As you may know, Cisco has a capability to combine PBR with IPSLA. This is supported on IOS and IOS XR. Now I am trying to simulate same scenario on JunOS 19.1 using Juniper vLABs.
First I configured following FBF:
set firewall filter PBR term 1 from source-address 10.100.100.5/32set firewall filter PBR term 1 from destination-address 10.100.100.6/32set firewall filter PBR term 1 then next-ip 10.100.13.2/32set firewall filter PBR term 100 then accept
Then I applied this FBF on input interface:
set interfaces ge-0/0/3 unit 0 family inet filter input PBRset interfaces ge-0/0/3 unit 0 family inet address 10.100.15.1/24
The configuration worked fine. Now I want to add some intelligence to this configuration, so I created following Probe on the router:
set services rpm probe root test TCP probe-type tcp-pingset services rpm probe root test TCP target address 10.100.100.4set services rpm probe root test TCP probe-count 3set services rpm probe root test TCP probe-interval 2set services rpm probe root test TCP test-interval 2set services rpm probe root test TCP destination-port 65535set services rpm probe root test TCP thresholds successive-loss 3set services rpm probe root test TCP thresholds total-loss 3
And because of this config I enabled probe-server on 10.100.100.4.
The probe works fine as well and I got successful result.
Now I want to combine my FBF configuration with this probe, so each time the probe was failed the PBR will be disabled.
Unfortunately, I could not find any configuration example for this. Is this even supported on JunOS? If answer is positive then How?
Thank you in advanced,
you can use event policy which uses the RPM monitoring , where if RPM monitor failed it triggers an configuration change to deactivate the FBF configuration , the below link has an example
If this solves your problem, please mark this post as "Accepted Solution."