SRX

Hello to all,

I have configured SRX1500 for failover. Failover works fine, but restore ( when the failed link gets up again) doesn't.  Here is the configuration : 

FAILOVER:

set event-options policy FBF-FAILOVER events ping_test_failed
set event-options policy FBF-FAILOVER events ping_probe_failed
set event-options policy FBF-FAILOVER within 30 trigger until
set event-options policy FBF-FAILOVER within 30 trigger 4
set event-options policy FBF-FAILOVER within 25 trigger on
set event-options policy FBF-FAILOVER within 25 trigger 3
set event-options policy FBF-FAILOVER attributes-match ping_test_failed.test-owner matches LINK-MONITOR
set event-options policy FBF-FAILOVER attributes-match ping_test_failed.test-name matches check-internet
set event-options policy FBF-FAILOVER then change-configuration commands "delete interfaces ge-0/0/0 unit 0 family inet filter input FBF"

RESTORE:

set event-options policy FBF-RESTORE events ping_test_completed
set event-options policy FBF-RESTORE within 20 trigger on
set event-options policy FBF-RESTORE within 20 trigger 3
set event-options policy FBF-RESTORE within 25 trigger until
set event-options policy FBF-RESTORE within 25 trigger 4
set event-options policy FBF-RESTORE attributes-match ping_test_completed.test-owner matches LINK-MONITOR
set event-options policy FBF-RESTORE attributes-match ping_test_completed.test-name matches check-internet
set event-options policy FBF-RESTORE then change-configuration commands "set interfaces ge-0/0/0 unit 0 family inet filter input FBF"

TIA

What's the RPM configuration? The Restore policy has tighter timings, maybe there aren't enough events for those time intervals to actually trigger the action?

That's probably not it though, a quick search shows others observing similar symptoms.

Hello to all,

I have configured SRX1500 for failover. Failover works fine, but restore ( when the failed link gets up again) doesn't.  Here is the configuration : 

FAILOVER:

set event-options policy FBF-FAILOVER events ping_test_failed
set event-options policy FBF-FAILOVER events ping_probe_failed
set event-options policy FBF-FAILOVER within 30 trigger until
set event-options policy FBF-FAILOVER within 30 trigger 4
set event-options policy FBF-FAILOVER within 25 trigger on
set event-options policy FBF-FAILOVER within 25 trigger 3
set event-options policy FBF-FAILOVER attributes-match ping_test_failed.test-owner matches LINK-MONITOR
set event-options policy FBF-FAILOVER attributes-match ping_test_failed.test-name matches check-internet
set event-options policy FBF-FAILOVER then change-configuration commands "delete interfaces ge-0/0/0 unit 0 family inet filter input FBF"

RESTORE:

set event-options policy FBF-RESTORE events ping_test_completed
set event-options policy FBF-RESTORE within 20 trigger on
set event-options policy FBF-RESTORE within 20 trigger 3
set event-options policy FBF-RESTORE within 25 trigger until
set event-options policy FBF-RESTORE within 25 trigger 4
set event-options policy FBF-RESTORE attributes-match ping_test_completed.test-owner matches LINK-MONITOR
set event-options policy FBF-RESTORE attributes-match ping_test_completed.test-name matches check-internet
set event-options policy FBF-RESTORE then change-configuration commands "set interfaces ge-0/0/0 unit 0 family inet filter input FBF"

TIA

RPM config is:

set services rpm probe LINK-MONITOR test check-internet target address 1.1.1.1
set services rpm probe LINK-MONITOR test check-internet probe-count 3
set services rpm probe LINK-MONITOR test check-internet probe-interval 5
set services rpm probe LINK-MONITOR test check-internet thresholds successive-loss 3

I have changed restore to :

set event-options policy FBF-RESTORE events ping_test_completed
set event-options policy FBF-RESTORE within 60 trigger on
set event-options policy FBF-RESTORE within 60 trigger 1
set event-options policy FBF-RESTORE attributes-match ping_test_completed.test-owner matches LINK-MONITOR
set event-options policy FBF-RESTORE attributes-match ping_test_completed.test-name matches check-internet
set event-options policy FBF-RESTORE then change-configuration commands "set interfaces ge-0/0/0 unit 0 family inet filter input FBF"

But, still doesn't work.

What's the RPM configuration? The Restore policy has tighter timings, maybe there aren't enough events for those time intervals to actually trigger the action?

That's probably not it though, a quick search shows others observing similar symptoms.

