SRX Services Gateway
SRX Services Gateway

SRX Cluster - IP Monitoring doesn't work

[ Edited ]
‎04-20-2018 01:20 AM

Hello all,

i have problems to implement IP monitoring on my juniper chassis cluster.

At first, i' ll explain my environment and my configurations (see picture below).

 IP-Monitoring.png

 

 

 


The links from node 0 will be connected soon. At the moment, the traffic will be redirected over node 1 and this connection works.

There aren't further configurations on both links of each host to the switches. On the switch site, the links are simply access ports.

The switch and the router aren't belongs to me and i can't configure them. But the connection over the switches to the router is working.


My configurations are:

chassis {
    cluster {
        control-link-recovery;
        reth-count 2;
        redundancy-group 1 {
            node 0 priority 254;
            node 1 priority 1;
            gratuitous-arp-count 4;
            interface-monitor {
                xe-7/0/7 weight 128;
                xe-0/0/7 weight 128;
                xe-0/0/6 weight 128;
                xe-7/0/6 weight 128;
            }
            ip-monitoring {
                global-weight 255;
                global-threshold 255;
                retry-interval 3;
                retry-count 5;
                family {
                    inet {
                        10.0.0.1 {
                            weight 255;
                            interface reth0.0 secondary-ip-address 10.0.0.4;
                        }
                    }
                }
            }
        }
        redundancy-group 0 {
            node 0 priority 254;
            node 1 priority 1;
        }
    }
}
interfaces {
    reth0 {
        traceoptions {
            flag all;
        }
        redundant-ether-options {
            redundancy-group 1;
            flow-control;
            minimum-links 1;
        }
        unit 0 {
            family inet {
                rpf-check fail-filter rpf-filter;
                address 10.0.0.5/29;
            }
        }
    }
}
firewall {
    filter rpf-filter {
        term default {
            then {
                count rpf-failed-count;
                reject;
            }
        }
    }
}

 

=========================================================================


But my IP-Monitoring status is failed:

 

root@lzg1srx4100-ha> show chassis cluster status
Monitor Failure codes:
    CS  Cold Sync monitoring        FL  Fabric Connection monitoring
    GR  GRES monitoring             HW  Hardware monitoring
    IF  Interface monitoring        IP  IP monitoring
    LB  Loopback monitoring         MB  Mbuf monitoring
    NH  Nexthop monitoring          NP  NPC monitoring
    SP  SPU monitoring              SM  Schedule monitoring
    CF  Config Sync monitoring

Cluster ID: 1
Node   Priority Status         Preempt Manual   Monitor-failures

Redundancy group: 0 , Failover count: 1
node0  254      primary        no      no       None
node1  1        secondary      no      no       None

Redundancy group: 1 , Failover count: 2
node0  0        secondary      no      no       IF IP
node1  0        primary        no      no       IP

=========================================================================

root@lzg1srx4100-ha> show chassis cluster information
node0:
--------------------------------------------------------------------------
Redundancy Group Information:

    Redundancy Group 0 , Current State: primary, Weight: 255

        Time            From           To             Reason
        Nov 20 20:11:22 hold           secondary      Hold timer expired
        Nov 20 20:11:38 secondary      primary        Only node present

    Redundancy Group 1 , Current State: secondary, Weight: -256

        Time            From           To             Reason
        Nov 20 20:11:23 hold           secondary      Hold timer expired
        Nov 20 20:11:38 secondary      primary        Only node present
        Apr 18 07:12:38 primary        secondary-hold Monitor failed: IF
        Apr 18 07:12:39 secondary-hold secondary      Ready to become secondary


Chassis cluster LED information:
    Current LED color: Amber
    Last LED change reason: Monitored objects are down

Failure Information:

    IP Monitoring Failure Information:
        Redundancy Group 1, Monitoring Status: Failed
          IP Address        Status       Reason
          10.0.0.1       Unreachable  no route to host

    Interface Monitoring Failure Information:
        Redundancy Group 1, Monitoring status: Failed
          Interface                 Status
          xe-0/0/6                  Down
          xe-0/0/7                  Down

node1:
--------------------------------------------------------------------------
Redundancy Group Information:

    Redundancy Group 0 , Current State: secondary, Weight: 255

        Time            From           To             Reason
        Nov 20 21:00:23 hold           secondary      Hold timer expired

    Redundancy Group 1 , Current State: primary, Weight: 0

        Time            From           To             Reason
        Nov 20 21:00:24 hold           secondary      Hold timer expired
        Apr 18 07:12:37 secondary      primary        Remote yield (1/0)


Chassis cluster LED information:
    Current LED color: Amber
    Last LED change reason: Monitored objects are down

Failure Information:

    IP Monitoring Failure Information:
        Redundancy Group 1, Monitoring Status: Failed
          IP Address        Status       Reason
          10.0.0.1       Unreachable  	unknown				//This connection should be reachable!

