How To: Adding Netscreen to NSRP Cluster & Interface Monitoring

Posted by Ahsan Tasneem | 2:45 AM | , , | 2 comments »

NSRP

NSRP is the protocol that redundant NetScreen devices use to talk to each other when running in various HA configurations. It is the language that allows them to exchange state information and make decisions. Before we detail the specifics of what type of information is exchanged over NSRP, we need to cover a bit more theory.

One of the main goals of HA is to have multiple redundant systems, where a second system can take over in case the first one fails. This is commonly achieved by duplicating the hardware. As with the NetScreen firewalls, any HA setup that is using NSRP implies that there are at least two firewalls of the same model working together. This group of firewalls is called an NSRP cluster, or simply, a cluster (see Figure below).

Note:  The sample configuration shown below is of SSG 520, for any issues related to this post please let me know @ahsantasneem


Adding a NetScreen to an NSRP Cluster

Use the following steps to configure the syslog server via the WebUI:
1.       Go to Network | NSRP | Cluster.
2.       Enter 1 as the Cluster ID.
3.       Press OK.
It is not possible to add NSRP name through WebUI

From the CLI:

set nsrp cluster id 1

set nsrp cluster name (define name)





  1. Go to Network | NSRP | Monitor | Interface | VSD ID:
  2. Device | Edit interface.
  3. Select Ethernet 0/0.
  4. Set the Weight to 255.
  5. Select Ethernet 0/1.
  6. Set the Weight to 255.
  7. Select Ethernet 0/2.
  8. Set the Weight to 255.
  9. Click Apply.


From the CLI:

set nsrp vsd-group id 0 monitor interface ethernet0/0

set nsrp vsd-group id 0 monitor interface ethernet0/1

set nsrp vsd-group id 0 monitor interface ethernet0/2 




Sync Configuration



SSG520(M)-> exec nsrp sync global-config run
start to synchronize config from peer, continue? y/[n] y


SSG520(B)-> exec nsrp sync global-config check-sum
configuration in sync


Note:
SSG520(M) : Master
SSG520(B)   : Backup

2 comments

  1. Anonymous // March 5, 2012 at 12:02 PM  

    Hi. what's the difference between

    set nsrp monitor interface

    and

    set nsrp vsd-group id 0 monitor interface

    -Scott

  2. Anonymous // September 16, 2012 at 5:46 AM  

    by default, set nsrp monitor interface were referred to vsd-group id 0

Related Posts Plugin for WordPress, Blogger...