SRX Services Gateway
Showing results for 
Search instead for 
Do you mean 
Reply
Contributor
Posts: 14
Registered: ‎09-27-2016
0 Kudos

SRX300 dual isp failover question

Hello all,

 

I have some SRX300 devices at a couple of customers and on all these devices we have failover configured.

These customers all have Cable and a DSL connection.

Cable is primary and DSL is failover/secondary.

 

When there is a error on the Cable isp the SRX300 is switching over to the DSL ISP

But when the Cable isp is coming back the connection is not switching back.

The only way to achieve this is to reboot the SRX300

 

services {
    rpm {
        probe probe-internet {
            test test-1 {
                target address 8.8.8.8;
                probe-count 3;
                probe-interval 2;
                test-interval 2;
                thresholds {
                    successive-loss 3;
                    total-loss 3;
                }
                destination-interface ge-0/0/0.0;
                next-hop 1.2.3.4;
            }
        }
    }
    ip-monitoring {
        policy test-1 {
            match {
                rpm-probe probe-internet;
            }
            then {
                preferred-route {
                    route 0.0.0.0/0 {
                        next-hop 5.6.7.8;
                    }
                }
            }
        }
    }
}

The ip adresses in the config above are not the real ip addresses but 1.2.3.4 is the next-hop for the Cable connection connected to GE-0/0/0.0 and 5.6.7.8 is the next-hop address for the DSL connection and is connected to GE-0/0/1.0

 

Is there something i overlook here ?

I am pretty sure this is all i have to setup

 

Regards,

 

Robbert

 

Highlighted
Juniper Employee
Posts: 20
Registered: ‎10-15-2014
0 Kudos

Re: SRX300 dual isp failover question

I did a quick test with your configuration and it worked. I didnot specify next-hop though. 

 

Preempt is enabled by default and once probe suceeds then it should failover. 

 

[edit]
root@Test-Device# run show services ip-monitoring status    

Policy - test-1 (Status: PASS)
  RPM Probes:
    Probe name             Test Name       Address          Status   
    ---------------------- --------------- ---------------- ---------
    probe-internet         test-1          10.200.104.254   PASS     
  Route-Action:
    route-instance    route             next-hop         state
    ----------------- ----------------- ---------------- ------------- 
    inet.0            0.0.0.0/0         5.6.7.8          NOT-APPLIED  
	
[edit]
root@Test-Device# run show services ip-monitoring status    

Policy - test-1 (Status: FAIL)
  RPM Probes:
    Probe name             Test Name       Address          Status   
    ---------------------- --------------- ---------------- ---------
    probe-internet         test-1          10.200.104.254   FAIL     
  Route-Action:
    route-instance    route             next-hop         state
    ----------------- ----------------- ---------------- ------------- 
    inet.0            0.0.0.0/0         5.6.7.8          APPLIED      

	
root@Test-Device# run show services ip-monitoring status            

Policy - test-1 (Status: PASS)
  RPM Probes:
    Probe name             Test Name       Address          Status   
    ---------------------- --------------- ---------------- ---------
    probe-internet         test-1          10.200.104.254   PASS     
  Route-Action:
    route-instance    route             next-hop         state
    ----------------- ----------------- ---------------- ------------- 
    inet.0            0.0.0.0/0         5.6.7.8          NOT-APPLIED  	

Can you check rpm and ip-monitoring status after Cable connection is restored. 

Contributor
Posts: 14
Registered: ‎09-27-2016
0 Kudos

Re: SRX300 dual isp failover question

Hi Arunsamy,

 

Thanx for the quick support

 

I did specify a next-hop because (i think it is working this way)

When the failover (DSL) is active i cannot probe through GE-0/0/0.0 (Cable) with the active next-hop (DSL)

So the probe never succeeds and the connection is not switching back.

When i specify a next-hop the probe knows what route to take.

 

The strange thing is it occurs on multiple locations (but all happened when i was on holiday)

 

I am not on location right now but i check it out when i am.