hello Steve/All,
I've hit another blocker with RPM / IP-monitoring.
I was testing RPM for indirect ISP failures. I've noticed, once I simulated ISP-1 indirect failure the RPM applies the action of preferred route with preferred-metric 4. However, upon restoring ISP-1, the cluster doesn't return back to load balancing.
services{
rpm {
probe ISP-1 {
test google_dns {
probe-type icmp-ping;
target address 8.8.8.8;
probe-count 12;
probe-interval 5;
source-address 192.168.0.10;
thresholds {
successive-loss 4;
total-loss 6;
}
}
}
probe ISP-2 {
test google_dns {
probe-type icmp-ping;
target address 8.8.8.8;
probe-count 12;
probe-interval 5;
source-address 192.168.2.10;
thresholds {
successive-loss 4;
total-loss 6;
}
}
}
}
ip-monitoring {
policy if_ISP-1_indirect_failure {
match {
rpm-probe ISP-1;
}
then {
preferred-route {
route 0.0.0.0/0 {
next-hop 192.168.2.1;
preferred-metric 4;
}
}
}
}
policy if_ISP-2_indirect_failure {
match {
rpm-probe ISP-2;
}
then {
preferred-route {
route 0.0.0.0/0 {
next-hop 192.168.0.1;
preferred-metric 4;
}
}
}
}
}
}
below is the route table even after ISP-1 is restored.
root@srx320-poe-01# run show route | no-more
inet.0: 16 destinations, 18 routes (16 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
0.0.0.0/0 *[Static/4] 00:54:12, metric2 0
> to 192.168.2.1 via ge-3/0/5.0
[Static/5] 05:13:31
> to 192.168.2.1 via ge-3/0/5.0
to 192.168.0.1 via ge-0/0/5.0
I'd highly appreciate any assistance or any KB pointing to solution for this.
many thanks
Regards
Original Message:
Sent: 08-26-2021 05:38
From: STEVE PULUKA
Subject: SRX cluster active/active load sharing two ISP
For the ISP not reaching google dns confirm via trace route that the issue is on the SRX.
Get the route table and forwarding table to see if the routes and forwarding are installed for both ISP.
------------------------------
Steve Puluka BSEET - Juniper Ambassador
IP Architect - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP)
http://puluka.com/home
Original Message:
Sent: 08-26-2021 01:36
From: Unknown User
Subject: SRX cluster active/active load sharing two ISP
Thanks Steve for your response. I'll try to add more clients and then try to test.
on the second thing "Another thing i noticed, I'm unable to ping 8.8.8.8 from srx if i source from the interface connected to ISP-1 but I'm able to ping 8.8.8.8 if I source from the interface connected to ISP-2." Please can you advise if this is due to a wrong configuration? or default behavior?
Appreciate your assistance.
Regards,
Original Message:
Sent: 08-25-2021 19:34
From: STEVE PULUKA
Subject: SRX cluster active/active load sharing two ISP
ECMP will be flow based to avoid breaking connections. So you really cannot test it using just one source device as the flow will pin to only one path.
------------------------------
Steve Puluka BSEET - Juniper Ambassador
IP Architect - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP)
http://puluka.com/home
Original Message:
Sent: 08-25-2021 09:33
From: Unknown User
Subject: SRX cluster active/active load sharing two ISP
Hello Steve,
Hope you are doing well.
I've followed this KB and managed to configure ECMP on SRX HA Active/Active cluster. However, the one client laptop used for testing on LAN side seems to be only taking ISP-1 route. Is there any way to further verify that SRX is indeed using both the routes ?
Another thing i noticed, I'm unable to ping 8.8.8.8 from srx if i source from the interface connected to ISP-1 but I'm able to ping 8.8.8.8 if I source from the interface connected to ISP-2.
please could you guide me where i've made mistake in the config?
many thanks
Regards
Original Message:
Sent: 08-18-2021 05:36
From: STEVE PULUKA
Subject: SRX cluster active/active load sharing two ISP
See if this configuration example covers your scenario.
https://www.juniper.net/documentation/en_US/release-independent/nce/topics/example/chassis-cluster-srx-full-mesh-configuring.html
------------------------------
Steve Puluka BSEET - Juniper Ambassador
IP Architect - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP)
http://puluka.com/home
Original Message:
Sent: 08-18-2021 04:19
From: Unknown User
Subject: SRX cluster active/active load sharing two ISP
Hello,
I'd please like to clarify if below method is doable for load sharing between two ISPs connected directly to SRX cluster nodes respectively? I understand load sharing can be achieved through FBF filter base forwarding, however, requirement is to find a way to load share without FBF. The ISP links are not BGP peering link, it is standard leased line with /29 subnets allocated to each ISP link. Therefore I thought of having ibgp peering between SRX and EX, can ECMP (equalcost multi path) work in this scenario?
Please can you advise how, if at all, is it possible to load share in this scenario ?
Many thanks.