SRX Services Gateway
SRX Services Gateway

WAN Link primary and Internet VPN as a Backup

‎02-20-2019 09:09 AM

Hi

 

I have two links between two branches (WAN and Internet), and the target is to have the WAN Link primary and the VPN over the internet link as a Backup.

I configured the route preference over WAN link prefered than the route preference over the VPN st0.

And configured RPM to prefer the st0 route if the WAN link goes down.

 

But I can always see the routes always prefer the st0, although its not the prefered route...

 

Any ideas...

 

Thanks 

5 REPLIES 5
SRX Services Gateway

Re: WAN Link primary and Internet VPN as a Backup

‎02-20-2019 05:16 PM

Start with seeing what the live route table is showing for the route prefix in question.

show route x.x.x.x/x

 

Are both routes you configured showing

which is indicated as active with the *

And what protocol are the routes involved, static, ospf, bgp?

 

We also need to consider the topology.

Is the WAN a separate routed link connection or is that next hop in the same subnet as the source traffic.

 

 

Steve Puluka BSEET - Juniper Ambassador
IP Architect - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP)
http://puluka.com/home
SRX Services Gateway

Re: WAN Link primary and Internet VPN as a Backup

‎02-21-2019 04:36 AM

HI

 

I am using static routes, the second link is separate link not related to the primary one.

And I can see both routes in the routing table with * for the st0 route.

Although I configured different prefences for both routes

 

set routing-options static route 172.16.0.0/16 qualified-next-hop 10.10.50.1 preference 5
set routing-options static route 172.16.0.0/16 qualified-next-hop st0.2 preference 10

 

Whenever the VPN is up, the st0 route is selected and with preference 5 "although I configured it as preference 10"

Only when I deactivate the VPN the route become routed over 10.10.50.1

SRX Services Gateway

Re: WAN Link primary and Internet VPN as a Backup

‎02-21-2019 05:34 AM

Do you have traffic selector configured on the VPN for 172.16.0.0/16 network? 

 

Thanks,
Nellikka
JNCIE x3 (SEC #321; SP #2839; ENT #790)
Please Mark My Solution Accepted if it Helped, Kudos are Appreciated too!!!
SRX Services Gateway

Re: WAN Link primary and Internet VPN as a Backup

‎02-21-2019 06:27 AM

Hi

 

Yes I have traffic-selector, and changed it to proxy-id and its working now.

seems using the traffic selector installs a permenant route in the routing table...

 

Thanks 

SRX Services Gateway
Solution
Accepted by topic author mahmoud.yasin@ad-tech.com.jo
‎02-21-2019 07:00 AM

Re: WAN Link primary and Internet VPN as a Backup

‎02-21-2019 06:41 AM
Yes, when you use traffic selector, a static route will be installed automatically for the subnet mentioned in remote ip as soon as vpn comes up. It is an expected behavior.

Thanks,
Nellikka
JNCIE x3 (SEC #321; SP #2839; ENT #790)
Please Mark My Solution Accepted if it Helped, Kudos are Appreciated too!!!