杜松 KB提到了一些失败的Juniper设备更换的RMA步骤。有些步骤不够清楚。我在这篇文章中添加了更多中国体育彩票开奖步骤,以供将来参考:

在将RMA设备添加到机箱组之前,有许多准备工作。

步骤1,远程升级JunOS
通常,您的RMA设备已交付生产环境以进行更换。您将必须先远程升级JunOS。


login: root
root>
--- JUNOS 10.0R1.8 built 2009-11-03 10:06:39 UTC
root>

root> show version
Model: srx240-hm
JUNOS 软件 Release [10.0R1.8]

root> configure 
Entering configuration mode

[edit]
root# delete 
This will delete the entire configuration
Delete everything under this level? [yes,no] (no) yes

[edit]
root# set system root-authentication plain-text-password
New password:
Retype new password:

[edit]
root# commit and-quit
commit complete
Exiting configuration mode

root> set chassis cluster cluster-id 4 node 0 reboot 
Successfully enabled chassis cluster. Going to reboot now

fxp0.0接口上的一些基本中国体育彩票开奖和默认静态路由。此外,还需要启用ssh服务。

root> show configuration 
## Last commit: 2016-11-29 03:37:32 UTC by root
version 10.0R1.8;
system {
root-authentication {
encrypted-password "$1$2eav5HPL$01SUB9SOzDJl007hXhNVj0"; ## SECRET-DATA
}
services {
ssh;
}
}
interfaces {
fxp0 {
unit 0 {
family inet {
address 10.9.1.11/24;
}
}
}
}
routing-options {
static {
route 0.0.0.0/0 next-hop 10.9.1.1;
}
}
{primary:node0}
root> request system software add / var / tmp/junos-srxsme-12.1X46-D55.3-domestic.tgz reboot
NOTICE: Validating configuration against junos-srxsme-12.1X46-D55.3-domestic.tgz.
NOTICE: Use the 'no-validate' option to skip this if desired.
Formatting alternate root (/dev/da0s2a)...
/dev/da0s2a: 298.0MB (610284 sectors) block size 16384, fragment size 2048
using 4 cylinder groups of 74.50MB, 4768 blks, 9600 inodes.
super-block backups (for fsck -b #) at:
32, 152608, 305184, 457760
** /dev/altroot
FILE SYSTEM CLEAN; SKIPPING CHECKS
clean, 150096 free (24 frags, 18759 blocks, 0.0% fragmentation)
Checking compatibility with configuration
Initializing...
Verified manifest signed by PackageProduction_10_0_0
Verified junos-10.0R1.8-domestic signed by PackageProduction_10_0_0
Using junos-12.1X46-D55.3-domestic from /altroot/cf/packages/install-tmp/junos-12.1X46-D55.3-domestic
Copying package ...
veriexec: cannot validate /cf/var/validate/chroot/junos/pkg/manifest.certs: unhandled critical extension: /C=US/ST=CA/L=Sunnyvale/O=Juniper 网络s/OU=Juniper CA/CN=PackageProductionRSA_2016/[email protected]
chroot: /usr/bin/hwdb_xml_parser: Authentication error
Unable to regenerate Hardware Database, skipping hardware database checks at install time
chroot: tar: Authentication error
Validating against /config/juniper.conf.gz
cp: /cf/var/validate/chroot/var/etc/resolv.conf and /etc/resolv.conf are identical (not copied).
cp: /cf/var/validate/chroot/var/etc/hosts and /etc/hosts are identical (not copied).
chroot: /usr/sbin/mgd: Authentication error
Validation failed
WARNING: Current configuration not compatible with /altroot/cf/packages/install-tmp/junos-12.1X46-D55.3-domestic

{primary:node0}
root> request system software add / var / tmp/junos-srxsme-12.1X46-D55.3-domestic.tgz reboot no-validate
Formatting alternate root (/dev/da0s2a)...
/dev/da0s2a: 298.0MB (610284 sectors) block size 16384, fragment size 2048
using 4 cylinder groups of 74.50MB, 4768 blks, 9600 inodes.
super-block backups (for fsck -b #) at:
32, 152608, 305184, 457760
** /dev/altroot
FILE SYSTEM CLEAN; SKIPPING CHECKS
clean, 150096 free (24 frags, 18759 blocks, 0.0% fragmentation)
Installing package '/altroot/cf/packages/install-tmp/junos-12.1X46-D55.3-domestic' ...
verify-sig: cannot validate ./certs.pem
unhandled critical extension: /C=US/ST=CA/L=Sunnyvale/O=Juniper 网络s/OU=Juniper CA/CN=PackageProductionRSA_2016/[email protected]

Installation failed for package '/altroot/cf/packages/install-tmp/junos-12.1X46-D55.3-domestic'

