Junos Automation (Scripting)
Junos Automation (Scripting)

tracking multiple sites via event-options (mx) and ip-monitoring (srx probe)

‎11-27-2017 01:48 AM

hi guys, good day.

 

im trying to minimize the event-options on my mx and the probe (ip monitoring) on srx between HQ and my branches.

 

I have single mx with more than 10 branches with dual isps.

 

are there any best practice in handling this kind of setup?

 

it is tedious to configure event-options and probe monitoring for every branches with dual isps.

and for the resources of these boxes to get affected due to lots of probes configured.

 

any thoughts?

 

TIA,

3 REPLIES 3
Junos Automation (Scripting)

Re: tracking multiple sites via event-options (mx) and ip-monitoring (srx probe)

‎11-27-2017 11:44 AM

Trying to piece this together.... assuming your SRXes are the branch sites, and they have dual internet access back to your MX. Yes?

Not knowing how your SRXes are connected or how you're using ip monitoring -- here's the blue plate special:

 

1. Create RPM probe on SRX. 

2.. Create one event policy to detect when probe fails, one that detects when it's successful.

3. Create event script.   Event script is invoked from either of the above 2 policies and does the following:

. Lock the config

. Toggle the active event policy 

. Change the next-hop accordingly 

. Commit the config changes

. Exit.

 

The event script can also double as an op script to *create* the RPM probes and store data about them in the device configuration as apply-macros.   E.g. invoke the script as an op script, pass it the necessary args and it will create the RPM probes in the configuration and optionally store relevant data in the configuration like rpm-target next-hop etc.) 

 

srx> op url /var/db/script/event/rpm-diddle.slax  probe-name foo probe-target 8.8.8.8 next-hop 1.2.3.4

 

The event script should be generic so that it can be copied across all your devices w/o changes.   

Configuration changes (e.g. RPM probe targets) shoud be maintained in the SRX configuration as apply-macros. (See previous note)

That way, configurable script items get stored in the device configuration -- not the script.

 

This is the general approach, anyway.

 

HTH

/doug

 

--
"There he goes. One of God's own prototypes. A high-powered mutant of some kind never even considered for mass production. Too weird to live, and too rare to die." --HST
Junos Automation (Scripting)

Re: tracking multiple sites via event-options (mx) and ip-monitoring (srx probe)

‎11-30-2017 04:32 AM

Assuming you are using the dual ISP with ISPEC VPN for failover from the branch SRX to the MX.

 

Instead of probes with static routes, setup dual ISPEC route based vpn and configure OSPF on the tunnel interfaces.  Using OSPF to exchange the routes will allow the failover between the vpn without the need for probes.

 

The tunnel interfaces loose the neighbor when the vpn fails and the route withdraws.

 

Use OSPF link cost to prefer one tunnel over the other.

 

Join this to your existing OSPF setup for route distribution.  Or if not running now:

 

Set the branch local nets as passive in ospf to pick up the subnets to advertise up.

 

inject into ospf from static or bgp the core side routes down to the branch.

Steve Puluka BSEET - Juniper Ambassador
IP Architect - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP)
http://puluka.com/home
Highlighted
Junos Automation (Scripting)

Re: tracking multiple sites via event-options (mx) and ip-monitoring (srx probe)

‎11-30-2017 07:13 AM

To OP: If you can, you're better off follwing Steve's advice.   

I.e., it's better to use routing protocols than scripts to solve routing issues.  :-)    

/doug

--
"There he goes. One of God's own prototypes. A high-powered mutant of some kind never even considered for mass production. Too weird to live, and too rare to die." --HST