Junos OS

Second ISP via routing-instance

  • 1.  Second ISP via routing-instance

    Posted 12-15-2020 11:41

    Hi,

    I have 2 ISP:

        ge-0/0/0 {
            description 1-st ISP;
            unit 0 {
                family inet {
                    address 1.1.1.98/29;
                }
            }
        }
        ge-0/0/1 {
            description 2-nd ISP;
            unit 0 {
                family inet {
                    address 2.2.2.22/30;
                }
            }
        }
    ​


    2-nd ISP connected via routing-instance:

        Untrust2-VR {
            instance-type virtual-router;
            interface ge-0/0/1.0;
            routing-options {
                interface-routes {
                    rib-group inet U2-VR-rib;
                }
                static {
                    route 0.0.0.0/0 next-hop 2.2.2.21;
                }
            }
        }
    ​


    I want to make 2-nd ISP default (primary), so I changed static routes in routing-options:

        static {
            route 0.0.0.0/0 {
                next-hop 2.2.2.21; <=== 2-nd ISP gateway
                qualified-next-hop 1.1.1.97 { <=== 1-st ISP gateway
                    preference 10;
                }
            }
    ​



    However after that SRX cannot reach outside anymore, cannot resolve names

    admin@SRX> ping 8.8.8.8
    ^C
    --- 8.8.8.8 ping statistics ---
    6 packets transmitted, 0 packets received, 100% packet loss

    admin@SRX> ping google.com
    ping: cannot resolve google.com: Host name lookup failure

    But I can ping outside from routing-instance Untrust2-VR:

    admin@SRX> ping 8.8.8.8 routing-instance Untrust2-VR
    PING 8.8.8.8 (8.8.8.8): 56 data bytes
    64 bytes from 8.8.8.8: icmp_seq=0 ttl=112 time=155.580 ms
    64 bytes from 8.8.8.8: icmp_seq=1 ttl=112 time=153.772 ms
    ^C

    Any advices?

    Thank you in advance

    Dmitry

    Update: It was my stupid mistake, I forgot add import-rib Untrust2-VR.inet.0 

    set routing-options rib-groups Master-rib import-rib Untrust2-VR.inet.0
    

    Now it is working properly.