Thanks, the problem was in the router interface configuration that is facing the firewall, now its working fine.
BR, -----Original Message----- From: ben b [mailto:benboyd.li...@gmail.com] Sent: Monday, March 21, 2011 12:25 AM To: Walaa Abdel razzak Cc: juniper-nsp@puck.nether.net Subject: Re: [j-nsp] SXR 650 Redundancy Group Problem Try removing preempt. I've seen issues with preemption. On Saturday, March 19, 2011, Walaa Abdel razzak <wala...@bmc.com.sa> wrote: > Hi Experts > > > > I am configuring redundancy group to trigger failover in case of interface > failure. I have reth interface for trust zone that has two physical > interfaces, one interface on the active node and the other on the passive and > the same for reth1 on untrust zone. The target is to make traffic go through > the passive node in case of any physical interface failure in the active > node. The problem I am facing is that the failover happen normally when any > interface goes down but there is no traffic from trust to untrust or vice > versa, when the down interface comes to up again, the traffic flows without > problems. > > > > The RG configuration is as follows: > > > > test@FW1# show chassis > > cluster { > > reth-count 2; > > redundancy-group 0 { > > node 0 priority 100; > > node 1 priority 1; > > } > > redundancy-group 1 { > > node 0 priority 100; > > node 1 priority 1; > > preempt; > > gratuitous-arp-count 4; > > interface-monitor { > > ge-2/0/0 weight 255; à Interface on the active node > > ge-2/0/1 weight 255; à Interface on the active node > > } > > } > > } > > > > When the active interface goes down: > > > > Mar 20 03:43:51 FW1 jsrpd[1085]: JSRPD_RG_STATE_CHANGE: > Redundancy-group 1 transitioned from 'primary' to 'secondary-hold' > state due to Monitor failed: IF > > Mar 20 03:43:52 FW1 jsrpd[1085]: JSRPD_RG_STATE_CHANGE: > Redundancy-group 1 transitioned from 'secondary-hold' to 'secondary' > state due to Back to back failover interval expired > > > > > > Interface belonging to the reth: > > > > test@ FW1# show interfaces ge-2/0/0 à active node > > gigether-options { > > redundant-parent reth1; > > } > > > > {primary:node0}[edit] > > test@ FW1# show interfaces ge-2/0/1 à active node > > gigether-options { > > redundant-parent reth0; > > } > > > > {primary:node0}[edit] > > test@ FW1# show interfaces ge-11/0/0 à passive node > > gigether-options { > > redundant-parent reth1; > > } > > > > {primary:node0}[edit] > > test@ FW1# show interfaces ge-11/0/1 à passive node > > gigether-options { > > redundant-parent reth0; > > } > > > > test@FW1# run show interfaces terse | match reth > > ge-2/0/0.15 up down aenet --> reth1.15 à active > interface down > > ge-2/0/0.20 up down aenet --> reth1.20 > > ge-2/0/0.32767 up down aenet --> reth1.32767 > > ge-2/0/1.5 up up aenet --> reth0.5 > > ge-2/0/1.32767 up up aenet --> reth0.32767 > > ge-11/0/0.15 up up aenet --> reth1.15 > > ge-11/0/0.20 up up aenet --> reth1.20 > > ge-11/0/0.32767 up up aenet --> reth1.32767 > > ge-11/0/1.5 up up aenet --> reth0.5 > > ge-11/0/1.32767 up up aenet --> reth0.32767 > > reth0 up down > > reth0.5 up down inet 172.16.0.2/30 > > reth0.32767 up down > > reth1 up down > > reth1.15 up down inet 192.168.0.2/30 > > reth1.20 up down inet 192.168.1.2/30 > > reth1.32767 up down > > > > Any suggestions? > > > > BR, > > > > _______________________________________________ > juniper-nsp mailing list juniper-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/juniper-nsp _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
