Junos Fusion – Part II – Configuration, Administration and Operation
This is the second part of the Junos Fusion Series.
In the first part, I explained the concepts behind Junos Fusion.
Junos Fusion Enterprise means that the AD is EX9200 and the SDs can be EX2300, EX3400, EX4300 and QFX5100.
In the second part we will see how a Dual AD Junos Fusion Enterprise is configured, how the satellites can be added to Fusion and how to check if Fusion is working properly:
Standalone and cluster satellite configuration
Standalone Junos to satellite conversion
Satellite to standalone Junos conversion
These are the devices that will become components of the Junos Fusion, ADs and SDs:
There are two satellite clusters with EX3400 where each satellite has only one uplink port to one of the AD.
The EX4300 is dual-homed.
Because this is a Dual AD topology, there are few links between the two ADs for ICL and ICCP links.
The configuration related to standalone and cluster satellite is identical on the two AD, the difference being just the cascade ports reference as I did not use the same port numbering.
Standalone and cluster satellite configuration
All the configuration related to FPC ID and satellite(standalone and cluster) is done under “chassis satellite-management” stanza.
This is the configuration of LEFT cluster on EX9200-1:
[edit] root@EX9200-1# cluster LEFT { cluster-id 1; cascade-ports xe-0/0/3; fpc 65 { member-id 1; system-id 7c:25:86:2d:74:85; } fpc 66 { member-id 2; system-id 7c:25:86:28:52:96; } }
Observe that I used the system-id as identifier for the satellites.
As a comparison, the configuration is identical on the other AD, just the cascade port is different:
[edit] root@EX9200-2# cluster LEFT { cluster-id 1; cascade-ports xe-1/0/3; fpc 65 { member-id 1; system-id 7c:25:86:2d:74:85; } fpc 66 { member-id 2; system-id 7c:25:86:28:52:96; } }
The other cluster is configured in an identical way making sure that the right cascade ports are used.
For the EX4300 satellite, the S/N is used to identify the satellite and assign the FPC number:
[edit] root@EX9200-1# fpc 70 { serial-number PG3715180043; cascade-ports xe-0/0/6; }
The cascade ports on the ADs are configured like this:
[edit] root@EX9200-1# show interfaces xe-0/0/3 { cascade-port; } xe-0/0/6 { cascade-port; } xe-0/2/3 { cascade-port; }
Again, the same configuration has to be applied on the second AD making sure that the right cascade ports are used.
The software upgrade group is a group of devices meant to run the same SNOS. The software upgrade groups are managed from the AD.
For the standalone satellites, you can add one or more satellites in an upgrade group.
In case of the satellite cluster, an upgrade group is automatically created and it has the name of the satellite cluster(in our cases, it can be LEFT or RIGHT).
There are two steps related to the upgrade groups: defining the upgrade group members(just in standalone satellite case) and associating the upgrade group with the SNOS.
This is required to defined the upgrade group for FPC70(EX4300):
[edit] root@EX9200-1# upgrade-groups { SAT-70 { satellite 70; } }
The second step is to associated the SNOS to the upgrade group.
This is to associate the SNOS with the standalone device for which I defined the upgrade group:
[edit] root@EX9200-1# run request system software add upgrade-group SAT-70 /var/tmp/satellite-3.1R1-S2.0-signed.tgz Validating image /var/tmp/satellite-3.1R1-S2.0-signed.tgz Metatags extracted Satellite package version is '3.1R1-S2.0' Using existing package Provisioning group <SAT-70> with satellite package version '3.1R1-S2.0' Request processed successfully [edit] root@EX9200-1#
This is for the satellite cluster(the name of the upgrade group is the satellite cluster name):
[edit] root@EX9200-1# run request system software add upgrade-group RIGHT /var/tmp/satellite-3.1R1-S2.0-signed.tgz Validating image /var/tmp/satellite-3.1R1-S2.0-signed.tgz Metatags extracted Satellite package version is '3.1R1-S2.0' Unpacking package Provisioning group <RIGHT> with satellite package version '3.1R1-S2.0' Request processed successfully [edit] root@EX9200-1#
Remember that these above two steps have to be repeated on the other AD.
A section later in the article will show how the satellites are actually converted to run SNOS.
In case of a Dual AD topology, there is an MC-LAG group that uses ICCP to communicate between the two ADs.
The ICCP is enabled by a redundancy-group that contains the two ADs along with the satellites or the satellite clusters.
