I'd like to move this theme up.
I'm trying to realise same functionality in our environment. We have 2 ISP and want to failover our ipsec tunnel to datacenter with failback.
As I can see - best way is to use ip-monitoring but there is one problem.
When I'm trying to add preferred route to interface st0.1 with ip-monitor.
ip-monitoring {
policy isp1-policy {
match {
rpm-probe test-isp1;
}
then {
preferred-route {
route 0.0.0.0/0 {
next-hop 213.33.222.157;
}
route 10.1.0.0/16 {
next-hop st0.1;
}
}
}
}
}
We getting route table like this:
inet.0: 7 destinations, 9 routes (7 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
0.0.0.0/0 *[Static/1] 00:00:02, metric2 0
> to 213.33.222.157 via fe-0/0/3.0
10.1.0.0/16 *[Static/1] 00:00:02, metric2 0
> to 213.33.222.157 via fe-0/0/3.0
[Static/5] 00:01:18, metric 10
> via st0.0
[Static/5] 00:01:13, metric 20
> via st0.1
Why do we get route to base interface instead of tunnel interface? And here is part of route table before applying ip monitor policy:
inet.0: 8 destinations, 9 routes (8 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
0.0.0.0/0 *[Static/5] 15:41:30
> to 212.248.11.1 via fe-0/0/2.0
10.1.0.0/16 *[Static/5] 00:00:08, metric 10
> via st0.0
[Static/5] 00:00:03, metric 20
> via st0.1
We have no IP addresses on tunnel interface.
st0 {
unit 0 {
family inet;
}
unit 1 {
family inet;
}
}