SRX

Hey guys,

I have a Juniper SRX340 running JunOS 21.4R3-S2.3. I have terminated two ISPs on the SRX, and have configured per-flow load-balancing to utilize both the ISPs equally. I am trying to configure event-options to delete a static route when an ISP goes DOWN and re-add it to the routing table when the ISP is back UP.

Below is my configuration for RPM:

probe icmp-echo {
    test isp1 {
        probe-type icmp-ping;
        target address 8.8.8.8;
        test-interval 5;
        history-size 30;
        thresholds {
            successive-loss 3;
        }
        destination-interface ge-0/0/0.0;
    }
    test isp2 {
        probe-type icmp-ping;
        target address 8.8.4.4;
        test-interval 5;
        history-size 30;
        thresholds {
            successive-loss 3;
        }
        destination-interface ge-0/0/1.0;
    }
}

Below is the configuration for event-options:

policy enable-isp2 {
    events ping_test_completed;
    within 120 {
        trigger on 12;
    }
    within 125 {
        trigger until 13;
    }
    attributes-match {
        ping_test_completed.test-owner matches icmp-echo;
        ping_test_completed.test-name matches isp2;
    }
    then {
        change-configuration {
            commands {
                "set routing-options static route 0.0.0.0/0 next-hop 192.168.10.1";
            }
        }
    }
}
policy disable-isp2 {
    events ping_test_failed;
    within 60 {
        trigger on 6;
    }
    within 65 {
        trigger until 7;
    }
    attributes-match {
        ping_test_failed.test-owner matches icmp-echo;
        ping_test_failed.test-name matches isp2;
    }
    then {
        change-configuration {
            commands {
                "delete routing-options static route 0.0.0.0/0 next-hop 192.168.10.1";
            }
        }
    }
}
policy enable-isp1 {
    events ping_test_completed;
    within 120 {
        trigger on 12;
    }
    within 125 {
        trigger until 13;
    }
    attributes-match {
        ping_test_completed.test-owner matches icmp-echo;
        ping_test_completed.test-name matches isp1;
    }
    then {
        change-configuration {
            commands {
                "set routing-options static route 0.0.0.0/0 next-hop 192.168.11.1";
            }
        }
    }
}
policy disable-isp1 {
    events ping_test_failed;
    within 60 {
        trigger on 6;
    }
    within 65 {
        trigger until 7;
    }
    attributes-match {
        ping_test_failed.test-owner matches icmp-echo;
        ping_test_failed.test-name matches isp1;
    }
    then {
        change-configuration {
            commands {
                "delete routing-options static route 0.0.0.0/0 next-hop 192.168.11.1";
            }
        }
    }
}

And below is the syslog configuration:

syslog {
    file change-log {
        change-log any;
        archive size 10m files 5;
    }
    file daemon-log {
        daemon info;
        archive size 10m files 5;
    }
}

Event-options to delete the static route works perfectly when an ISP goes DOWN. But policies "enable-isp1" & "enable-isp2" don't always work as desired, after an ISP returns to UP state. I want either of the enable-isp policies to trigger the event after seeing 12 PING_TEST_COMPLETED log messages after a failure has occurred.

Is there anything wrong with my configuration? Any help in this regard would be highly appreciated.

Thanks,

Rather than event options I think you are looking for the Real-time Performance Monitoring / RPM feature.  This sets up probes and failover processes between interface options.

An example configuration is outlined here.

https://supportportal.juniper.net/s/article/SRX-Example-Configuring-IP-monitoring-using-RPM-Probes-for-failover-between-multiple-ISPs?language=en_US

And the fuller documentation is here.

https://www.juniper.net/documentation/us/en/software/junos/flow-monitoring/network-mgmt/topics/topic-map/real-time-performance-monitoring.html

probe icmp-echo {    test isp1 {        probe-type icmp-ping;        target address 8.8.8.8;        test-interval 5;        history-size 30;        thresholds {            successive-loss 3;        }        destination-interface ge-0/0/0.0;    }    test isp2 {        probe-type icmp-ping;        target address 8.8.4.4;        test-interval 5;        history-size 30;        thresholds {            successive-loss 3;        }        destination-interface ge-0/0/1.0;    }}

policy enable-isp2 {    events ping_test_completed;    within 120 {        trigger on 12;    }    within 125 {        trigger until 13;    }    attributes-match {        ping_test_completed.test-owner matches icmp-echo;        ping_test_completed.test-name matches isp2;    }    then {        change-configuration {            commands {                "set routing-options static route 0.0.0.0/0 next-hop 192.168.10.1";            }        }    }}policy disable-isp2 {    events ping_test_failed;    within 60 {        trigger on 6;    }    within 65 {        trigger until 7;    }    attributes-match {        ping_test_failed.test-owner matches icmp-echo;        ping_test_failed.test-name matches isp2;    }    then {        change-configuration {            commands {                "delete routing-options static route 0.0.0.0/0 next-hop 192.168.10.1";            }        }    }}policy enable-isp1 {    events ping_test_completed;    within 120 {        trigger on 12;    }    within 125 {        trigger until 13;    }    attributes-match {        ping_test_completed.test-owner matches icmp-echo;        ping_test_completed.test-name matches isp1;    }    then {        change-configuration {            commands {                "set routing-options static route 0.0.0.0/0 next-hop 192.168.11.1";            }        }    }}policy disable-isp1 {    events ping_test_failed;    within 60 {        trigger on 6;    }    within 65 {        trigger until 7;    }    attributes-match {        ping_test_failed.test-owner matches icmp-echo;        ping_test_failed.test-name matches isp1;    }    then {        change-configuration {            commands {                "delete routing-options static route 0.0.0.0/0 next-hop 192.168.11.1";            }        }    }}

syslog {    file change-log {        change-log any;        archive size 10m files 5;    }    file daemon-log {        daemon info;        archive size 10m files 5;    }}