SRX Services Gateway
Highlighted
SRX Services Gateway

ip-monitoring not failing back

01.12.18   |  
Friday

When my target IP goes down the route fails over the way it should but does not come back after the target IP is up again.

 

Can any see what is wrong here?

probe INET-UP {
    test TargetIP {
        target address xxx.117.108.194;
        probe-count 3;
        probe-interval 15;
        test-interval 10;
        thresholds {
            successive-loss 3;
            total-loss 3;
        }
        destination-interface ge-0/0/0.0;
        next-hop xxx.191.127.233; (Upstream router of primary Internet connection)
    }
}

policy INET-UP-MON {
    match {
        rpm-probe INET-UP;
    }
    then {
        preferred-route {
            route 4.2.2.2/32 {
                next-hop 192.168.0.2;
            }
            route 0.0.0.0/0 {
                next-hop 192.168.0.2;
            }
        }
    }
}

3 REPLIES
SRX Services Gateway

Re: ip-monitoring not failing back

01.12.18   |  
Friday

Hi,

 

When you primary targeted IP is recovered, can you check whats the status using the following CLI:

show services ip-monitoring status

 

 

Review the following KB: IP Monitoring with route fail-over configuration and behavior:

https://kb.juniper.net/InfoCenter/index?page=content&id=KB25052

 

Also, from your config, remove this & check.

  route 0.0.0.0/0 {
                next-hop 192.168.0.2;

 

 

/Karan Dhanak

#Mark my solution as accepted if it helped, Kudos are appreciated as well.

 

 

/Karan Dhanak
#Mark my solution as accepted if it helped, Kudos are appreciated as well.

SRX Services Gateway

Re: ip-monitoring not failing back

01.12.18   |  
Friday

Hi Folks,

Junos Security: A Guide to Junos for the SRX Services Gateways & Security Certification by Authors: Rob Cameron, Brad Woodberg, Patricio Giecco, Tim Eberhard, and James Quinn is a very good book. It has some example on rpm.

 

Paperback: 850 pages

Publisher: O’Reilly Media

ISBN: 978-1-449-38171-4

 

Please refer to page 795.

 

https://books.google.co.in/books?id=qPBHeZL7fcUC&pg=PA795&lpg=PA795&dq=rpm+static+route+junos&source...

 

[SRX] Example - IP Monitoring with route fail-over configuration and behavior

 

https://kb.juniper.net/InfoCenter/index?page=content&id=KB25052

-Python JNCIP 4X [SP|ENT|DC|SEC] JNCDS 2X [ WAN | DC ] CCIP ITIL
#Please mark my solution as accepted if it helped, Kudos are appreciated as well.
SRX Services Gateway

Re: ip-monitoring not failing back

01.14.18   |  
Sunday

When I remove "route 0.0.0.0/0 { next-hop 192.168.0.2; }", it works as it should.  The 4.2.2.2/32 route is inserted into the routing table when the target is not-pingable and is removed the target is pingable.

 

When "route 0.0.0.0/0 { next-hop 192.168.0.2; }" is in the config then after I block pings at the target and the target fails, and then I allow pings, the target is still unreachable.  I assumed that the commands below would make the target routable even though route 0.0.0.0/0 has changed.

 

probe INET-UP {
    test TargetIP {
        destination-interface ge-0/0/0.0;
        next-hop xxx.191.127.233; (Upstream router of primary Internet conection)

 

I think that if I set a static route to the target that this will work.  I was hoping to not have to do that because then every time I want to change the target I have to also change the static route.