05-01-2012 08:53 AM - edited 05-01-2012 08:55 AM
I have a (hopefully) quick question on expected behavior of the qualified-next-hop feature.
All the documentation I've read says the qualified-next-hop is chosen based on metric, preference, and reachability, but I haven't found much to define how reachability is determined.
We have a scenario where we're using FBF to forward web traffic to a filtering appliance. Because the filtering appliance is a single host, it presents a single point of failure. I would like a way to automatically either change the route in my forwarding instance or remove the firewall filters moving traffic into the forwarding instance when the web filter hosts IP address is unreachable.
I have seen numerous references to qualified-next-hop not functioning as expected when an interface doesn't physically go down, which leads me to believe qualified-next-hop is just looking at interface admin status for reachability.
I know we can use event-scripts to make this happen but would prefer to do it with basic routing functionality if possible.
So, my question is, how does qualified-next-hop determine reachability of the hop? Will it use ICMP, or just interface admin state?
Solved! Go to Solution.
05-01-2012 10:07 AM - edited 05-01-2012 10:11 AM
Hi, the qualified next-hop statement does not track the reachibility of the next-hop; the primary route is deactivated only if the outgoing interface goes down. If it is supported on your platform (and SW version), you could use the ip monitoring feature to perform the failover. A good explanation, which seems to fit your scenario, is in the KB 22052 (here).
Otherwise, I think you should indeed use an event-script... you can find some useful examples in the junos automation board of this forum!
JNCIP-ENT, JNCIP-SEC, JNCIP-SP et al.
(If this post helped you, please mark it as an "Accepted Solution"; kudos are also appreciated!)
05-01-2012 10:34 AM
Thanks so much for your follow up - this was my suspicion, I appreciate you taking the time to confirm it.
We're aware of the newer ip monitoring feature, but we're a ways off from code that supports it. Looks like event-script is the way to go!
Thanks again and best regards!