Automation

last person joined: 4 days ago 

Ask questions and share experiences about Apstra, Paragon, and all things network automation.

  • 1.  SRX210 CX111 failover script help!!

    Posted 05-01-2012 06:31

    I have a SRX210 with CX111 connected as backup WAN link. I followed the Juniper configuraiton guide on how to set the CX111 as a backup WAN link using automated RPM scripts. I downloaded the event and commit script from Juniper.net and configured SRX as shown in config guide. The problem is the RPM script does not work. When I unplug my primary WAN link, ge-0/0/0, the RPM should enable ge-0/0/1 which will pull a DHCP address from the CX111. At that point I should receive an new default route from the 3/4G ISP.

     

    Does anyone have experience with this?

     

    !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

     

    Files are in the correct dir on the SRX.

     

    [edit]
    root@775-MOCK# run file list /var/db/scripts/commit/

    /var/db/scripts/commit/:
    rpm-monitor-config.xslt*

    [edit]
    root@775-MOCK# run file list /var/db/scripts/event/

    /var/db/scripts/event/:
    rpm-monitor.xslt*

    [edit]
    root@775-MOCK#

     

    !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

     

    Config is good


    [edit system scripts commit]
    root@775-MOCK# show
    allow-transients;
    file rpm-monitor-config.xslt;

    [edit system scripts commit]
    root@775-MOCK#

     

    [edit event-options]
    root@775-MOCK# show
    event-script {
        file rpm-monitor.xslt;
    }

    [edit event-options]
    root@775-MOCK#

     

    [edit services rpm probe rpm-monitor-probes test server1]
    root@775-MOCK# show
    probe-type icmp-ping;
    target address 198.253.175.5; !!!THIS IS 2ND HOP DOWNSTREAM ROUTER!!!
    probe-count 5;
    probe-interval 5;
    test-interval 15;
    source-address 150.125.100.2; !!THIS IS ge-0/0/0.0. NEXT HOP .1/30!!

    [edit services rpm probe rpm-monitor-probes test server1]
    root@775-MOCK#

     

    !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

    Pings are good

     

    root@775-MOCK# run show services rpm history-results
        Owner, Test                 Probe received              Round trip time
        rpm-monitor-probes, server1 Mon Apr 23 09:27:21 2012             5044 usec
        rpm-monitor-probes, server1 Mon Apr 23 09:27:26 2012            63445 usec
        rpm-monitor-probes, server1 Mon Apr 23 09:27:31 2012            12792 usec
        rpm-monitor-probes, server1 Mon Apr 23 09:27:37 2012           153927 usec
        rpm-monitor-probes, server1 Mon Apr 23 09:27:41 2012             6659 usec
        rpm-monitor-probes, server1 Mon Apr 23 09:27:57 2012           103238 usec
        rpm-monitor-probes, server1 Mon Apr 23 09:28:02 2012             5800 usec
        rpm-monitor-probes, server1 Mon Apr 23 09:28:07 2012           107052 usec

     

    !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

    Parsed log file. Always says same thing

     

    root@775-MOCK# run show log rpm-monitor | last
    Apr 23 09:31:53  775-MOCK cscript: rpm-monitor: Triggered by ping_test_up test server1 owner rpm-monitor-probes
    Apr 23 09:31:54  775-MOCK cscript: rpm-monitor: RPM probe up flagged, but there is nothing to do with the routes
    Apr 23 09:31:54  775-MOCK cscript: rpm-monitor: RPM probe up flagged, but there is nothing to do with the interfaces
    Apr 23 09:31:54  775-MOCK cscript: rpm-monitor: RPM probe up flagged, but there is nothing to do with the logical interfaces
    Apr 23 09:33:05  775-MOCK cscript: rpm-monitor: Triggered by ping_test_up test server1 owner rpm-monitor-probes
    Apr 23 09:33:06  775-MOCK cscript: rpm-monitor: RPM probe up flagged, but there is nothing to do with the routes
    Apr 23 09:33:06  775-MOCK cscript: rpm-monitor: RPM probe up flagged, but there is nothing to do with the interfaces
    Apr 23 09:33:06  775-MOCK cscript: rpm-monitor: RPM probe up flagged, but there is nothing to do with the logical interfaces
    Apr 23 09:34:16  775-MOCK cscript: rpm-monitor: Triggered by ping_test_up test server1 owner rpm-monitor-probes
    Apr 23 09:34:16  775-MOCK cscript: rpm-monitor: RPM probe up flagged, but there is nothing to do with the routes
    Apr 23 09:34:16  775-MOCK cscript: rpm-monitor: RPM probe up flagged, but there is nothing to do with the interfaces
    Apr 23 09:34:16  775-MOCK cscript: rpm-monitor: RPM probe up flagged, but there is nothing to do with the logical interfaces

     

    !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

     

    Pull primary WAN link

     

     rpm-monitor-probes, server1 Mon Apr 23 09:35:21 2012             5224 usec
        rpm-monitor-probes, server1 Mon Apr 23 09:35:36 2012            47657 usec
        rpm-monitor-probes, server1 Mon Apr 23 09:35:41 2012  No route to target
        rpm-monitor-probes, server1 Mon Apr 23 09:35:46 2012  No route to target
        rpm-monitor-probes, server1 Mon Apr 23 09:35:52 2012  No route to target