This is the complete configuration of the redundancy group on EX9200-1:
[edit] root@EX9200-1# redundancy-groups { chassis-id 1; jfe { redundancy-group-id 1; peer-chassis-id 2 { inter-chassis-link ae0; no-auto-iccp-provisioning; } satellite 70; cluster LEFT; cluster RIGHT; } } [edit] root@EX9200-1#
And on the second AD:
[edit] root@EX9200-2# redundancy-groups { chassis-id 2; jfe { redundancy-group-id 1; peer-chassis-id 1 { inter-chassis-link ae0; no-auto-iccp-provisioning; } satellite 70; cluster LEFT; cluster RIGHT; } } [edit] root@EX9200-2#
Standalone Junos to satellite conversion
Before trying to convert a device running Junos to run SNOS, you should zeroize the device and after has come back up, make sure that the uplink ports on the device are not configured as VC ports(this is applicable only to EX3400 and EX4300).
There are three ways to convert a standalone device to a satellite.
The first one is autoconversion, it is the recommended one and the software is installed automatically when the SD is connected to the AD.
This is how you can enable autoconversion for one or more satellites:
[edit] root@EX9200-1# show chassis auto-satellite-conversion { satellite 67-68; } [edit] root@EX9200-1#
Once the device is connected and is part of the satellites list enabled for auto-conversion , the following message from the logs of SD is indicating that the auto-conversion started:
Jun 29 08:42:04 l2cpd[7230]: lldp_chassis_mode_change_processing: executing </usr/libexec/ui/satellite-mode-change-check -i xe-0/2/0 -d 10.16.32.13 -s 10.16.32.14/30 -f satellite-groups/LEFT/arm563xx/host.tgz -b 124502656 -u ftp -m dec2da2ebfa6060c0e5d9e3b9a7c3c34 >
The second option is to manually install the SNOS on the satellite and this is how is done when the AD has a direct link to the SD. Let’s suppose that I want EX3400-2 from the topology to become FPC66.
In this case, only AD2 has a direct link(through xe-1/0/3) and this is the command:
[edit] root@EX9200-2# run request chassis satellite interface xe-1/0/3 device-mode satellite Mode change request initiated on interface xe-1/0/3 Installing satellite-groups/LEFT/arm563xx/host.tgz image on this device [edit] root@EX9200-2#
In case of a cluster that has only one link to AD that specific SD that needs to be converted is not directly connected to the AD, then the above command can be changed to reflect an inter-SD interface.
Let’s suppose that FPC66 does not have a link towards AD2 and that EX3400-1(FPC65) is already converted. Then FPC66 can be converted from AD1 and reference the interface between FPC65 and FPC66(xe-0/2/2) which on FPC65 becomes xe-65/2/2:
[edit] root@EX9200-1# run request chassis satellite interface xe-65/2/2 device-mode satellite Mode change request initiated on interface xe-65/2/2 Installing satellite-groups/RIGHT/arm563xx/host.tgz image on this device [edit] root@EX9200-1#
And the last method is to preinstall SNOS on the device and this is done like this:
{master:0} root@EX3400-1> request chassis device-mode satellite /var/tmp/satellite-ex-3400-3.1R1-S2.0-signed.tgz Extracting image /var/tmp/satellite-ex-3400-3.1R1-S2.0-signed.tgz Metatags extracted Satellite package version is '3.1R1-S2.0' Using host.tgz for arm563xx from the package all conditions passed Proceeding with conversion to satellite device
Satellite to standalone Junos conversion
You can convert back a device running SNOS to run again Junos.
For EX4300 and QFX5100, this command can be used to remove a satellite from Junos Fusion.
[edit] root@EX9200-1# run request chassis satellite install /var/tmp/jinstall-ex-4300-14.1X53-D45.3-domestic-signed.tgz fpc-slot 70 Convert satellite device to Junos standalone device? [yes,no] (no) yes Verified jinstall-ex-4300-14.1X53-D45.3-domestic.tgz signed by PackageProductionEc_2017 method ECDSA256+SHA256 Initiating Junos standalone conversion on device 70... Response from device: Conversion started [edit] root@EX9200-1#
For EX3400 and EX2300, there is specific procedure to format the filesystem of the SD and then reinstallation from loader.
This procedure can be found here.
At this moment, all five satellites should be added to the Junos Fusion setup.