安装失败的原因之一是因为设备的日期早于构建jloader的日期,因此该文件的证书尚未生效。

root> set date 201611281600.00    
node0:
--------------------------------------------------------------------------
Mon Nov 28 16:00:00 UTC 2016


另一个原因是,您必须先升级到中间版本,然后才能升级到某些最新版本。例如,首先从JunOS 10升级到12.1×44,然后可以升级到12.1×46

第2步:遵循Juniper KB的说明:

注意:如果系统上启用了IDP功能,则不包括IDP签名数据库步骤。在执行步骤6之前,您必须先停用安全IDP。

  [KB21134]显示KB属性

执行以下过程:

  1. 在进行以下操作之前,请检查以下参数 在机箱集群环境中部署RMA设备:

    确保新RMA设备上的以下参数与机箱集群的活动节点相同。

    • 检查活动群集节点上的硬件,并确保放置在群集中的设备具有相同的硬件设置,并且所有FPC都位于同一插槽中且处于活动状态。检查的命令是 显示机箱硬件.
    • 检查集群活动节点上的Junos版本,然后升级或降级Junos(有关更多信息,请参阅 KB16652 – SRX入门– Junos软件安装/升级)在新设备上;使它们匹配。 
    • 将中国体育彩票开奖保存在工作节点上的文件中,然后将文件上传到服务器中的新设备。 / var / tmp目录。
    • 注意:我们可以使用FAT格式的USB密钥将文件传输到新的SRX中。 
    • 命令: 挂载-t msdos / dev / da0s1 / mnt
  2. 控制台到 隔离的 RMA设备(请确保除控制台电缆以外,没有连接电缆)并执行以下过程:    

    1. 进入中国体育彩票开奖模式。
    2. 执行 #删除 command.
    3. 中国体育彩票开奖root密码:

      # set system root-authentication plain-text-password

    4. 然后提交:

      # commit

  3. 在机箱上中国体育彩票开奖机箱集群 隔离的 RMA设备。 使用以下命令启用机箱集群(您可以执行 显示机箱集群状态 在工作节点上的命令以标识cluster-id):

    code>set chassis cluster cluster-id <id> node <No.>

     <No.> will be 1 or 0,具体取决于要替换的节点。

  4. 重新启动新节点。该节点将在启用集群的情况下联机:
    > request system reboot
  5. 进入中国体育彩票开奖模式并从文件中加载中国体育彩票开奖,该文件已复制到 / var / tmp 步骤1中的目录。 以下命令加载中国体育彩票开奖:
    # load override / var / tmp/<filename>

    注意:如果启用了IDP功能,则必须首先使用以下命令将其停用: 停用安全IDP

  6. 完全加载中国体育彩票开奖后,提交中国体育彩票开奖:

    # commit and-quit

  7. 暂停新节点:

    > request system halt.

  8. 现在,连接交换矩阵和控制端口(确保未连接任何收入端口电缆),然后重新启动节点。
  9. 通过执行以下命令检查FPC PIC的状态 显示机箱fpc图片状态 命令。在输出中,所有FPC和PIC应该都在线。
  10. 当新节点联机时,它应作为辅助节点加入群集。您可以通过执行 显示机箱集群状态 命令。 在输出中,优先级为 RG0 应为已中国体育彩票开奖的值,另一个RG的优先级应为 0,如果已中国体育彩票开奖接口监视。
  11. 在步骤10生成的输出中,如果新节点显示为主节点,请联系Juniper支持以寻求帮助。
  12. 如果在步骤10中生成的输出显示所有RG的主要和辅助输出,则连接所有收入端口电缆,然后再次通过机箱检查机箱集群状态。 显示机箱集群状态 命令。在此输出中,您应该看到所有RG的中国体育彩票开奖值。
  13. 如果可以从新节点访问Internet,请在新节点上更新许可证或下载并加载许可证。如果要在PC上下载许可证,则将其保存在文件中,然后将其上载到服务器中的新节点。 / var / tmp directory:

    > request system licnese update >  If you can access the the internet from the new node.
    > request system license add / var / tmp/<filename> > if adding the license from a file.   

步骤3:排除问题

3.1 群集的节点进入主节点/丢失节点 或主要/主要状态
控制链接和结构链接发送数据包,但什么也没收到。
更改了SRX上的光纤网端口,但情况仍然相同。更换电缆尝试,结果相同。

基于 KB23929,其原因如下:

“默认情况下,对于10.4之前的代码,启用了控制端口标记,它使用了4094 VLAN。对于10.4及更高版本的代码,默认情况下处于禁用状态。

因此,升级/降级将控制端口的一个节点标记为标签,将另一个节点取消标记。因此,这会导致控制数据包丢失,进而导致“裂脑”状况。”

解:

为了避免出现脑裂情况,请通过CLI使用以下命令,将控制链接的两侧设置为标记或未标记:

root> set chassis cluster control-link-vlan enable/disable
warning: A reboot is required for control-link-vlan to be disabled

