172.16.0.2/30;
}
}
}
}
}
}
apply-groups “${node}”;
system {
host-name juniper01-device;
time-zone America/City;
root-authentication {
encrypted-password “kl55jhl8767865kjhlkjhjkhu”; ## SECRET-DATA
}
name-server {
8.8.8.8;
8.8.4.4;
}
login {
user smoggy {
full-name “Some Guy“;
uid 2000;
class super-user;
authentication {
encrypted-password “98769876876ui876guiytiuyt”; ## SECRET-DATA
}
}
}
services {
ssh;
}
syslog {
user * {
any emergency;
}
file messages {
any any;
authorization info;
}
file interactive-commands {
interactive-commands any;
}
file syslog-event-daemon-warning {
daemon warning;
}
}
license {
autoupdate {
url https://ae1.juniper.net/junos/key_retrieval;
}
}
}
chassis {
cluster {
reth-count 9;
redundancy-group 1 {
node 0 priority 100;
node 1 priority 1;
}
redundancy-group 0 {
node 0 priority 100;
node 1 priority 1;
}
}
}
interfaces {
ge-0/0/0 {
description “reth0 member from juniper01-device”;
gigether-options {
redundant-parent reth0;
}
}
ge-0/0/1 {
description “fab0.0 fabric interface from juniper01-device”;
}
ge-0/0/2 {
description “fxp0 management interface from juniper01-device”;
}
ge-0/0/3 {
description “fxp1 control plane interface from juniper01-device”;
}
ge-4/0/0 {
description “reth3 member from juniper01-device”;
disable;
gigether-options {
redundant-parent reth3;
}
}
ge-4/0/1 {
description “reth3 member from juniper01-device”;
gigether-options {
redundant-parent reth3;
}
}
ge-4/0/2 {
description “reth4 member from juniper01-device”;
disable;
gigether-options {
redundant-parent reth4;
}
}
ge-4/0/3 {
description “reth4 member from juniper01-device”;
gigether-options {
redundant-parent reth4;
}
}
ge-4/0/4 {
description “reth5 member from juniper01-device”;
gigether-options {
redundant-parent reth5;
}
}
ge-4/0/5 {
description “reth6 member from juniper01-device”;
gigether-options {
redundant-parent reth6;
}
}
ge-4/0/6 {
description “reth7 member from juniper01-device”;
gigether-options {
redundant-parent reth7;
}
}
ge-4/0/7 {
description “reth8 member from juniper01-device”;
gigether-options {
redundant-parent reth8;
}
}
ge-7/0/0 {
description “reth0 member from juniper02-device”;
gigether-options {
redundant-parent reth0;
}
}
ge-7/0/1 {
description “fab1.0 fabric interface from juniper02-device”;
}
ge-7/0/2 {
description “fxp0 management interface from juniper02-device”;
}
ge-7/0/3 {
description “fxp1 control plane interface from juniper01-device”;
}
ge-11/0/0 {
description “reth3 member from juniper02-device”;
disable;
gigether-options {
redundant-parent reth3;
}
}
ge-11/0/1 {
description “reth3 member from juniper02-device”;
gigether-options {
redundant-parent reth3;
}
}
ge-11/0/2 {
description “reth4 member from juniper02-device”;
disable;
gigether-options {
redundant-parent reth4;
}
}
ge-11/0/3 {
description “reth4 member from juniper02-device”;
gigether-options {
redundant-parent reth4;
}
}
ge-11/0/4 {
description “reth5 member from juniper02-device”;
gigether-options {
redundant-parent reth5;
}
}
ge-11/0/5 {
description “reth6 member from juniper02-device”;
gigether-options {
redundant-parent reth6;
}
}
ge-11/0/6 {
description “reth7 member from juniper02-device”;
gigether-options {
redundant-parent reth7;
}
}
ge-11/0/7 {
description “reth8 member from juniper02-device”;
gigether-options {
redundant-parent reth8;
}
}
fab0 {
description “fab0 fabric interface from juniper01-device”;
fabric-options {
member-interfaces {
ge-0/0/1;
}
}
}
fab1 {
description “fab1 fabric interface from juniper02-device”;
fabric-options {
member-interfaces {