Let’s check the status of the SD to AD links. As you can see from the diagram, AD1 is directly connected only to FPC65, 68 and 70:
[edit] root@EX9200-1# run show chassis satellite neighbor Interface State Port Info System Name Model SW Version xe-0/0/6 Two-Way xe-0/2/2 sd70 EX4300-24T 3.1R1-S2.0 xe-0/2/3 Two-Way xe-0/2/0 sd68 EX3400-24P 3.1R1-S2.0 xe-0/0/3 Two-Way xe-0/2/0 sd65 EX3400-48P 3.1R1-S2.0 [edit] root@EX9200-1#
AD2 will show similar output, except for the interface names which should reflect how it is connected to the SDs:
[edit] root@EX9200-2# run show chassis satellite neighbor Interface State Port Info System Name Model SW Version xe-1/0/6 Two-Way xe-0/2/3 sd70 EX4300-24T 3.1R1-S2.0 xe-1/2/3 Two-Way xe-0/2/0 sd67 EX3400-48P 3.1R1-S2.0 xe-1/0/3 Two-Way xe-0/2/0 sd66 EX3400-24P 3.1R1-S2.0 [edit] root@EX9200-2#
You can check the status of the cascade port and the internal Fusion interfaces(note the 65, 66, and so on interfaces):
[edit] root@EX9200-1# run show chassis satellite interface Interface State Type ae0 Dn ICL et-4/0/0 Up Child-ICL et-4/0/1 Up Child-ICL lo0 Up Loopback sd-65/0/0 Up Satellite sd-66/0/0 Up Satellite sd-67/0/0 Up Satellite sd-68/0/0 Up Satellite sd-70/0/0 Up Satellite xe-0/0/3 Up Cascade xe-0/0/6 Up Cascade xe-0/2/3 Up Cascade [edit] root@EX9200-1#
You can check the software upgrade groups. This is for one of the satellite clusters:
[edit] root@EX9200-1# run show chassis satellite upgrade-group RIGHT Group Device Group Sw-Version State Slot State RIGHT 3.1R1-S2.0 in-sync 67 version-in-sync 68 version-in-sync [edit] root@EX9200-1#
You can also check the satellite clusters status:
[edit] root@EX9200-1# run show chassis satellite-cluster Cluster Name: LEFT Number of devices provisioned: 2 Number of devices present: 2 Number of devices unprovisioned: 0 Number of devices misconfig/miwired: 0 Number of devices online: 2 Number of devices offline: 0 Device Local Remote Interface Slot State Distance Interface Interface State 66 Online 1 [via 65 ] xe-66/2/2 xe-65/2/2 present 65 Online 0 xe-65/2/0 xe-0/0/3 online xe-65/2/2 xe-66/2/2 present Cluster Name: RIGHT Number of devices provisioned: 2 Number of devices present: 2 Number of devices unprovisioned: 0 Number of devices misconfig/miwired: 0 Number of devices online: 2 Number of devices offline: 0 Device Local Remote Interface Slot State Distance Interface Interface State 68 Online 0 xe-68/2/0 xe-0/2/3 online xe-68/2/2 xe-67/2/2 present 67 Online 1 [via 68 ] xe-67/2/2 xe-68/2/2 present [edit] root@EX9200-1# [edit] root@EX9200-2# run show chassis satellite-cluster Cluster Name: LEFT Number of devices provisioned: 2 Number of devices present: 2 Number of devices unprovisioned: 0 Number of devices misconfig/miwired: 0 Number of devices online: 2 Number of devices offline: 0 Device Local Remote Interface Slot State Distance Interface Interface State 66 Online 0 xe-66/2/0 xe-1/0/3 present xe-66/2/2 xe-65/2/2 present 65 Online 1 [via 66 ] xe-65/2/2 xe-66/2/2 present Cluster Name: RIGHT Number of devices provisioned: 2 Number of devices present: 2 Number of devices unprovisioned: 0 Number of devices misconfig/miwired: 0 Number of devices online: 2 Number of devices offline: 0 Device Local Remote Interface Slot State Distance Interface Interface State 68 Online 1 [via 67 ] xe-68/2/2 xe-67/2/2 present 67 Online 0 xe-67/2/0 xe-1/2/3 present xe-67/2/2 xe-68/2/2 present [edit] root@EX9200-2#
Based on this above output, everything is in order with the Junos Fusion and you can start connecting hosts on the setup.
This would be all about what is need to bring up a Junos Fusion setup.
In the next part of the series, various devices will be connected on this Junos Fusion to get some traffic running through the setup and check several things.
I hope you found this post interesting.
Paris ARAU
Latest posts by Paris ARAU (see all)
- Junos Fusion – Part IV – Satellite policies and uplink failure detection - 30 July 2018
- Junos Fusion – Part III – Satellite commands and traffic forwarding - 16 July 2018
- Junos Fusion – Part II – Configuration, Administration and Operation - 16 July 2018
- Junos Fusion – Part I – Overview, Components, Ports and Software - 11 July 2018
- Vagrant – Part IV – Network topology using Juniper and Cumulus - 26 April 2018
[…] first and second parts covered the basics and how to bring up and verify that Junos Fusion is working […]