Routing
Highlighted
Routing

SRX Cluster with two ISPs : Outgoing trafic failover with VRF + rpm + ip-monitoring issue

‎06-05-2012 07:55 PM

We have the following configuration :

- 2 VRs for Internet (1 per ISP)

- 1 VR for LAN

- 1 filter on the LAN interface to redirect some specific trafic

 show firewall family inet filter default-HKG
term t1 {
    from {
        source-address {
            10.0.0.1/32;

        }
        destination-port 80;
    }
    then {
        routing-instance VRF-Internet1;
    }
}
term t2 {
    from {
        destination-port 80;
 } then { routing-instance VRF-Internet2; } } term default { then accept; }

 

- 2 VRFs for Internet (1 per ISP)

> show routing-instances VRF-Internet1
instance-type forwarding;
routing-options {
    static {
        route 0.0.0.0/0 {
            next-hop 1.1.1.161;
            qualified-next-hop 2.2.2.149 {
                preference 10;
                interface reth8.0;
            }
         }
    }
    instance-import routes-Internet;
}
> show routing-instances VRF-Internet2
instance-type forwarding;
routing-options {
    static {
        route 0.0.0.0/0 {
            next-hop 2.2.2.149;
            qualified-next-hop 1.1.1.161 {
                preference 10;
                interface reth4.0;
            }
        }
    }
    instance-import routes-Internet;
}

 

- ip-monitoring and rpm on both default gateways

rpm {
    probe Internet1 {
        test testgtw {
            probe-type icmp-ping;
            target address 1.1.1.161;
            probe-count 10;
            probe-interval 5;
            test-interval 10;
            routing-instance VR-Internet1;
            thresholds {
                successive-loss 10;
                total-loss 5;
            }
            next-hop 1.1.1.161;
        }
    }
    probe Internet2 {
        test testgtw {
            probe-type icmp-ping;
            target address 2.2.2.149;
            probe-count 10;
            probe-interval 5;
            test-interval 5;
            routing-instance VR-Internet2;
            thresholds {
                successive-loss 10;
                total-loss 5;
            }
            next-hop 2.2.2.149;
        }
    }
}
ip-monitoring {
    policy Internet-Tracking1 {
        match {
            rpm-probe Internet1;
        }
        then {
            preferred-route {
                routing-instances VRF-Internet1 {
                    route 0.0.0.0/0 {
                        next-hop 2.2.2.149;
                    }
                }
            }
        }
    }
    policy Internet-Tracking2 {
        match {
            rpm-probe Internet2;
        }
        then {
            preferred-route {
                routing-instances VRF-Internet2 {
                    route 0.0.0.0/0 {
                        next-hop 1.1.1.161;
                    }
                }
            }
        }
    }
}

It works fine if I want to load balance the traffic (with the filter), but if I try to activate the ip-monitoring, both probes "FAILED" and both policies are "APPLIED", but I can reach the gateways from every VR.

 

Did I miss something ?

 

Alex

4 REPLIES 4
Highlighted
Routing

Re: SRX Cluster with two ISPs : Outgoing trafic failover with VRF + rpm + ip-monitoring issue

‎06-07-2012 01:08 AM

Any idea ?

Highlighted
Routing

Re: SRX Cluster with two ISPs : Outgoing trafic failover with VRF + rpm + ip-monitoring issue

‎06-16-2012 02:32 AM

Configuration problem ?

How can I monitor the internet link without ip-monitoring ?

Thanks,

Alex

Highlighted
Routing

Re: SRX Cluster with two ISPs : Outgoing trafic failover with VRF + rpm + ip-monitoring issue

‎06-27-2012 11:13 AM

I believe you can't do rpm from routing instance of type "forwarding". Try removing routing-instance knob from both rpms. If it does not help please send us the output of

 

show services ip-monitoring status
show services rpm probe-results
show route

Best Regards,
PK

Juniper Ambassador, Juniper Networks Certified Instructor,
JNCIE-SEC #98, JNCIE-ENT #393, JNCIE-SP #2253
Twitter: @JuniperTrain
GitHub: https://github.com/pklimai
[Juniper Authorized Education & Support in Russia]
Highlighted
Routing

Re: SRX Cluster with two ISPs : Outgoing trafic failover with VRF + rpm + ip-monitoring issue

‎06-29-2012 04:50 AM

Hi pk,

Thanks for you reply.

Actually, I've already tested with the real VRs ( Internet) and without any routing instance, as I saw that I couldn't ping from a VRF.

I fixed the problem by removing the next-hop from my rpm configuration.

Alex

Feedback