ge-7/0/1;
}
}
}
fxp0 {
description “fxp0 management interface”;
}
fxp1 {
description “fxp1 control plane interface”;
}
lo0 {
unit 0 {
family inet {
filter {
input local_acl;
}
address 127.0.0.1/32;
}
}
}
reth0 {
description “Redundant cluster interface reth0 – not in use”;
redundant-ether-options {
redundancy-group 1;
}
unit 0 {
family inet;
}
}
reth3 {
description “Redundant cluster interface reth3 – external network”;
vlan-tagging;
redundant-ether-options {
redundancy-group 1;
}
unit 0 {
vlan-id 900;
family inet {
address 22.33.44.55/24;
address 22.33.45.55/24;
address 22.33.46.55/24;
address 22.33.47.55/24;
}
}
}
reth4 {
description “Redundant cluster interface reth4 – internal network”;
vlan-tagging;
redundant-ether-options {
redundancy-group 1;
}
unit 0 {
vlan-id 5;
family inet {
address 10.0.7.254/24;
}
}
}
reth5 {
description “Redundant cluster interface reth5 – not in use”;
redundant-ether-options {
redundancy-group 1;
}
unit 0 {
family inet;
}
}
reth6 {
description “Redundant cluster interface reth6 – my cross connect”;
redundant-ether-options {
redundancy-group 1;
}
unit 0 {
family inet;
}
}
reth7 {
description “Redundant cluster interface reth7 – BGP Interface CORE01/46”;
redundant-ether-options {
redundancy-group 1;
}
unit 0 {
family inet {
address 77.88.99.2/30;
}
}
}
reth8 {
description “Redundant cluster interface reth8 – BGP Interface CORE01/47”;
redundant-ether-options {
redundancy-group 1;
}
unit 0 {
family inet {
address 55.66.77.2/30;
}
}
}
st0 {
unit 0 {
family inet;
}
unit 1 {
family inet;
}
unit 2 {
family inet;
}
unit 3 {
family inet;
}
}
}
event-options {
policy ge-4/0/3-is-down {
events snmp_trap_link_down;
attributes-match {
snmp_trap_link_down.interface-name matches ge-4/0/3;
}
then {
change-configuration {
retry count 10 interval 15;
commands {
“delete interfaces ge-4/0/2 disable”;
}
user-name smoggy;
commit-options {
log “Detected link down for ge-4/0/3 – enabling ge-4/0/2”;
}
}
}
}
policy ge-4/0/3-is-up {
events snmp_trap_link_up;
attributes-match {
snmp_trap_link_up.interface-name matches ge-4/0/3;
}
then {
change-configuration {
retry count 10 interval 15;
commands {
“set interfaces ge-4/0/2 disable”;
}
user-name smoggy;
commit-options {
log “Detected link up for ge-4/0/3 – disabling ge-4/0/2”;
}
}
}
}
policy ge-11/0/3-is-down {
events snmp_trap_link_down;
attributes-match {
snmp_trap_link_down.interface-name matches ge-11/0/3;
}
then {
change-configuration {
retry count 10 interval 5;
commands {
“delete interfaces ge-11/0/2 disable”;
}
user-name smoggy;
commit-options {
log “Detected link up for ge-11/0/3 – disabling ge-11/0/2”;
}
}
}
}
policy ge-11/0/3-is-up {
events snmp_trap_link_up;
attributes-match {
snmp_trap_link_up.interface-name matches ge-11/0/3;
}
then {
change-configuration {
retry count 10 interval 5;
commands {
“set interfaces ge-11/0/2 disable”;
}
user-name smoggy;
commit-options {
log “Detect link up for ge-11/0/3 – disabling ge-11/0/2”;
}
}
}
}
policy ge-4/0/1-is-down {
events snmp_trap_link_down;
attributes-match {
snmp_trap_link_down.interface-name matches ge-4/0/1;
}
then {
change-configuration {
retry count 10 interval 10;
commands {
“delete interfaces ge-4/0/0 disable”;
}
user-name smoggy;
commit-options {
log “Detect link down for ge-4/0/1 – enabling ge-4/0/0”;
}
}
}
}
policy ge-4/0/1-is-up {
events snmp_trap_link_up;
attributes-match {
snmp_trap_link_up.interface-name matches ge-4/0/1;
}
then {
change-configuration {
retry count 10 interval 10;
commands {
“set interfaces ge-4/0/0 disable”;
}
user-name smoggy;
