SRX Services Gateway
SRX Services Gateway

ip-monitoring for dual-isp failover

‎01-26-2015 11:48 AM

Hello again,

 

   So... We have 2 ISP's, one primary, and one backup.  We want our default route to point to the primary (of course), but if it is no longer reachable, to failover to the backup ISP.   BUT when the primary comes back online, will this configuration automatically shift the default gw back to the primary ISP? I can't find anthing that says it will, but I'm not sure.  If not, then how can we make sure this happens? 

 

It's my understanding that we can't use "qualified next-hop" because that is based on link-state, and our srx's are connected to our switches via Reth's, then to the ISPs.

 

 

Here is part of the config:

 

rmckennon@gnv-srx220# show routing-instances PRIVATE
instance-type virtual-router;
interface reth0.400;
interface reth1.10;
...
interface st0.0;
routing-options {
   static {
     route 0.0.0.0/0 next-hop xx.yy.zz.193;
   }
}

 

rmckennon@gnv-srx220# show services
rpm {
  probe COX {
   test GW-TEST {
    target address xxx.yyy.zzz.193;
    probe-count 10;
    probe-interval 5;
    test-interval 10;
    thresholds {
     successive-loss 10;
    }
    traps probe-failure;
    destination-interface reth0.400;
   }
  }
 }
ip-monitoring {
  policy COX-MONITOR {
   match {
    rpm-probe COX;
   }
   then {
   preferred-route {
    routing-instances PRIVATE {
     route 0.0.0.0/0 {
     next-hop aa.bb.cc.105;
     }
    }
   }
  }
 }
}

 

 

Thank you for looking,

 

Rob McKennon

 

2 REPLIES 2
SRX Services Gateway
Solution
Accepted by topic author RobMcKennon
‎08-26-2015 01:27 AM

Re: ip-monitoring for dual-isp failover

‎01-27-2015 02:16 PM

Your understanding is correct on all counts. 

 

I have used this method and it will fail back when the test is valid again.

 

Qualified next hop does rely on link failure and would only work if the next hop address is gone.  This is frequently NOT the case with internet service outages where the next hop is visible to the SRX but upstream service is not working.

Steve Puluka BSEET - Juniper Ambassador
IP Architect - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP)
http://puluka.com/home
SRX Services Gateway

Re: ip-monitoring for dual-isp failover

‎03-02-2015 11:54 AM

Steve,

  

   I forgot to thank you for your confirmation/explanation of my question!

 

Thank you very much!

 

 

Rob.