Thanks to all those who responded. master-only is mostly what I wanted!
Rather confusingly, Juniper do specify setting lo0 per RE. https://www.juniper.net/techpubs/en_US/junos12.3/topics/task/configuration/routing-engine-dual-initial-configuration.html But then that document also tells you to run "commit synchronise" from operational mode. A single loopback address works, and both REs have the same system SSH key, so no warnings if they switch. This is broadly what I've got now. groups { re0 { system { host-name ...-re0; } interfaces { fxp0 { unit 0 { family inet { address 10.22.0.2/24 { master-only; } address 10.22.0.3/24; } } } } } re1 { system { host-name ...-re1; } interfaces { fxp0 { unit 0 { family inet { address 10.22.0.2/24 { master-only; } address 10.22.0.4/24; } } } } } } interfaces { lo0 { unit 0 { family inet { address 10.177.4.2/32; } } } } Thanks On Tuesday 24 November 2015 21:52:38 Olivier Benghozi wrote: > Juniper document provides each RE with it's own MANAGEMENT address (on fxp > port of each RE), not its own loopback. You configure a single loopback > (interface lo0.0). > > Anyway, about your need, there is: > http://www.juniper.net/documentation/en_US/junos15.1/topics/usage-guidelines > /interfaces-configuring-a-consistent-management-ip-address.html > <http://www.juniper.net/documentation/en_US/junos15.1/topics/usage-guidelin > es/interfaces-configuring-a-consistent-management-ip-address.html> > > Le 24 nov. 2015 à 19:07, Mike Williams <mike.willi...@comodo.com> a écrit > > : > > > > Hi all, > > > > So we just got our first Juniper devices with dual-REs (if you exclude > > virtual chassis'). > > Before I get into actually configuring them, I'm wondering how others > > handle management, as I'm a touch confused. > > > > Normally we just SSH/snmp to the loopback address, optionally jumping off > > from a device on the same OoB network if routing is down (yes, we should > > configure a backup router). > > > > Juniper document providing each RE with it's own loopback address. > > If you do that, you'd have to detect if what you're connected to is master > > or backup, right? > > That might be a necessary trade off. As if you had a single loopback > > address, wouldn't the system SSH key change as loopback "moved" between > > the REs? Can a 'global' single loopback even be configured? > > > > Or do dual-RE devices actually work like virtual chassis, where the system > > SSH key is the same on all nodes, and connections to the backup are > > internally redirected to the master? -- Mike Williams _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp