EmbeddedSoft
Home
Portfolio
All APPs
Android
iOS
Windows
OSX
Blog
Develop
Code
Systems
Develop
FuelSpaceShip
Develop
AngryBots 2 Project
Develop
Neon Battleground performance
Code
APP update progress
Code
Big Apple APPs refresh.
Code
Fixing Arcadian bugs from level 3.
Systems
Corosync, Pacemaker and Ldirectord. HA Load balancer
Systems
When “local storage” is lost in XenServer
Systems
Corosync – Pacemeker boot bug with Debian 7.8
Video
About Us
Contact
Site Menu
Develop
FuelSpaceShip
Code
APP update progress
Code
Big Apple APPs refresh.
Code
Fixing Arcadian bugs from level 3.
Code
Fixing Enemy Spider on Unity 5
Code
UltimateJoystick and AngryBots
Develop
AngryBots 2 Project
Develop
Neon Battleground performance
Develop
Porting Neon Battleground
Juniper J6350 HA setup
Written by:
ranko
-
Category:
Systems
ranko
Basic HA setup for J6350
This is just config file.
groups {
node0 {
system {
host-name juniper01-device;
}
interfaces {
fxp0 {
unit 0 {
family inet {
address 172.16.0.1/30;
}
}
}
}
}
node1 {
system {
host-name juniper02-device;
}
interfaces {
fxp0 {
unit 0 {
family inet {
address 172.16.0.2/30;
}
}
}
}
}
}
apply-groups “${node}”;
system {
host-name juniper01-device;
time-zone America/City;
root-authentication {
encrypted-password “kl55jhl8767865kjhlkjhjkhu”; ## SECRET-DATA
}
name-server {
8.8.8.8;
8.8.4.4;
}
login {
user smoggy {
full-name “Some Guy“;
uid 2000;
class super-user;
authentication {
encrypted-password “98769876876ui876guiytiuyt”; ## SECRET-DATA
}
}
}
services {
ssh;
}
syslog {
user * {
any emergency;
}
file messages {
any any;
authorization info;
}
file interactive-commands {
interactive-commands any;
}
file syslog-event-daemon-warning {
daemon warning;
}
}
license {
autoupdate {
url https://ae1.juniper.net/junos/key_retrieval;
}
}
}
chassis {
cluster {
reth-count 9;
redundancy-group 1 {
node 0 priority 100;
node 1 priority 1;
}
redundancy-group 0 {
node 0 priority 100;
node 1 priority 1;
}
}
}
interfaces {
ge-0/0/0 {
description “reth0 member from juniper01-device”;
gigether-options {
redundant-parent reth0;
}
}
ge-0/0/1 {
description “fab0.0 fabric interface from juniper01-device”;
}
ge-0/0/2 {
description “fxp0 management interface from juniper01-device”;
}
ge-0/0/3 {
description “fxp1 control plane interface from juniper01-device”;
}
ge-4/0/0 {
description “reth3 member from juniper01-device”;
disable;
gigether-options {
redundant-parent reth3;
}
}
ge-4/0/1 {
description “reth3 member from juniper01-device”;
gigether-options {
redundant-parent reth3;
}
}
ge-4/0/2 {
description “reth4 member from juniper01-device”;
disable;
gigether-options {
redundant-parent reth4;
}
}
ge-4/0/3 {
description “reth4 member from juniper01-device”;
gigether-options {
redundant-parent reth4;
}
}
ge-4/0/4 {
description “reth5 member from juniper01-device”;
gigether-options {
redundant-parent reth5;
}
}
ge-4/0/5 {
description “reth6 member from juniper01-device”;
gigether-options {
redundant-parent reth6;
}
}
ge-4/0/6 {
description “reth7 member from juniper01-device”;
gigether-options {
redundant-parent reth7;
}
}
ge-4/0/7 {
description “reth8 member from juniper01-device”;
gigether-options {
redundant-parent reth8;
}
}
ge-7/0/0 {
description “reth0 member from juniper02-device”;
gigether-options {
redundant-parent reth0;
}
}
ge-7/0/1 {
description “fab1.0 fabric interface from juniper02-device”;
}
ge-7/0/2 {
description “fxp0 management interface from juniper02-device”;
}
ge-7/0/3 {
description “fxp1 control plane interface from juniper01-device”;
}
ge-11/0/0 {
description “reth3 member from juniper02-device”;
disable;
gigether-options {
redundant-parent reth3;
}
}
ge-11/0/1 {
description “reth3 member from juniper02-device”;
gigether-options {
redundant-parent reth3;
}
}
ge-11/0/2 {
description “reth4 member from juniper02-device”;
disable;
gigether-options {
redundant-parent reth4;
}
}
ge-11/0/3 {
description “reth4 member from juniper02-device”;
gigether-options {