Hello to all,

I have configured SRX1500 for failover. Failover works fine, but restore ( when the failed link gets up again) doesn't.  Here is the configuration : 

FAILOVER:

set event-options policy FBF-FAILOVER events ping_test_failed
set event-options policy FBF-FAILOVER events ping_probe_failed
set event-options policy FBF-FAILOVER within 30 trigger until
set event-options policy FBF-FAILOVER within 30 trigger 4
set event-options policy FBF-FAILOVER within 25 trigger on
set event-options policy FBF-FAILOVER within 25 trigger 3
set event-options policy FBF-FAILOVER attributes-match ping_test_failed.test-owner matches LINK-MONITOR
set event-options policy FBF-FAILOVER attributes-match ping_test_failed.test-name matches check-internet
set event-options policy FBF-FAILOVER then change-configuration commands "delete interfaces ge-0/0/0 unit 0 family inet filter input FBF"

RESTORE:

set event-options policy FBF-RESTORE events ping_test_completed
set event-options policy FBF-RESTORE within 20 trigger on
set event-options policy FBF-RESTORE within 20 trigger 3
set event-options policy FBF-RESTORE within 25 trigger until
set event-options policy FBF-RESTORE within 25 trigger 4
set event-options policy FBF-RESTORE attributes-match ping_test_completed.test-owner matches LINK-MONITOR
set event-options policy FBF-RESTORE attributes-match ping_test_completed.test-name matches check-internet
set event-options policy FBF-RESTORE then change-configuration commands "set interfaces ge-0/0/0 unit 0 family inet filter input FBF"

TIA

Try capturing the ping_test events into a log file so we can pretend to be the event-options engine and follow along. Based on the combination of success and failure events, perhaps both policies get triggered?

RPM config is:

set services rpm probe LINK-MONITOR test check-internet target address 1.1.1.1
set services rpm probe LINK-MONITOR test check-internet probe-count 3
set services rpm probe LINK-MONITOR test check-internet probe-interval 5
set services rpm probe LINK-MONITOR test check-internet thresholds successive-loss 3

I have changed restore to :

set event-options policy FBF-RESTORE events ping_test_completed
set event-options policy FBF-RESTORE within 60 trigger on
set event-options policy FBF-RESTORE within 60 trigger 1
set event-options policy FBF-RESTORE attributes-match ping_test_completed.test-owner matches LINK-MONITOR
set event-options policy FBF-RESTORE attributes-match ping_test_completed.test-name matches check-internet
set event-options policy FBF-RESTORE then change-configuration commands "set interfaces ge-0/0/0 unit 0 family inet filter input FBF"

But, still doesn't work.

What's the RPM configuration? The Restore policy has tighter timings, maybe there aren't enough events for those time intervals to actually trigger the action?

That's probably not it though, a quick search shows others observing similar symptoms.

Hello to all,

I have configured SRX1500 for failover. Failover works fine, but restore ( when the failed link gets up again) doesn't.  Here is the configuration : 

FAILOVER:

set event-options policy FBF-FAILOVER events ping_test_failed
set event-options policy FBF-FAILOVER events ping_probe_failed
set event-options policy FBF-FAILOVER within 30 trigger until
set event-options policy FBF-FAILOVER within 30 trigger 4
set event-options policy FBF-FAILOVER within 25 trigger on
set event-options policy FBF-FAILOVER within 25 trigger 3
set event-options policy FBF-FAILOVER attributes-match ping_test_failed.test-owner matches LINK-MONITOR
set event-options policy FBF-FAILOVER attributes-match ping_test_failed.test-name matches check-internet
set event-options policy FBF-FAILOVER then change-configuration commands "delete interfaces ge-0/0/0 unit 0 family inet filter input FBF"

RESTORE:

set event-options policy FBF-RESTORE events ping_test_completed
set event-options policy FBF-RESTORE within 20 trigger on
set event-options policy FBF-RESTORE within 20 trigger 3
set event-options policy FBF-RESTORE within 25 trigger until
set event-options policy FBF-RESTORE within 25 trigger 4
set event-options policy FBF-RESTORE attributes-match ping_test_completed.test-owner matches LINK-MONITOR
set event-options policy FBF-RESTORE attributes-match ping_test_completed.test-name matches check-internet
set event-options policy FBF-RESTORE then change-configuration commands "set interfaces ge-0/0/0 unit 0 family inet filter input FBF"

TIA