Synchronizing Runtime Objects; Changing Vsd Group Member States (Nsm Procedure) - Juniper NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING SCREENOS DEVICES GUIDE REV 01 Manual

Synchronizing Runtime Objects

Related
Documentation

Changing VSD Group Member States (NSM Procedure)

Copyright © 2010, Juniper Networks, Inc.
After synchronizing the configurations and files, you can then synchronize the runtime
objects (RTOs). RTOs are code objects created dynamically in memory during normal
operation. Some examples of RTOs are session table entries, ARP cache entries, DHCP
leases, and IPsec security associations (SAs). In the event of a failover, the new primary
device must maintain the current RTOs to avoid service interruption.
To ensure session back up, the members of an NSRP cluster backup the RTOs using an
RTP mirror group. An RTO mirror group is two security devices that pass RTOs
unidirectionally from a sender to a receiver. You can also create a second mirror group
(with a different group ID from the first group) for the same devices but reverse the roles
of sender and receiver. Working together, each member backs up the RTOs from the
other, which permits RTOs to be maintained if the primary device of either VSD group in
an active/active HA scheme fails.
After you add the cluster members, you can configure RTO synchronization to enable
each member to send and receive RTOs. However, by default, NSRP cluster members
do not synchronize their configurations before synchronizing RTOs; before enabling RTO
synchronization, you must first synchronize the configurations between the cluster
members. Unless the configurations on both members in the cluster are identical, RTO
synchronization might fail.
Virtual Routers Overview on page 296
Virtual Router General Properties Overview on page 297
NSRP Clusters Overview on page 363
Creating an NSRP Cluster on page 365
Active/Active Configurations Overview on page 370
Configuring an Active/Active Cluster (NSM Procedure) on page 371
Configuring Active/Passive Cluster on page 366
Changing VSD Group Member States (NSM Procedure) on page 373
If necessary, for troubleshooting or maintenance, you can force a device to assume a
new mode (master, backup, or ineligible) in a specified VSD group. To change a VSD
group member state:
In the NSM navigation tree, select Device Manager > Devices, and then double-click
1.
the cluster to open the cluster configuration.
In the Device Manager, double-click the cluster to open the cluster configuration.
2.
In the cluster navigation tree, select NSRP Directives > Exec Mode.
3.
Select the device that will assume a new role, and then click Exec Mode. The Mode
4.
Selection dialog box appears.
Chapter 13: High Availability
373