Question 1 - JN0-637 discussion

Comprehensive Detailed Step-by-Step Explanation with All Juniper Security Reference

Understanding the Scenario:

Multinode HA Default Mode Deployment:

In a chassis cluster, two SRX devices operate together to provide high availability.

ICL (Inter-Cluster Link) is Down:

The control and fabric links between the nodes are not operational.

Objective:

Determine how the SRX devices verify each other's activeness without the ICL.

Option A: Custom IP addresses may be configured for the activeness probe.

When the control link is down, SRX devices use an ICMP ping-based activeness probe to check the peer's status.

Custom IP addresses can be configured as probe targets to verify the peer's activeness.

'You can configure the SRX Series device to send activeness probes to a configured IP address to verify the peer's state when the control link is down.'

Source: Juniper Networks Documentation - Control Link Failure Detection

Option D: Each peer sends a probe with the virtual IP address as the source IP address and the upstream router as the destination IP address.

The SRX devices send ICMP probes to an upstream device using the redundancy group's virtual IP address as the source.

This helps determine if the peer node is still active by verifying network reachability.

'When the control link fails, each node sends ICMP pings to the configured probe addresses using the redundancy group's virtual IP address as the source.'

Source: Juniper Networks Documentation - Chassis Cluster Control Link Failure

Why Options B and C are Incorrect:

Option B: Fabric link heartbeats cannot be used because the ICL (which includes the fabric link) is down.

Option C: Probes are sent to upstream devices, not using the virtual IP address as the destination.

Conclusion:

The correct options are A and D because they accurately describe how SRX devices verify activeness without the ICL.