Hi guys,
Ihave a question regarding a switchover i want to perform on our ISG 2000 cluster.
We have an Active/Passive NSRP configuration. We basically want to switch over the current Active fwl to the backup and lock to that configuration. So basicallymy backup ISG will become active and remain active.
-First of all, is this procedure suficient for what we need to achieve?
http://kb.juniper.net/InfoCenter/index?page=content&id=KB9810
-Second, the "exec nsrp vsd-group 0 mode ineligible" command will leave the fwl ineligible for master so i guess we have to change our nsrp priorities?
Heres my NSRP config:
Current Active FWL
set nsrp cluster id 5 set nsrp rto-mirror sync set nsrp rto-mirror route set nsrp rto-mirror session ageout-ack set nsrp vsd-group id 0 priority 50 set nsrp vsd-group id 0 preempt set nsrp encrypt password xxx set nsrp auth password xxx set nsrp monitor interface ethernetx/x set nsrp monitor interface ethernetx/x set nsrp monitor interface ethernetx/x
Current backup FWL
set nsrp cluster id 5 set nsrp rto-mirror sync set nsrp rto-mirror route set nsrp rto-mirror session ageout-ack set nsrp vsd-group id 0 priority 100 set nsrp encrypt password xxx set nsrp auth password xxx
Should we set a lower priority and set the preempt option on the backup FWL prior to the switchover and then issue
exec nsrp vsd-group 0 mode backup
on the Active FWL?
What about the RTO commands. Should they be manually configured on the current active FWL before switchover as well?
Thanks in advance for any pointers and please let me know if you need further info!