Configuring Cluster Members

You should configure cluster negotiation parameters and enable the cluster function for cluster members.

Prerequisites

The cluster feature has a unified configuration UI. That is, the CLIs of cluster members can be switched for unified configuration and O&M. Create the same SSH user on each member device and enable SSH login on the corresponding negotiation interface. For the configuration, see CLI: Example for Logging In to the CLI Using STelnet (Local Authentication).

Context

You are advised to set the same cluster negotiation parameters for members added to a cluster.

Cluster member devices must be configured one by one, starting from the expected management master device, so that it can become the management master device after the cluster function is enabled.

It is recommended that devices joining a cluster meet the following requirements:

Empty devices with default factory settings: Only configure interface IP addresses and assign interfaces to security zones before adding it to a cluster.
Devices with other configurations:
- Restore to the default factory settings and configure them as empty devices.
- After the configuration, restart the devices, so that the devices automatically synchronize configuration with the management master device and join the cluster.

Procedure

Access the system view from the user view.
```
system-view
```

Set cluster negotiation parameters.

Configuration Item	Configuration Command
Cluster ID	cluster id cluster-id [ description description ] A cluster ID identifies a cluster. Devices with the same cluster ID compose a cluster.
Key	cluster channel encryption-key key By default, packets are transmitted between cluster members in plain text. For security, you are advised to run this command to configure a shared key. Then, negotiation packets exchanged between cluster members are encrypted.
Detection packet sending interval	cluster detect-interval detect-interval By default, detection packets are sent every second. If no response packet is received after three consecutive detection packets are sent, a device considers the peer separated from the cluster. In this case, the cluster updates the cluster members and business group status.
Hello packet sending interval/Hello packet detection multiplier	Hello packet sending interval: cluster timer hello time Hello packet detection multiplier: cluster timer holding-multiplier time After a cluster is created, management master and backup devices in the cluster periodically (Hello packet sending interval) send Hello packets to each other (backup devices will not send Hello packets to each other). If the management master device does not receive Hello packets from a peer within the timeout period, it considers the peer not in the cluster any more. Hello packet timeout period = Hello packet detection multiplier x Hello packet sending interval (default Hello packet sending interval: 1 second; default Hello packet detection multiplier: 3)
Number of service backup nodes	cluster backup node-num node-num The default value is 2. For example, if the value is 2, service entries on a device will be backed up to other two member devices. You should appropriately set the number of backup nodes. If a large value is set, a large amount of bandwidth will be occupied for backup, compromising the performance of the cluster system.
Configure the preemption function for the business group.	cluster preempt By default, the function is enabled. After the function is enabled, the original business master preempts the master state after recovering from a fault. After the function is disabled, the original business master preempts the master state only when its health is higher than that of the current business master. In specific scenarios, for example, if you want the network to be stable and do not want frequent traffic switching, you can disable preemption function.
Preemption Delay	cluster preempt delay interval The default value is 60 seconds. The preemption mechanism is enabled for business groups by default. In general, you are advised to set a preemption hold-off period to preserve backup time for route convergence and entry backup. If the hold-off period is too short, it may result in service anomalies.
List of cluster members	cluster ip-list node node-id negotiation ip-address backup ip-address forward ip-address node node-id: the ID of a member in the cluster. negotiation ip-address: the IP of negotiation channel. backup ip-address: the IP of backup channel forward ip-address: the IP of forwarding channel. Repeat these commands to configure all cluster members.

Specify the cluster member ID of the local device in the cluster.
```
cluster node bind node-id
```
Enable the cluster function.
```
cluster enable
```
After the cluster function is enabled, if a device joins a cluster, cluster negotiation starts. The device will become the management master or backup device in the cluster based on the negotiation result.
- Management master device
  
  Cluster-supported functions must be configured on the management master device. Then, the device synchronizes the configuration to other members. C_NoX_M is displayed in front of the command line prompt of the master device, in which X indicates the ID of the device in the cluster, for example, C_No2_M.
- Management backup device
  
  C_NoX_S is displayed in front of the command line prompt of the backup device, in which X indicates the ID of the device in the cluster, for example, C_No3_S.

Follow-up Procedure

After a cluster is established, you need to perform the following operations to add, delete, or change a shared key:

Run the cluster channel encryption-key key command on each member device to change the shared key.
Run the cluster channel encryption-key commit command on the management master device to make the new shared key take effect.