SRX Services Gateway
Reply
Contributor
microguy
Posts: 14
Registered: ‎09-01-2010
0

Filter based Forwarding with Failover

Hello guys,

 

My question is pretty straight forward and most of the people must be looking for its solution.

 

How to configure Failover with Filter based Forwarding???

 

Let me brief my situation.

 

I have SRX210-HM, its working great with filter based forwarding. I am forwarding some VLANs to ISP 1 and rest of them to ISP2. Things work great.

 

But the reason of having 2 ISPs is to have resilience in the network, if one ISP gets down, another ISP can keep us connected to Internet. The following is supposed to provide fail-over but it does not trigger automatically.

 

routing-instances {
    routing-table-ISP1 {
        instance-type forwarding;
        routing-options {
            static {
                route 0.0.0.0/0 {
                    next-hop 10.1.1.2;
                    qualified-next-hop 10.2.2.2 {
                        preference 100;
                    }
                }
            }
        }
    }
    routing-table-ISP2 {
        instance-type forwarding;
        routing-options {
            static {
                route 0.0.0.0/0 {
                    next-hop 10.2.2.2;
                    qualified-next-hop 10.1.1.2 {
                        preference 100;
                    }                   
                }
            }
        }
    }
}

 

Then I found this link http://www.juniper.net/us/en/local/pdf/script-library/event-enablenexthop.book-en.pdf which triggers automatically by looking at ping response.

 

The problem in using this script is it uses only one link set as primary link and switches over to alternate link once the primary link is down. But I need to use both ISPs in normal cases using filter based routing but when any one of them get down, it switches over to the working ISP until the failed ISP comes back in working state.

 

Experts, please help us out.

 

Thanks in advance.

Contributor
microguy
Posts: 14
Registered: ‎09-01-2010
0

Re: Filter based Forwarding with Failover

Anybody there??

Super Contributor
tbehrens
Posts: 349
Registered: ‎04-30-2010
0

Re: Filter based Forwarding with Failover

[ Edited ]

Nobody here but us bunnies!


Check KB15545 . We've tested it and it works. It's also quite involved - I'm still not sure I understand it 100%, though I get the gist of it - and the use of VRs means that certain services won't work inside those VRs, most notably DHCP and IKE. Make sure that's not going to cause issues before jumping.

 

IKE becomes available with 11.1, you could conceivably wait until 11.1r3 or r4 is out and then gain the ability to terminate VPN tunnels on your 2nd ISP connection.

 

Contributor
microguy
Posts: 14
Registered: ‎09-01-2010
0

Re: Filter based Forwarding with Failover

 

Thanks tbehrens for replying.

 

Unfortunately I dont have access to the KB you suggested, I just placed a request to grant me access.

 

Secondly, I dunt care about VPNs, as I am going to use another device as VPN server. So IKE service shouldn't trouble me. DHCP is also being used internally so that is also fine.

 

I will check the KB once I get access to.

 

Thanks

Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.