redundant-parent reth4;
}
}
ge-11/0/4 {
description “reth5 member from juniper02-device”;
gigether-options {
redundant-parent reth5;
}
}
ge-11/0/5 {
description “reth6 member from juniper02-device”;
gigether-options {
redundant-parent reth6;
}
}
ge-11/0/6 {
description “reth7 member from juniper02-device”;
gigether-options {
redundant-parent reth7;
}
}
ge-11/0/7 {
description “reth8 member from juniper02-device”;
gigether-options {
redundant-parent reth8;
}
}
fab0 {
description “fab0 fabric interface from juniper01-device”;
fabric-options {
member-interfaces {
ge-0/0/1;
}
}
}
fab1 {
description “fab1 fabric interface from juniper02-device”;
fabric-options {
member-interfaces {
ge-7/0/1;
}
}
}
fxp0 {
description “fxp0 management interface”;
}
fxp1 {
description “fxp1 control plane interface”;
}
lo0 {
unit 0 {
family inet {
filter {
input local_acl;
}
address 127.0.0.1/32;
}
}
}
reth0 {
description “Redundant cluster interface reth0 – not in use”;
redundant-ether-options {
redundancy-group 1;
}
unit 0 {
family inet;
}
}
reth3 {
description “Redundant cluster interface reth3 – external network”;
vlan-tagging;
redundant-ether-options {
redundancy-group 1;
}
unit 0 {
vlan-id 900;
family inet {
address 22.33.44.55/24;
address 22.33.45.55/24;
address 22.33.46.55/24;
address 22.33.47.55/24;
}
}
}
reth4 {
description “Redundant cluster interface reth4 – internal network”;
vlan-tagging;
redundant-ether-options {
redundancy-group 1;
}
unit 0 {
vlan-id 5;
family inet {
address 10.0.7.254/24;
}
}
}
reth5 {
description “Redundant cluster interface reth5 – not in use”;
redundant-ether-options {
redundancy-group 1;
}
unit 0 {
family inet;
}
}
reth6 {
description “Redundant cluster interface reth6 – my cross connect”;
redundant-ether-options {
redundancy-group 1;
}
unit 0 {
family inet;
}
}
reth7 {
description “Redundant cluster interface reth7 – BGP Interface CORE01/46”;
redundant-ether-options {
redundancy-group 1;
}
unit 0 {
family inet {
address 77.88.99.2/30;
}
}
}
reth8 {
description “Redundant cluster interface reth8 – BGP Interface CORE01/47”;
redundant-ether-options {
redundancy-group 1;
}
unit 0 {
family inet {
address 55.66.77.2/30;
}
}
}
st0 {
unit 0 {
family inet;
}
unit 1 {
family inet;
}
unit 2 {
family inet;
}
unit 3 {
family inet;
}
}
}
event-options {
policy ge-4/0/3-is-down {
events snmp_trap_link_down;
attributes-match {
snmp_trap_link_down.interface-name matches ge-4/0/3;
}
then {
change-configuration {
retry count 10 interval 15;
commands {
“delete interfaces ge-4/0/2 disable”;
}
user-name smoggy;
commit-options {
log “Detected link down for ge-4/0/3 – enabling ge-4/0/2”;
}
}
}
}
policy ge-4/0/3-is-up {
events snmp_trap_link_up;
attributes-match {
snmp_trap_link_up.interface-name matches ge-4/0/3;
}
then {
change-configuration {
retry count 10 interval 15;
commands {
“set interfaces ge-4/0/2 disable”;
}
user-name smoggy;
commit-options {
log “Detected link up for ge-4/0/3 – disabling ge-4/0/2”;
}
}
}
}
policy ge-11/0/3-is-down {
events snmp_trap_link_down;
attributes-match {
snmp_trap_link_down.interface-name matches ge-11/0/3;
}
then {
change-configuration {
retry count 10 interval 5;
commands {
“delete interfaces ge-11/0/2 disable”;
}
user-name smoggy;
commit-options {
log “Detected link up for ge-11/0/3 – disabling ge-11/0/2”;
}
}
}
}
policy ge-11/0/3-is-up {
events snmp_trap_link_up;
attributes-match {
snmp_trap_link_up.interface-name matches ge-11/0/3;
}
then {
change-configuration {
retry count 10 interval 5;
commands {
“set interfaces ge-11/0/2 disable”;
}
user-name smoggy;
commit-options {
log “Detect link up for ge-11/0/3 – disabling ge-11/0/2”;
}
}
}
}
policy ge-4/0/1-is-down {
events snmp_trap_link_down;
attributes-match {
snmp_trap_link_down.interface-name matches ge-4/0/1;
}
then {
change-configuration {
retry count 10 interval 10;
commands {
“delete interfaces ge-4/0/0 disable”;
}
user-name smoggy;
commit-options {
log “Detect link down for ge-4/0/1 – enabling ge-4/0/0”;