 

I'm little confused, because i become an ICMP request when i ping the router gateway:

root@lzg1srx4100-ha> ping 10.0.0.1 source 10.0.0.5
PING 10.0.0.1 (10.0.0.1): 56 data bytes
64 bytes from 10.0.0.1: icmp_seq=0 ttl=255 time=0.513 ms
64 bytes from 10.0.0.1: icmp_seq=1 ttl=255 time=0.612 ms
64 bytes from 10.0.0.1: icmp_seq=2 ttl=255 time=0.791 ms
64 bytes from 10.0.0.1: icmp_seq=3 ttl=255 time=0.906 ms
64 bytes from 10.0.0.1: icmp_seq=4 ttl=255 time=0.566 ms
^C
--- 10.0.0.1 ping statistics ---
5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max/stddev = 0.513/11.478/54.791/21.657 ms

 What's the problem here? Any ideas?

 

Many Thanks in advance!

3 REPLIES 3
SRX Services Gateway

Re: SRX Cluster - IP Monitoring doesn't work

[ Edited ]
‎04-20-2018 04:44 AM

It looks like you do not have routing configured

 

IP Monitoring Failure Information:

        Redundancy Group 1, Monitoring Status: Failed

          IP Address        Status       Reason

          10.0.0.1       Unreachable  no route to host

 

 

To be sure run following command :

root@lzg1srx4100-ha>show route 10.0.0.1

 

You need to  set at least default route :

Example:

set routing-options static route 0.0.0.0/0 next-hop 10.0.0.1

 

Why it is reachable with ping - because you are pinging on the local segment (L2) so you do not need routing.

But for  IP-monitoring to work you need routing be configured.

 

 

Regards

Leon Smirnov

Please Mark My Solution Accepted if it Helped, Kudos are Appreciated too

SRX Services Gateway

Re: SRX Cluster - IP Monitoring doesn't work

‎04-21-2018 01:59 AM

Hello Brandmajor,

 

thanks for your reply. Smiley Happy

 

At first, i thought its a routing problem too.

 

But the customer traffic is already routed. This works on node 1. 

On node 0, the link isn't established, because we have to order two new ports on the switch. So the concerned links/ports are down. On this node, i get the Interface Monitoring Error and the IP Monitoring Error (no route to host) and this errors are okay.

 

The Problem is on node 1. There, the IP Monitoring give me an error with unknown reason:

Failure Information:

    IP Monitoring Failure Information:
        Redundancy Group 1, Monitoring Status: Failed
          IP Address        Status       Reason
          10.0.0.1       Unreachable  	unknown		

Again, the routing over node 1 is in function, only the IP-Monitoring on this node  give me the above error.

 

I 'll post the 

root@lzg1srx4100-ha>show route 10.0.0.1

reply next week, because I'm not at work until wednesday.

 

Highlighted
SRX Services Gateway

Re: SRX Cluster - IP Monitoring doesn't work

[ Edited ]
‎04-24-2018 10:52 PM

Good morning,

 

here is the output of the show route 0.0.0.0/0 command:

root@lzg1srx4100-ha> show route

inet.0: 3 destinations, 3 routes (3 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

0.0.0.0/0          *[Static/5] 6d 11:45:58
                    > to 10.0.0.1 via reth0.0
10.0.0.0/29     *[Direct/0] 6d 11:45:58
                    > via reth0.0
10.0.0.5/32     *[Local/0] 6d 11:45:58
                      Local via reth0.0

When i type the show route 0.0.0.0/0 next-hop 10.0.0.1 then i don't see any routes. Only the number of active routes above.

root@lzg1srx4100-ha> show route 0.0.0.0/0 next-hop 10.0.0.1

inet.0: 3 destinations, 3 routes (3 active, 0 holddown, 0 hidden)

{primary:node0}
root@lzg1srx4100-ha>

I don't see any routing problems. Do I overlook somethink?