Junos OS

Expand all | Collapse all

Combination of FBF and RPM

Jump to Best Answer
  • 1.  Combination of FBF and RPM

    Posted 08-15-2020 22:08

    Hi

     

    As you may know, Cisco has a capability to combine PBR with IPSLA. This is supported on IOS and IOS XR. Now I am trying to simulate same scenario on JunOS 19.1 using Juniper vLABs.

    First I configured following FBF:

     

    set firewall filter PBR term 1 from source-address 10.100.100.5/32
    set firewall filter PBR term 1 from destination-address 10.100.100.6/32
    set firewall filter PBR term 1 then next-ip 10.100.13.2/32
    set firewall filter PBR term 100 then accept

     

    Then I applied this FBF on input interface:

     

    set interfaces ge-0/0/3 unit 0 family inet filter input PBR
    set interfaces ge-0/0/3 unit 0 family inet address 10.100.15.1/24

     

    The configuration worked fine. Now I want to add some intelligence to this configuration, so I created following Probe on the router:

    set services rpm probe root test TCP probe-type tcp-ping
    set services rpm probe root test TCP target address 10.100.100.4
    set services rpm probe root test TCP probe-count 3
    set services rpm probe root test TCP probe-interval 2
    set services rpm probe root test TCP test-interval 2
    set services rpm probe root test TCP destination-port 65535
    set services rpm probe root test TCP thresholds successive-loss 3
    set services rpm probe root test TCP thresholds total-loss 3

     

    And because of this config I enabled probe-server on 10.100.100.4.

    The probe works fine as well and I got successful result. 

    Now I want to combine my FBF configuration with this probe, so each time the probe was failed the PBR will be disabled.

    Unfortunately, I could not find any configuration example for this. Is this even supported on JunOS? If answer is positive then How?

    Thank you in advanced,

    Alireza

     


    #FBFPBR


  • 2.  RE: Combination of FBF and RPM
    Best Answer

     
    Posted 08-16-2020 03:34

    Hi,

     

    you can use event policy which uses the RPM monitoring , where if RPM monitor failed it triggers an configuration change to deactivate the FBF configuration , the below link has an example 

     

    https://nextheader.net/2013/07/22/changing-the-configuration-using-event-policy-action/ 

     

    If this solves your problem, please mark this post as "Accepted Solution."