Junos Automation (Scripting)
Reply
Contributor
M.Egan
Posts: 13
Registered: ‎11-22-2010
0

Re: Explain enable-primary-nexthop script

hey guys.

 

So has anyone actually gotten this script to work? I'm trying the script that ccal has provided. Attached is my config snippet.

 

The one thing that I noticed is in the ccal script the next-hop parameter is defined as param $next-hop = "10.0.0.1";

I'm assuming this needs to be modified? Also, I want to know if I can expect the same failover results if I'm pinging a host past the next-hop.

 

Thanks for the help.

Recognized Expert
Mattia
Posts: 198
Registered: ‎03-17-2010
0

Re: Explain enable-primary-nexthop script

Hi Megan, I got the watch-next-hop script to work and I will try to help you, but I'm not sure I understood your question.

 

So, in the script attached by ccall (watch-default-route.slax), the line:

param $next-hop = "10.0.0.1";

assigns a default value to the next-hop parameter. This parameter is passed to the watch-default-route.slax script by the event policy, when the script is invoked, as you can see from the code below:

 

    then {
        event-script watch-default-route.slax {
            arguments {
                next-hop 192.168.20.101;
            }
        }
    }

 So if you are using a different next-hop address, you don't need to modify the watch-default-route.slax script, but the event policy.

 

Regarding the possibility to ping an host past the next-hop, of course you can, you just need to edit the services rpm configuration, changing the target-address.

 

 

I hope I made myself clear, let me know if you need any clarification,

 

Kind regards,

Mattia

 

 

.................................................................................
JNCIP-ENT, JNCIP-SEC, JNCIS-SP
(If this post helped you, please mark it as an "Accepted Solution"; kudos are also appreciated!)


Contributor
M.Egan
Posts: 13
Registered: ‎11-22-2010
0

Re: Explain enable-primary-nexthop script

Thanks for the help. I just got it working. Very nice.

 

How do I monitor this now? I did a show system processes and it doesn't show up.

 

Any ieads?

Recognized Expert
Mattia
Posts: 198
Registered: ‎03-17-2010
0

Re: Explain enable-primary-nexthop script

Hello, in order to monitor the behaviour of the event scripts, I included this line in the system syslog hierarchy of the configuration:

 

file default-log-messages {
    any any;
    structured-data;
}

 You can use the jcs:syslog function to let the script write a customized message to the syslog, with the specified facility and severity values, e.g.:

 

 

expr jcs:syslog("external.info", "Any useful log message");

You can also track the event script operations using the traceoptions statement, as explained here.

 

 

Mattia

.................................................................................
JNCIP-ENT, JNCIP-SEC, JNCIS-SP
(If this post helped you, please mark it as an "Accepted Solution"; kudos are also appreciated!)


Contributor
blacksmith
Posts: 21
Registered: ‎04-12-2010
0

Re: Explain enable-primary-nexthop script

Hi,

 

I found ip-track.slax script. This is an Event script that will simulate a track-ip. The script will take an argument of the host ip and number of ping requests. The script will determine the host down if the number of pings (threshold) lost is greater than 50%. It will not bring the interface down if the number of ping failures is less than 50%. In the script you will need to adjust the interface to bring down and the ping threshold parameters. It is currently set to ge-0/0/2. This will execute every minute.

 

I want to modify the script to activate/deactivate firewall filter on interface or change next-hop on routing-instances rather than disable the interface. Can anyone explain how to do that and give an example? Thanks.

 

ge-0/0/0 {
    description "Link To FW-Outside";
    hold-time up 0 down 2000;
    link-mode full-duplex;
    unit 0 {
        family inet {
            filter {
                input FBF-Route;
            }
            address 10.254.249.244/29 {
                vrrp-group 10 {
                    virtual-address 10.254.249.245;
                    priority 110;
                    advertise-interval 3;
                    preempt;
                    track {
                        interface ge-0/0/1.0 {
                            priority-cost 10;
                        }
                    }
                }
            }
        }
    }
}
ge-0/0/1 {
    description "*** Link ISP ***";
    hold-time up 0 down 2000;
    unit 0 {
        family inet {
             address 117.10.10.10/30;
        }
    }
}

routing-instances {
    fbf {
        instance-type forwarding;
        routing-options {
            static {
                route 0.0.0.0/0 {
                    qualified-next-hop 10.254.249.246;
                    qualified-next-hop 117.10.10.9 {
                        preference 200;
                    }
                }
            }
        }
    }
}

 

Regards,

Anto

Visitor
dugolotti
Posts: 3
Registered: ‎01-19-2011
0

Re: Explain enable-primary-nexthop script

Hi,

I've tried your solution (script + event-optins policy) and it works fine! Thanks!

