This may look like an SRX issue, and it kind of is, but it is also a Junos/Routing issue so have placed the discussion here.
I have a VDSL2 MPIM Module in an SRX340 to be utilised as a backup circuit if the ethernet circuit fails. I know there are various backup methods that can be utilised but I'd like your opinions on the best method for a single device.
So, all the routing works well on the SRX. However, on the MX240 I have an issue with the routing. Normally, if we require a different next-hop towards the same network or host, we would use the "qualified-next-hop" command, with a higher preference. In my case, I cannot do this as the Ethernet Circuit will never go down as the link is between the unit interface and the downstream ISP. The circuit will only ever show as "down" if there is an issue Core side of the ISP.... Then the same problem would exist at the NTE end.
So, a way around this issue would be as I mentioned in the SRX Discussion, was to creat a new routing instance, place the AT interface in the new instance and then create some NAT rules. That meant on the Core I could now have two separate routes...
Well, here is the problem now.... if the customer wants to access their site from external then the IP address has changed... now it may be that this is what has to happen, but it all needs to be completed dynamically......
What's the best way to get this working so the Customer can have a dynamic backup where nothing manual has to be configured?
As an add on, I was looking at configuring RPM ICMP-Timestamps as that would give me full end-to-end connectivity probes.... however, that would be okay for 1 or 2 customers but really messy as more customers get added in and the loss of bandwidth too....
So, any other suggestions welcome 🙂
A little more to go on....
The downstream ISP cannot do anything as they only present Layer 2 at either end (which was my assumption)....
So, the issue is still that the Core end will not see the Ethernet Circuit failure if it is at the NTE end and the NTE will not see the failure if it is at the core end.
There must be a way (other than RPM) to detect the circuit failure at both ends so that the floating static can be used? If not, what other way can we configure this in a dynamic way?
Unless I can detect that the primary route has failed I can find no way of this working..... Any help would be appreciated...
I can test this anyway, but, could I complete the following:
Set the single sub interface (VLAN Unit number) into a single link aggregate and run LACP? That would be an end-to-end detection...
Update: Nope, this is not possible as there is no availability to set gigether-options on a sub-interface only on the main interface.... and I expect there is no way of creating a sub-interface of an aggregated interface... or is there?
Is it possible (again, I am going to test) to utilise BGP in anyway to try and detect this link being dropped?
It's all possible in JUNOS (RPM, BGP, OSPF, RIP, etc), the 64K$ question is how much do You want it it scale to? In terms of config lines, in terms of control plane load, in terms of supportability?
If You are looking to scale beyond 4K NTEs on single box, I do not recommend BGP.
I would suggest You to try:
1/ static routes with BFD (supported on both SRX and MX, on MX BFD is supported in linecard hardware so CP load is not going to be that much, only to initialize the session)
2/ Ethernet OAM, specifically CFM (also supported on both SRX https://www.juniper.net/documentation/en_US/junos/topics/example/security-oam-ethernet-cfm-configuring.html and MX, on MX CFM also supported in linecard hardware).
Just don't use aggressive (less than 1 sec) timers and You are going to be fine.
The difference btween the two is that CFM config requires more lines.
Yes, depends how messy the config ends up being.
I will give it a go tomorrow with BGP and other options (IS-ISdoes not work - I tried it but because the link between the downstream ISP is at Layer 2, no routes were even being received between the interfaces....)
I'll let you know how it goes.
Before I configure this on a "Live" system, can I please confirm that this configuration will in no way affect interface "xe-1/2/5" when I commit?
set protocols oam ethernet connectivity-fault-management maintenance-domain private level 0
set protocols oam ethernet connectivity-fault-management maintenance-domain private maintenance-association private-ma continuity-check interval 1s
set protocols oam ethernet connectivity-fault-management maintenance-domain private maintenance-association mep 100 interface xe-1/2/4.10
set protocols oam ethernet connectivity-fault-management maintenance-domain private maintenance-association mep 100 direction down
set protocols oam ethernet connectivity-fault-management maintenance-domain private maintenance-association auto-discovery
If you could confirm that this will be okay while causing no issues on the xe-1/2/5 interface, then I can go ahead and test....
Add on: These commands are not available on an SRX340. I'll need to find another way.
I have configured bfd on both systems and can now detect the link is down.... that is excellent news as the Core now sees this and routes the correct way.
My problem now is as follows:
When the route switches over, I lose all internet connectivity.... I will investigate and see what I can resolve...
Okay. I am going to close this discussion as I think bfd has resolved the route issue.... the rest I can get working....