SRX

 View Only
last person joined: 5 hours ago 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.
  • 1.  IP Monitoring - 2 ISPs

    Posted 09-13-2023 06:51

    Hello,

    I have and SRX300 and 2 access to internet with 2 ISPs (one router is a dsl router and the other a LTE router)

    My goal is to send via the LTE router so the default route is configured to send all traffic to the LTE router. 

    I'm using RPM probe and ip-monitoring to check if via the LTE router I can ping 8.8.8.8. When the ping doesn't pass, ip-monitoring change the default route and put a new 0.0.0.0/0 route via the dsl router.

    My problem is when the RPM probe failed (so when i can't ping 8.8.8.8 via the LTE router), the route is changed but when the LTE come back UP, my default route will always stay via the dsl router even if I reboot the SRX, the RPM won't check.

    How can I do ? As i want LTE router to be primary and DSL secondary (only if I don't have access via the LTE, if the connection come back I want LTE)

    Thanks for your advice :)

    Melih



    ------------------------------
    Melih Aslan
    ------------------------------


  • 2.  RE: IP Monitoring - 2 ISPs

    Posted 09-15-2023 17:49

    Hi Melih,

    There is a version of JunOS I have seen where the ip-monitoring state flag would get stuck, would you mind sharing your code version and the service { rpm & ip-monitoring} configuration snips?

    With internet failover you must ensure you have a source-address and detination-interface defined or the RPM will flap when the traffic is diverted to the alternate link. Also, using the preferred-route option under the ip-monitoring  policy {then} statement is advised. Make sure that you do not set the no-preempt flag on the ip-monitoring policy....

    Example below...

    services {
        rpm {
            probe primary {
                test primary {
                    probe-type icmp-ping;
                    target address x.y.z.1;
                    probe-count 5;
                    probe-interval 5;
                    test-interval 10;
                    source-address x.y.z.2;
                    thresholds {
                        successive-loss 5;
                    }
                    destination-interface dl0.0;
                    hardware-timestamp;
                }
            }
        }
        ip-monitoring {
            policy primary-check {
                match {
                    rpm-probe primary;
                }
                then {
                    preferred-route {
                        route 0.0.0.0/0 {
                            next-hop st0.1;
                            preferred-metric 10;
                        }
                    }
                }
            }
        }
    }


    ------------------------------
    GAVIN WHITE
    ------------------------------



  • 3.  RE: IP Monitoring - 2 ISPs

    Posted 09-19-2023 06:20

    Hello Gavin,

    Thanks for your reply !

    I found a solution before I get your return ! Here is my configuration :

    services {
        rpm {
            probe WAN1-monitor-1 {
                test monitor-1 {
                    probe-type icmp-ping;
                    target address 8.8.8.8;
                    probe-count 5;
                    probe-interval 5;
                    test-interval 3;
                    source-address 192.168.2.2;
                    thresholds {
                        successive-loss 5;
                    }
                }
            }
        }
        ip-monitoring {
            policy track-isp1 {
                match {
                    rpm-probe WAN1-monitor-1;
                }
                then {
                    preferred-route {
                        route 0.0.0.0/0 {
                            next-hop 192.168.3.1;
                        }
                    }
                }
            }
        }
    }

    routing-options {
        static {
            route 0.0.0.0/0 {
                next-hop 192.168.2.1;
                metric 10;
            }
            route 8.8.8.8/32 {
                qualified-next-hop 192.168.2.1 {
                    metric 1;
                }
                qualified-next-hop 192.168.3.1 {
                    metric 10;
                }
            }
        }
    }

    So I'm pinging Google from WAN1 to test if I have access to Internet, if not, it will put a new default route to access via WAN2.



    ------------------------------
    Melih Aslan
    ------------------------------