But I have a little bit complicated case, I have two ISP and the the traffic from LAN

to port TCP 80 and 443 must be directed to ISP2 and the other traffic to ISP1.

Well, I've setup the Filter Based Forwarding defining two routing-instances

routing-table-ISP1 and routing-table-ISP2.In attachment a brief configuration extract:

 

 

So it is working well. The drawback of this configuration is that it works and recover from ISP1/2 to ISP2/1 only if the

physical interface goes down. But I have the firewall connected via ethernet to the CPE router of the ISPx and the ethernet never goes down. So if the WAN link is down the only way to test it is to use "ping server", a host in the network cloud of the ISP.

Your script instead is fine because if the "ping server" (the rpm target address)  is down it install the default route on the second ISP.

The main problem is that I have in routing table three routing instances inet.0, routing-table-ISP1 and routing-table-ISP2; if the "ping server" of the ISP2 goes down I've to change the default route of the routing-table-ISP2 and not the inet.0. Is this possible to do? 

Furthermore I need to use two "ping server" one for each ISP in order to swap to the other ISP if the relative "ping server" is down.

Could you help me to find a solution?

Thank you in advance

 

Regards

 

 

 

 

Recognized Expert
Mattia
Posts: 198
Registered: ‎03-17-2010
0

Re: Explain enable-primary-nexthop script

[ Edited ]

Hello,

I'll try to give you a hint :-)

 

In order to monitor two hosts reachable through different routing-instances I think you will have to configure two distinct rpm probe, like this:

 

[edit services rpm]
admin@router# show 
probe ISP-1 {
    test ping-ISP-1 {
        target address 1.1.1.1;
        probe-count 10;
        probe-interval 1;
        test-interval 400;
        routing-instance routing-table-ISP1;
    }
}

probe ISP-2 {
    test ping-ISP-2 {
        target address 2.2.2.2;
        probe-count 10;
        probe-interval 1;
        test-interval 400;
        routing-instance routing-table-ISP2;
    }
}

 

Then you will have to edit the script, to modify the configuration under the specific routing instance.You can use an if statement to match the probe name, and then you can define the configuration change like this:

 

var $int = <configuration> {
                <routing-instances> {  
                    <instance> {
             <name> "routing-table-ISP1";    
                          <interfaces> {
                             <interface> {
                                <name> $if;
                                    <disable>;
                   }
                 }
             }
         }
call jcs:load-configuration($connection = $con, $configuration = $int);

 

 I hope this helps, let me know if you need further claritification.

 

 

 

.................................................................................
JNCIP-ENT, JNCIP-SEC, JNCIS-SP
(If this post helped you, please mark it as an "Accepted Solution"; kudos are also appreciated!)


Visitor
dugolotti
Posts: 3
Registered: ‎01-19-2011
0

Re: Explain enable-primary-nexthop script

Hi Mattia,

thanks for your help. I've used some of your hints and now it works.

In attachment a brief configuration extract.

I've edited the watch-default-route.slax script and I've set up the script

for ISP1 and ISP2 and edited in order to check configuration of routing instances.

Now it works, when the pingserver 1 goes down in the routing instances ISP1 the default

route goes to ISP2 in the routing instances ISP1 and vice-versa (when pingserver to ISP2 goes down, the default goes to ISP1 in the

routing instances ISP2).

 

 

 

Thanks again!

 

D

Visitor
Torsten
Posts: 2
Registered: ‎02-10-2011
0

Re: Explain enable-primary-nexthop script

Hi dugolotti,

 

could you please post your modified watch-default-ISP1.slax script? I'm working on the same problem right now, but the script can't detect the inactive route on the routing-instance. Deactivation of the qualified-next-hop is working fine.

 

Here's the part out of my code:

 

/* Retrieve the current configuration for the static route */
var $configuration-rpc = {
<get-configuration database="committed"> {
<configuration> {
<routing-instances> {
<instance> {
<name> "HTTP-Redirect";
<routing-options>;
}
}
}
}
}
var $current = jcs:invoke( $configuration-rpc );

/* Grab the routing-options static node to make further location paths shorter */
var $static = $current/routing-options/static;

/* Is the route currently inactive? */
var $inactive = $static/route[name == "0.0.0.0/0"]/qualified-next-hop[name == $next-hop]/@inactive;

 

the value for inactive seems to be always empty, although the route itself is inactive.

 

show configuration routing-instances HTTP-Redirect routing-options static route 0.0.0.0/0
qualified-next-hop 192.168.25.249 {
preference 100;
}
inactive: qualified-next-hop 192.168.24.113;

 

 

Greetings,

Torsten

Visitor
dugolotti
Posts: 3
Registered: ‎01-19-2011
0

Re: Explain enable-primary-nexthop script

Hi, following you can find the script I've used.

I hope it will help you to solve your problem.

Please tell me if you need further informations.

 

Bye

Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.