hi all,
I have SRX24H2 cluster on one side with 2 DPD external IP configured (the other side have 2x srx220 regular configurationion )
Hostname: SRX-RED
Model: srx240h2
JUNOS Software Release [12.1X44-D35.5]
admin@SRX240> show security monitoring fpc 0
node0:
--------------------------------------------------------------------------
FPC 0
PIC 0
CPU utilization : 41 %
Memory utilization : 66 %
Current flow session : 5038
Current flow session IPv4: 4294796042
Current flow session IPv6: 176292
Max flow session : 409600
Total Session Creation Per Second (for last 96 seconds on average): 1114
IPv4 Session Creation Per Second (for last 96 seconds on average): 1114
IPv6 Session Creation Per Second (for last 96 seconds on average): 0
node1:
--------------------------------------------------------------------------
FPC 0
PIC 0
CPU utilization : 0 %
Memory utilization : 65 %
Current flow session : 87
Current flow session IPv4: 87
Current flow session IPv6: 0
Max flow session : 409600
Total Session Creation Per Second (for last 96 seconds on average): 0
IPv4 Session Creation Per Second (for last 96 seconds on average): 0
IPv6 Session Creation Per Second (for last 96 seconds on average): 0
{primary:node0}
admin@SRX240>
sometimes multiplesVPN goes down at the same times, they stop using the primary IP (primary SRX) and try to use the second IP (secondary SRX) (Second SRX has 0.0.0.0/0 discard until it becomes the VRRP master, so it will never initiate VPN with SRX240 without being the master).
with this been said, you now know why when DPD try to use the secondary SRX till will never succeed.
my Question why this happens in the first place?
1. the first SRX is up and active so why SRX240 try to jump to the second SRX?
2. why DPD won't try back the first SRX after a couple of failed retries with the second SRX?
I'm unable to find good documentation for this, I will appreciate any help on this.
regards,