SRX

last person joined: 20 hours ago 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.

  • 1.  Route Change for High End SRX .

    Posted 12-12-2013 23:46

    Hi All ,

     

    We need to track the IP of next hop, In case  not reachable to the next hop, the route needs to divert  through another Interface .

     

    could you some one help me to solve this isse .

     

    B.Regards ,

    Sameer.



  • 2.  RE: Route Change for High End SRX .

     
    Posted 12-13-2013 00:28

    Dear Sameer 

     

    Please check the below link 

     

    http://kb.juniper.net/KB22052

     

    Regards

     



  • 3.  RE: Route Change for High End SRX .

     
    Posted 12-13-2013 00:35

    A script is also available , which can be used to simulate the track-ip functionality. It allows for path and next hop validation via the existing network infrastructure with the ICMP protocol. When a failure is detected, the script will execute a failover to the other node in an attempt to prevent downtime. For more information, refer to the following link:

    http://www.juniper.net/us/en/community/junos/script-automation/library/event/track-ip/

     

    Regards

     



  • 4.  RE: Route Change for High End SRX .

    Posted 12-13-2013 02:12

     

    Thank  Red1 for your support ,

     

    I am not looking for failover to the other node .  I need disable first route and divert traffic to second route .

     

    KB22052 will support for branch series router ,There is some limitation for high end device , because  RPM is not supporting.

     

     

    Regards ,



  • 5.  RE: Route Change for High End SRX .
    Best Answer

    Posted 12-13-2013 08:55

    Hi Sameer,

     

    Yes, you are right RPM is not supported on HE, so ip-monitoring stuff can not work easily on this. Howeve, you can 

     

    1. If you can run VRRP on both the next-hops, then run VRRP with different priorities. HE SRX will shift its route to any available VR ID.

     

    2. If two next-hops support BFD, then used liveness-detection for two default routes on HE SRX. In case of failure, BFD will de-install the failed default route from inet.0

    http://www.juniperlab.info/p/route-failover-in-typical-dual-isp.html

     

    regards 

     



  • 6.  RE: Route Change for High End SRX .

    Posted 12-13-2013 11:23

    Hi Rasmus ,

     

    Thank you for your consideration .

     

    In our case next hop is Cisco switch , so is it possible to use above options .

     

    I heard the event script will help to achieve the same  , but scripts are depending on RPM probe .

     

    B.Regards ,

    Sameer.



  • 7.  RE: Route Change for High End SRX .

    Posted 12-13-2013 12:58

    Hi  Rasmus and experts,

     

    Cisco devices support for BFD  ,Attached the N/W diagram and suspected configuration . I would appreciate your help in this matter.

     

    We need to track the  IP address "172.16.100.1" from SRX  , if it is not reachable to corporate line , remove routing table and divert traffic to the inside .

     

    -------------------------------------------------------------

    corparate -cisco Router

     interface Vlan100
     ip address 192.168.100.2 255.255.255.0

     bfd interval 200 min_rx 200 multiplier 3

    ip route static bfd Vlan100 192.168.100.1


    -----------------------------------------------------------

    Juniper SRX

    set interfaces reth2 unit 0 family inet address 192.168.100.1
    set interfaces reth1 unit 0 family inet address 10.10.10.254

    set routing-options static route 172.16.100.0/24 qualified-next-hop 192.168.100.2
    set routing-options static route 172.16.100.0/24 qualified-next-hop 10.10.10.253 bfd-liveness-detection version automatic
    set routing-options static route 172.16.100.0/24 qualified-next-hop 10.10.10.253 bfd-liveness-detection minimum-interval 200
    set routing-options static route 172.16.100.0/24 qualified-next-hop 10.10.10.253 bfd-liveness-detection transmit-interval minimum-interval 200

    ------------------------------------------------------------

    Inside Cisco Switch


     interface Vlan200
     ip address 10.10.10.253 255.255.255.0
     no ip redirects
     bfd interval 200 min_rx 200 multiplier 3


    ip route static bfd Vlan200 10.10.10.254

    -----------------------------------------------------------

     

    test-lab.jpg



  • 8.  RE: Route Change for High End SRX .

    Posted 12-13-2013 20:12

    Can you use qualified-next-hop with bfd-liveliness?



  • 9.  RE: Route Change for High End SRX .

    Posted 12-14-2013 03:40

    Hi

     



  • 10.  RE: Route Change for High End SRX .

    Posted 12-14-2013 09:23

    Hi All ,

     

    It seems everything working  fine with BFD solution , still I didn’t apply on real scenario , but it’s working on test lab .

    Special thanks to Rusmus  for your idea   and everyone , who is involved .

     

    B.regards ,

    Sameer .



  • 11.  RE: Route Change for High End SRX .

    Posted 12-14-2013 11:24

    Glad it is working fine now. The qualified next-hop allows you to change the default route preference value for static routes to the same destination. So one of yor next-hop would still be backup but you determine which one it will be in this scenario and the bfd makes the route change faster (subsecond), in other words the detection of a failed next-hop is much faster.



  • 12.  RE: Route Change for High End SRX .

    Posted 12-14-2013 19:29

    Yes , lyndidon you're right , I can provide here full solution after implementation, the last one week this case was with AJTAC ,unfortunately  they couldn't provide any solution or hint .

     

    "All jobs are difficult before entering the Juniper forum"

     

    B.Regards ,

    Sameer .