commit-options {
log “Detect link up for ge-4/0/1 – disabling ge-4/0/0”;
}
}
}
}
policy ge-11/0/1-is-down {
events snmp_trap_link_down;
attributes-match {
snmp_trap_link_down.interface-name matches ge-11/0/1;
}
then {
change-configuration {
retry count 10 interval 1;
commands {
“delete interfaces ge-11/0/0 disable”;
}
user-name smoggy;
commit-options {
log “Detect link down for ge-11/0/1 – enabling ge-11/0/0”;
}
}
}
}
policy ge-11/0/1-is-up {
events snmp_trap_link_up;
attributes-match {
snmp_trap_link_up.interface-name matches ge-11/0/1;
}
then {
change-configuration {
retry count 10 interval 1;
commands {
“set interfaces ge-11/0/0 disable”;
}
user-name smoggy;
commit-options {
log “Detect link up for ge-11/0/1 – disabling ge-11/0/0”;
}
}
}
}
}
routing-options {
static {
route 0.0.0.0/0 next-hop 77.88.99.1;
}
autonomous-system 768554;
}
protocols {
bgp {
group peer-with-pcolo {
type external;
export send-routes;
peer-as 798098;
neighbor 77.88.99.1 {
remove-private;
}
neighbor 55.66.77.1 {
remove-private;
}
}
}
stp;
}
policy-options {
policy-statement send-routes {
term reject {
from {
route-filter 10.0.7.0/24 exact reject;
route-filter 22.33.44.0/24 exact accept;
route-filter 22.33.45.0/24 exact accept;
route-filter 22.33.46.0/24 exact accept;
route-filter 22.33.47.0/24 exact accept;
}
}
}
}
security {
nat {
source {
rule-set trust-untrust-nat {
from interface reth4.0;
to interface reth8.0;
rule source-nat-rule {
match {
source-address 10.0.7.0/24;
destination-address 0.0.0.0/0;
}
then {
source-nat {
interface;
}
}
}
}
}
}
policies {
from-zone trust to-zone untrust {
policy trust-to-untrust {
match {
source-address any;
destination-address any;
application any;
}
then {
permit;
}
}
}
from-zone trust to-zone trust {
policy trust-to-trust {
match {
source-address any;
destination-address any;
application any;
}
then {
permit;
}
}
}
from-zone untrust to-zone untrust {
policy untrust-to-untrust {
match {
source-address any;
destination-address any;
application any;
}
then {
permit;
}
}
}
from-zone untrust to-zone trust {
policy untrust-to-trust {
match {
source-address any;
destination-address any;
application any;
}
then {
permit;
}
}
}
default-policy {
permit-all;
}
}
zones {
security-zone trust {
interfaces {
reth0.0 {
host-inbound-traffic {
system-services {
all;
}
}
}
reth5.0 {
host-inbound-traffic {
system-services {
all;
}
}
}
reth4.0 {
host-inbound-traffic {
system-services {
all;
}
}
}
reth6.0 {
host-inbound-traffic {
system-services {
all;
}
}
}
st0.0 {
host-inbound-traffic {
system-services {
all;
}
}
}
st0.1 {
host-inbound-traffic {
system-services {
all;
}
}
}
st0.2 {
host-inbound-traffic {
system-services {
all;
}
}
}
st0.3 {
host-inbound-traffic {
system-services {
all;
}
}
}
}
}
security-zone untrust {
interfaces {
reth8.0 {
host-inbound-traffic {
system-services {
all;
}
}
}
reth7.0 {
host-inbound-traffic {
system-services {
all;
}
}
}
reth3.0 {
host-inbound-traffic {
system-services {
all;
}
}
}
}
}
}
}
firewall {
family inet {
filter local_acl {
term terminal_access {
from {
address {
10.0.0.0/8;
172.16.0.0/24;
}
protocol tcp;
port [ ssh telnet ];
}
then accept;
}
term terminal_access_denied {
from {
protocol tcp;
port [ ssh telnet ];
}
then {
log;
reject;
}
}
term default-term {
then accept;
}
}
}
}
applications {
application ssh {
protocol tcp;
destination-port 22;
inactivity-timeout 84400;
}
application junos-ssh inactivity-timeout 86400;
}
{primary:node0}
Add your comment

Your email address will not be published. Required fields are marked *