    [edit]
    root@775-MOCK# run show log rpm-monitor | last
    Apr 23 09:33:05  775-MOCK cscript: rpm-monitor: Triggered by ping_test_up test server1 owner rpm-monitor-probes
    Apr 23 09:33:06  775-MOCK cscript: rpm-monitor: RPM probe up flagged, but there is nothing to do with the routes
    Apr 23 09:33:06  775-MOCK cscript: rpm-monitor: RPM probe up flagged, but there is nothing to do with the interfaces
    Apr 23 09:33:06  775-MOCK cscript: rpm-monitor: RPM probe up flagged, but there is nothing to do with the logical interfaces
    Apr 23 09:34:16  775-MOCK cscript: rpm-monitor: Triggered by ping_test_up test server1 owner rpm-monitor-probes
    Apr 23 09:34:16  775-MOCK cscript: rpm-monitor: RPM probe up flagged, but there is nothing to do with the routes
    Apr 23 09:34:16  775-MOCK cscript: rpm-monitor: RPM probe up flagged, but there is nothing to do with the interfaces
    Apr 23 09:34:16  775-MOCK cscript: rpm-monitor: RPM probe up flagged, but there is nothing to do with the logical interfaces
    Apr 23 09:35:26  775-MOCK cscript: rpm-monitor: Triggered by ping_test_up test server1 owner rpm-monitor-probes
    Apr 23 09:35:26  775-MOCK cscript: rpm-monitor: RPM probe up flagged, but there is nothing to do with the routes
    Apr 23 09:35:26  775-MOCK cscript: rpm-monitor: RPM probe up flagged, but there is nothing to do with the interfaces
    Apr 23 09:35:27  775-MOCK cscript: rpm-monitor: RPM probe up flagged, but there is nothing to do with the logical interfaces
    ---(more 100%)---[abort]

     

     

    !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

    ge-0/0/1 is not turned on by script

     

    root@775-MOCK# run show interfaces ge-0/0/1 terse
    Interface               Admin Link Proto    Local                 Remote
    ge-0/0/1                up    up
    ge-0/0/1.0              down  up   eth-switch

    [edit]
    root@775-MOCK# run show configuration interfaces ge-0/0/1
    description CX-WAN-LINK;
    unit 0 {
        apply-macro rpm-monitor-server1 {
            test-name server1;
            test-owner rpm-monitor-probes;
        }
        disable;
        family ethernet-switching {
            port-mode trunk;
            vlan {
                members [ data management ];
            }
            native-vlan-id data;
        }
    }

    [edit]
    root@775-MOCK#



  • 2.  RE: SRX210 CX111 failover script help!!

    Posted 05-01-2012 07:53

    When I look at syslog messages, it says PING_TEST_COMPLETED. I'm using a firewall filter on upstream router blocking RPM probe to simulate a failed ping. I have a counter on the upstream filter and the pings are dropped. Additionally when I try a manual ping it fails as expected. I have no clue why the PING_TEST_FAILED event will not get generated!!



  • 3.  RE: SRX210 CX111 failover script help!!

    Posted 05-01-2012 10:32

    Update, so after using the logger -e PING_TEST_FAILED command from shell I can successfully trigger the script. Now I need figure out why a known RPM failure is not generating a PING_TEST_FAILED event. So the script is good, RPM probe not triggering. Arghh!



  • 4.  RE: SRX210 CX111 failover script help!!

     
    Posted 05-01-2012 22:43
    Hi, when you activate the firewall filter (in order to let the ping fail), is the output of "show services rpm probe-results" showing that the last test has failed? Just to be sure that the status of the probe is correct!


  • 5.  RE: SRX210 CX111 failover script help!!

    Posted 05-02-2012 05:12

    Im glad to see that you chimed in. You seem to be good with JUNOS automation.

     

    Yes, that's what is perplexing!

       

    root@775-MOCK> show services rpm history-results | last

     

    icmp-ping-probe, ping-probe-test Wed May  2 08:09:21 2012Request timed out
        icmp-ping-probe, ping-probe-test Wed May  2 08:09:30 2012Request timed out

     

    root@775-MOCK> show log messages | match PING | last

     

    May  2 08:09:05  775-MOCK rmopd[1230]: PING_TEST_COMPLETED: pingCtlOwnerIndex = icmp-ping-probe, pingCtlTestName = ping-probe-test
    May  2 08:09:30  775-MOCK rmopd[1230]: PING_TEST_COMPLETED: pingCtlOwnerIndex = icmp-ping-probe, pingCtlTestName = ping-probe-test

     



  • 6.  RE: SRX210 CX111 failover script help!!
    Best Answer

     
    Posted 05-02-2012 08:05

    Hi, I did some research on the forum and I found this post which reports the same behavior; it seems like even if the single probes are failing, you need to add the threshold in order to let the test fail.

    I hope this helps you!

    Mattia

     



  • 7.  RE: SRX210 CX111 failover script help!!

    Posted 05-02-2012 09:20

    Thanks Mattia! The thread you referred me to did the trick. I simply added the "thresholds total-loss 1" to the rpm probe.

     

    probe rpm-monitor-probes {
        test server1 {
            probe-type icmp-ping;
            target address 198.253.175.5;
            probe-count 5;
            probe-interval 5;
            test-interval 15;
            source-address 150.125.100.2;
            thresholds {
                total-loss 1;
            }
        }
    }

     

     

    The PING_TEST_FAILED event is now created, thus the script works as advertised. Sweet!



  • 8.  RE: SRX210 CX111 failover script help!!

     
    Posted 05-03-2012 03:33

    You are welcome! I'm glad it works fine now 🙂

    Anyway, maybe an higher threshold could be better (e.g. 4 failed pings out of the 5 you are sending for each test), in order  to avoid false alarms.