SRX Services Gateway
SRX Services Gateway

Fail - IP-MONITORING DUAL ISP

‎09-08-2019 11:42 AM

Guys could someone help me? I have an SRX300 with two ISPs. ISP 1 - VPN ISP 2 - Internet However when ISP2 fails ISP1 does not surf the internet.

 

ip-monitoring {
        policy INTERNET-ISP2 {
            match {
                rpm-probe VR-UNTRUST-ISP2;
            }
            then {
                preferred-route {
                    route 0.0.0.0/0 {
                        next-hop 192.168.1.1;
                    }
                }
                interface lo0.20 {
                    disable;
                }
            }
        }
        policy INTERNET-ISP1 {
            match {
                rpm-probe VR-UNTRUST-ISP1;
            }
            then {
                interface lo0.10 {
                    disable;
                }
            }
        }
    }
}

 

When I run the command: show services ip-monitoring status

Policy - INTERNET-ISP1 (Status: FAIL)
  RPM Probes:
    Probe name             Test Name       Address          Status
    ---------------------- --------------- ---------------- ---------
    VR-UNTRUST-ISP1        GOOGLE          8.8.4.4          FAIL
    VR-UNTRUST-ISP1        REGISTRO-BR     200.160.2.3      FAIL
  Interface-Action:
    interface         policy action   admin state action status
    ----------------- --------------- ----------- -----------------
    lo0.10            Disable         DOWN        FAILOVER

Policy - INTERNET-ISP2 (Status: FAIL)
  RPM Probes:
    Probe name             Test Name       Address          Status
    ---------------------- --------------- ---------------- ---------
    VR-UNTRUST-ISP2        GOOGLE          8.8.4.4          FAIL
    VR-UNTRUST-ISP2        REGISTRO-BR     200.160.2.3      FAIL
  Route-Action:
    route-instance    route             next-hop         state
    ----------------- ----------------- ---------------- -------------
    inet.0            0.0.0.0/0         192.168.1.1      APPLIED
  Interface-Action:
    interface         policy action   admin state action status
    ----------------- --------------- ----------- -----------------
    lo0.20            Disable         DOWN        FAILOVER

Now it is browsing normally, if ISP2 fails it remains connected, if ISP1 Failure vpn becomes active but does not surf the internet.

 

3 REPLIES 3
SRX Services Gateway

Re: Fail - IP-MONITORING DUAL ISP

‎09-08-2019 10:31 PM

What will be the deafult route to be programmed in your case in the event of ISP-2 down?

 

 

-Python JNCIE 3X [SP|DC|ENT] JNCIP-SEC JNCDS 3X [ WAN | DC|SEC] JNCIS-Cloud JNCIS-DevOps CCIP ITIL
#Please mark my solution as accepted if it helped, Kudos are appreciated as well.
SRX Services Gateway

Re: Fail - IP-MONITORING DUAL ISP

‎09-09-2019 04:21 AM
Then you should surf the internet through ISP1.
SRX Services Gateway
Solution
Accepted by topic author Leetrix
‎09-26-2019 05:56 AM

Re: Fail - IP-MONITORING DUAL ISP

‎09-09-2019 08:32 AM

Hi Leetrix 

I don't have your exact requirement detail but i understand what you are trying to do. 

You can achieve this by configuring RPM probe to detect the reachability and then using that in event-options policy to configure/delete particular static route.

 

I have configured and verified this scenario in lab on MX router, please refer the attachment. please change the IPs to match your setup.

 

Please accept my response as solution if it solves your query! Kouds are appreciated too 

Thanks
Vishal

 

Attachments