Hi Asif,
The Primary node uses its own routing table to respond to to-the-box packets and Secondary node uses something called a backup router (since routing is not running on Secondary).
On Primary node, you need static route to the subnet from where you are initiating Ping and SSH from (source).
For Secondary node, you need to have backup-router configured under [edit groups node <0/1>] system ] heirarchy. Since either node can be Secondary at different times, it is recommended to configre backup router for both nodes.
A few things to remember:
1) Both nodes fxp0 should be (best practice) in same subnet.
2) The same IP is used as next-hop on Primary and backup-router on Secondary.
Backup router config: https://kb.juniper.net/InfoCenter/index?page=content&id=KB15580&actp=search
Example: If you are managing from subnet 10.11.12.0/24 and if 172.16.10.254 is default gateway in management subent, then you will need following lines:
# set routing-options static route 10.11.12.0/24 next-hop 172.16.10.254
# set groups node0 system backup-router 172.16.10.254 destination 10.11.12.0/24
# set groups node1 system backup-router 172.16.10.254 destination 10.11.12.0/24
Thanks,
Srinath
# If this post helped resolve yoru issue, please mark this post as an "Accepted Solution". Kudos are also appreciated. #