}
}
}
}
policy ge-4/0/1-is-up {
events snmp_trap_link_up;
attributes-match {
snmp_trap_link_up.interface-name matches ge-4/0/1;
}
then {
change-configuration {
retry count 10 interval 10;
commands {
“set interfaces ge-4/0/0 disable”;
}
user-name smoggy;
commit-options {
log “Detect link up for ge-4/0/1 – disabling ge-4/0/0”;
}
}
}
}
policy ge-11/0/1-is-down {
events snmp_trap_link_down;
attributes-match {
snmp_trap_link_down.interface-name matches ge-11/0/1;
}
then {
change-configuration {
retry count 10 interval 1;
commands {
“delete interfaces ge-11/0/0 disable”;
}
user-name smoggy;
commit-options {
log “Detect link down for ge-11/0/1 – enabling ge-11/0/0”;
}
}
}
}
policy ge-11/0/1-is-up {
events snmp_trap_link_up;
attributes-match {
snmp_trap_link_up.interface-name matches ge-11/0/1;
}
then {
change-configuration {
retry count 10 interval 1;
commands {
“set interfaces ge-11/0/0 disable”;
}
user-name smoggy;
commit-options {
log “Detect link up for ge-11/0/1 – disabling ge-11/0/0”;
}
}
}
}
}
routing-options {
static {
route 0.0.0.0/0 next-hop 77.88.99.1;
}
autonomous-system 768554;
}
protocols {
bgp {
group peer-with-pcolo {
type external;
export send-routes;
peer-as 798098;
neighbor 77.88.99.1 {
remove-private;
}
neighbor 55.66.77.1 {
remove-private;
}
}
}
stp;
}
policy-options {
policy-statement send-routes {
term reject {
from {
route-filter 10.0.7.0/24 exact reject;
route-filter 22.33.44.0/24 exact accept;
route-filter 22.33.45.0/24 exact accept;
route-filter 22.33.46.0/24 exact accept;
route-filter 22.33.47.0/24 exact accept;
}
}
}
}
security {
nat {
source {
rule-set trust-untrust-nat {
from interface reth4.0;
to interface reth8.0;
rule source-nat-rule {
match {
source-address 10.0.7.0/24;
destination-address 0.0.0.0/0;
}
then {
source-nat {
interface;
}
}
}
}
}
}
policies {
from-zone trust to-zone untrust {
policy trust-to-untrust {
match {
source-address any;
destination-address any;
application any;
}
then {
permit;
}
}
}
from-zone trust to-zone trust {
policy trust-to-trust {
match {
source-address any;
destination-address any;
application any;
}
then {
permit;
}
}
}
from-zone untrust to-zone untrust {
policy untrust-to-untrust {
match {
source-address any;
destination-address any;
application any;
}
then {
permit;
}
}
}
from-zone untrust to-zone trust {
policy untrust-to-trust {
match {
source-address any;
destination-address any;
application any;
}
then {
permit;
}
}
}
default-policy {
permit-all;
}
}
zones {
security-zone trust {
interfaces {
reth0.0 {
host-inbound-traffic {
system-services {
all;
}
}
}
reth5.0 {
host-inbound-traffic {
system-services {
all;
}
}
}
reth4.0 {
host-inbound-traffic {
system-services {
all;
}
}
}
reth6.0 {
host-inbound-traffic {
system-services {
all;
}
}
}
st0.0 {
host-inbound-traffic {
system-services {
all;
}
}
}
st0.1 {
host-inbound-traffic {
system-services {
all;
}
}
}
st0.2 {
host-inbound-traffic {
system-services {
all;
}
}
}
st0.3 {
host-inbound-traffic {
system-services {
all;
}
}
}
}
}
security-zone untrust {
interfaces {
reth8.0 {
host-inbound-traffic {
system-services {
all;
}
}
}
reth7.0 {
host-inbound-traffic {
system-services {
all;
}
}
}
reth3.0 {
host-inbound-traffic {
system-services {
all;
}
}
}
}
}
}
}
firewall {
family inet {
filter local_acl {
term terminal_access {
from {
address {
10.0.0.0/8;
172.16.0.0/24;
}
protocol tcp;
port [ ssh telnet ];
}
then accept;
}
term terminal_access_denied {
from {
protocol tcp;
port [ ssh telnet ];
}
then {
log;
reject;
}
}
term default-term {
then accept;
}
}
}
}
applications {
application ssh {
protocol tcp;
destination-port 22;
inactivity-timeout 84400;
}
application junos-ssh inactivity-timeout 86400;
}
{primary:node0}
March 2, 2015
Previous Post
Cisco Catalyst 2970 - Basic setup
Next Post
XenServer how-to(s)
Add your comment
Cancel reply
Your email address will not be published.
Home
Systems
Juniper J6350 HA setup
LIVE NOW! CLICK TO VIEW.
CURRENTLY OFFLINE
Add your comment