SRX Services Gateway
Highlighted
SRX Services Gateway

Redundant default route via two different SRX's?

‎09-30-2018 03:06 PM

I have two different SRXs each with different ISPs.

SRX 1

10.0.0.1 has a static 0.0.0.0 route to ISP1

 

SRX 2

is on two redundant paths and has two ip's

10.0.0.10

10.0.0.11

and it also has a loopback ip of 10.20.0.1

 

My core switch is directly connected to all three paths.   I have a static route to 10.0.0.10 and if we have to change IPS's i just manually change this route.  

 

Is it possible to use OSPF or some other auto-routing mechinism to automate the failover?

ISP2 has more bandwith than ISP1 so i'd like to prefer ISP2 over ISP1.

 

I tried enabling OSPF on the interfaces to my ISPs but that just advertised the route to the /30 networks between us.  

5 REPLIES 5
Highlighted
SRX Services Gateway

Re: Redundant default route via two different SRX's?

‎09-30-2018 07:19 PM

Check the Track-ip or IP monitoring features.  These might help.
https://kb.juniper.net/InfoCenter/index?page=content&id=KB20839
https://kb.juniper.net/InfoCenter/index?page=content&id=KB25052
https://forums.juniper.net/t5/Automation/Scripting-How-To-Use-the-track-ip-script-to-implement-the-T...

 

Regards,

 

Yasmin

Yasmin Lara - Juniper Ambassador #QuadE - JNCIE-SP, JNCIE-ENT, JNCIE-DC, JNCIE-SEC
JNCIS-CLOUD, JNCDS-DC, JNCIA-DevOps
Highlighted
SRX Services Gateway

Re: Redundant default route via two different SRX's?

‎09-30-2018 10:24 PM

Changing the Configuration Using an Event Policy is a good place to start exploring on event policy,

https://www.juniper.net/documentation/en_US/junos/topics/example/junos-script-automation-event-polic...

 

-Python JNCIE 3X [SP|DC|ENT] JNCIP-SEC JNCDS 3X [ WAN | DC|SEC] JNCIS-Cloud JNCIS-DevOps CCIP ITIL
#Please mark my solution as accepted if it helped, Kudos are appreciated as well.
Highlighted
SRX Services Gateway

Re: Redundant default route via two different SRX's?

‎10-01-2018 02:37 AM

I am not sure I follow your topology.

 

My core switch is directly connected to all three paths.   I have a static route to 10.0.0.10 and if we have to change IPS's i just manually change this route.  

I think this is saying you have a static route on the core switch pointing to SRX 2 and you change this to SRX 1 during outages?

And this route ultimately goes out the ISP on this SRX.

Is that correct?

 

If so, you might be able to

  • move this route and install it on both SRX upstream remove from core
  • Import the static on the SRX into OSPF.
  • Increase the link cost between the backup SRX and the core in OSPF.
  • Setup track IP on the primary SRX so that the route will remove when the ISP is down

 

Then failover would be automatic on the core during outages.

 

Steve Puluka BSEET - Juniper Ambassador
IP Architect - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP)
http://puluka.com/home
Highlighted
SRX Services Gateway

Re: Redundant default route via two different SRX's?

‎10-02-2018 05:32 AM

Thanks Steve,

You understood my topology correctly.

 

Your idea is the same concept I'd like to acomplish but i'm stuck on the 2nd step, "importing the static 0.0.0.0 route of the SRX into OSPF". 

 

I'm not quite sure how to acomplish this and my searching throught the documentation hasn't turned up how to do this.  I've only ever been able to advertise routes directly connected to an interface to OSPF.  

Highlighted
SRX Services Gateway

Re: Redundant default route via two different SRX's?

‎10-05-2018 02:56 AM

Sorry for the lack of clarity.  This is an configuration example of getting static routes into OSPF.

 

https://www.juniper.net/documentation/en_US/junos/topics/example/ospf-routing-policy-redistributing-...

 

You create the policy you want and apply it to the ospf configuration on the SRX.

 

You then use the ospf metric on the link you want to change make the prefered link 5 or the backup link  100.  Only one needs to be changed.

https://www.juniper.net/documentation/en_US/junos/topics/example/ospf-segment-cost-configuring.html

 

Steve Puluka BSEET - Juniper Ambassador
IP Architect - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP)
http://puluka.com/home
Feedback