{primary:node1}
[email protected]> request system reboot 
Reboot the system ? [yes,no] (no) yes

{primary:node1}
[email protected]>
show chassis cluster information detail
node0:
--------------------------------------------------------------------------
Redundancy mode:
Configured mode: active-active
Operational mode: active-active
Cluster configuration:
Heartbeat interval: 1000 ms
Heartbeat threshold: 3
Control link recovery: Enabled
Fabric link down timeout: 66 sec
Node health information:
Local node health: Healthy
Remote node health: Healthy

Redundancy group: 0, Threshold: 255, Monitoring failures: none
Events:
Dec 7 13:57:43.435 : hold->secondary, reason: Hold timer expired
Dec 7 15:48:17.158 : secondary->primary, reason: Control & Fabric links down
Dec 7 15:48:34.749 : primary->secondary-hold, reason: Preempt/yield(10/100)
Dec 7 15:53:34.754 : secondary-hold->secondary, reason: Ready to become secondary
Dec 7 17:53:56.761 : secondary->primary, reason: Control & Fabric links down
Dec 7 17:53:59.428 : primary->secondary-hold, reason: Preempt/yield(10/100)
Dec 7 17:58:59.433 : secondary-hold->secondary, reason: Ready to become secondary

Redundancy group: 1, Threshold: 255, Monitoring failures: none
Events:
Dec 7 13:57:43.512 : hold->secondary, reason: Hold timer expired
Dec 7 15:48:17.134 : secondary->ineligible, reason: Fabric link down
Dec 7 15:48:17.863 : ineligible->primary, reason: Control & Fabric links down
Dec 7 15:48:34.753 : primary->secondary-hold, reason: Monitor failed: IF
Dec 7 15:48:35.762 : secondary-hold->secondary, reason: Ready to become secondary
Dec 7 15:51:00.571 : secondary->ineligible, reason: Fabric link down
Dec 7 17:53:41.929 : ineligible->secondary, reason: fabric link UP
Dec 7 17:53:56.830 : secondary->primary, reason: Control & Fabric links down
Dec 7 17:53:59.431 : primary->secondary-hold, reason: Monitor failed: CS
Dec 7 17:54:00.434 : secondary-hold->secondary, reason: Ready to become secondary
Control link statistics:
Control link 0:
Heartbeat packets sent: 19997
Heartbeat packets received: 19949
Heartbeat packet errors: 0
Duplicate heartbeat packets received: 0
Control recovery packet count: 0
Sequence number of last heartbeat packet sent: 20024
Sequence number of last heartbeat packet received: 20501
Fabric link statistics:
Child link 0
Probes sent: 11579
Probes received: 11575
Child link 1
Probes sent: 0
Probes received: 0
Switch fabric link statistics:
Probe state : DOWN
Probes sent: 0
Probes received: 0
Probe recv errors: 0
Probe send errors: 0
Probe recv dropped: 0
Sequence number of last probe sent: 0
Sequence number of last probe received: 0

Chassis cluster LED information:
Current LED color: Green
Last LED change reason: No failures
Control port tagging:
Disabled
............omitted......

node1:
--------------------------------------------------------------------------
Redundancy mode:
Configured mode: active-active
Operational mode: active-active
Cluster configuration:
Heartbeat interval: 1000 ms
Heartbeat threshold: 3
Control link recovery: Enabled
Fabric link down timeout: 66 sec
Node health information:
Local node health: Healthy
Remote node health: Healthy

Redundancy group: 0, Threshold: 255, Monitoring failures: none
Events:
Dec 7 13:49:59.220 : hold->secondary, reason: Hold timer expired
Dec 7 13:53:47.517 : secondary->primary, reason: Remote node reboot

Redundancy group: 1, Threshold: 255, Monitoring failures: none
Events:
Dec 7 13:49:59.267 : hold->secondary, reason: Hold timer expired
Dec 7 13:51:05.382 : secondary->primary, reason: Remote yield (100/0)
Control link statistics:
Control link 0:
Heartbeat packets sent: 20475
Heartbeat packets received: 20172
Heartbeat packet errors: 0
Duplicate heartbeat packets received: 0
Control recovery packet count: 0
Sequence number of last heartbeat packet sent: 20502
Sequence number of last heartbeat packet received: 20025
Fabric link statistics:
Child link 0
Probes sent: 11740
Probes received: 11585
Child link 1
Probes sent: 0
Probes received: 0
Switch fabric link statistics:
Probe state : DOWN
Probes sent: 0
Probes received: 0
Probe recv errors: 0
Probe send errors: 0
Probe recv dropped: 0
Sequence number of last probe sent: 0
Sequence number of last probe received: 0

Chassis cluster LED information:
Current LED color: Green
Last LED change reason: No failures
Control port tagging:
Disabled
............omitted......

通过 约翰

发表评论