Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[SRX] Example - RPM with event-options for route failover

0

0
Article ID: KB35533 KB Last Updated: 05 Jun 2020Version: 2.0 Summary:

This article provides a configuration example of how to configure reverse path multicasting (RPM) with event-options for route failover when you have static routing configured for the primary route and dynamic routing configured for the secondary route on SRX devices.

 

Symptoms:

In some scenarios, when you have static routing configured for the primary route and dynamic routing configured for the secondary route on SRX devices, RPM with event-options can be used for failover of route from static to dynamic routing.

In this example setup, we have an SRX device connected to two ISPs: ISP-A to which a static route is configured and ISP-B to which a Border Gateway Protocol (BGP) is configured.

Topology

Since static routes have the lowest preference value, the SRX device would choose it as the preferred route.

root> show route 

0.0.0.0/0          *[Static/5] 00:01:57
                    > to 192.168.2.1 via ge-0/0/2.0
                    [BGP/170] 00:36:03, localpref 100
                      AS path: 100 I, validation-state: unverified
                    > to 192.168.3.1 via ge-0/0/3.0

When ISP-A goes down, the static route will not be removed until the interface is physically down, resulting in traffic drop.

While you can disable the interface by configuring IP monitoring so that the static route is removed, the routes will not fall back when ISP-A is back again.

 

Solution:

To configure RPM with event-options for route failover when you have configured static routing for the primary route and dynamic routing for the secondary route, use the following example:

RPM configuration to detect ISP liveliness

set services rpm probe STATIC-ROUTE-ISP-A test test-1 probe-type icmp-ping
set services rpm probe STATIC-ROUTE-ISP-A test test-1 target address 192.168.2.1
set services rpm probe STATIC-ROUTE-ISP-A test test-1 test-interval 3
set services rpm probe STATIC-ROUTE-ISP-A test test-1 thresholds successive-loss 3
set services rpm probe STATIC-ROUTE-ISP-A test test-1 next-hop 192.168.2.1

event-options configuration to deactivate the static route when ISP-A fails

set event-options policy disable-on-ping-failure events ping_test_failed
set event-options policy disable-on-ping-failure events ping_probe_failed
set event-options policy disable-on-ping-failure within 30 trigger until
set event-options policy disable-on-ping-failure within 30 trigger 4
set event-options policy disable-on-ping-failure within 25 trigger on
set event-options policy disable-on-ping-failure within 25 trigger 3
set event-options policy disable-on-ping-failure attributes-match ping_test_failed.test-owner matches STATIC-ROUTE-ISP-A
set event-options policy disable-on-ping-failure attributes-match ping_test_failed.test-name matches test-1
set event-options policy disable-on-ping-failure then change-configuration commands "deactivate routing-options static route 0.0.0.0/0"

event-options configuration to activate the static route when ISP-A is active again

set event-options policy enable-on-ping-success events ping_test_completed
set event-options policy enable-on-ping-success within 20 trigger on
set event-options policy enable-on-ping-success within 20 trigger 3
set event-options policy enable-on-ping-success within 25 trigger until
set event-options policy enable-on-ping-success within 25 trigger 4
set event-options policy enable-on-ping-success attributes-match ping_test_completed.test-owner matches STATIC-ROUTE-ISP-A
set event-options policy enable-on-ping-success attributes-match ping_test_completed.test-name matches test-1
set event-options policy enable-on-ping-success then change-configuration commands "activate routing-options static route 0.0.0.0/0"

Syslog configuration 

set system syslog file DAEMON-INFO-LOG daemon info
set system syslog file CHANGE-LOG change-log any

Note: If you configure the trigger only on the third condition, the commit operation might go into a loop, which could trigger a high routing-engine CPU. The combination of trigger on 3 and trigger until 4 prevents the event policy from repeatedly making the same configuration change.

Verification

When ISP fails: 

root>show services rpm history-results

STATIC_ROUTE_1, probe-dc-ge1 Tue Mar  3 08:17:58 2020 Tue Mar  3 08:17:58 2020              934 usec
STATIC_ROUTE_1, probe-dc-ge1 Tue Mar  3 08:18:01 2020 Tue Mar  3 08:18:01 2020             1351 usec
STATIC_ROUTE_1, probe-dc-ge1 Tue Mar  3 08:18:04 2020 Tue Mar  3 08:18:04 2020              863 usec
STATIC_ROUTE_1, probe-dc-ge1 Tue Mar  3 08:18:07 2020 Tue Mar  3 08:18:10 2020  Request timed out
STATIC_ROUTE_1, probe-dc-ge1 Tue Mar  3 08:18:10 2020 Tue Mar  3 08:18:13 2020  Request timed out
STATIC_ROUTE_1, probe-dc-ge1 Tue Mar  3 08:18:14 2020 Tue Mar  3 08:18:17 2020  Request timed out
STATIC_ROUTE_1, probe-dc-ge1 Tue Mar  3 08:18:17 2020 Tue Mar  3 08:18:20 2020  Request timed out
STATIC_ROUTE_1, probe-dc-ge1 Tue Mar  3 08:18:20 2020 Tue Mar  3 08:18:23 2020  Request timed out
STATIC_ROUTE_1, probe-dc-ge1 Tue Mar  3 08:18:23 2020 Tue Mar  3 08:18:26 2020  Request timed out
STATIC_ROUTE_1, probe-dc-ge1 Tue Mar  3 08:18:27 2020 Tue Mar  3 08:18:30 2020  Request timed out
root>show log DAEMON-INFO-LOG

Mar  3 08:18:20  SRX-Test rmopd[1835]: PING_TEST_FAILED: pingCtlOwnerIndex = STATIC_ROUTE_1, pingCtlTestName = probe-dc-ge1
Mar  3 08:18:21  SRX-Test file[4408]: UI_CHILD_EXITED: Child exited: PID 4414, status 7, command '/usr/sbin/mustd'
Mar  3 08:18:23  SRX-Test rmopd[1835]: PING_TEST_FAILED: pingCtlOwnerIndex = STATIC_ROUTE_1, pingCtlTestName = probe-dc-ge1
Mar  3 08:18:30  SRX-Test last message repeated 2 times
Mar  3 08:18:33  SRX-Test rmopd[1835]: PING_TEST_FAILED: pingCtlOwnerIndex = STATIC_ROUTE_1, pingCtlTestName = probe-dc-ge1
Mar  3 08:18:36  SRX-Test rpd[1831]: JTASK_TASK_REINIT: Reinitializing
Mar  3 08:18:36  SRX-Test rpd[1831]: L2CKT acquiring mastership for primary
Mar  3 08:18:36  SRX-Test rpd[1831]: L2VPN acquiring mastership for primary
Mar  3 08:18:36  SRX-Test rpd[1831]: task_reconfigure reinitializing done
Mar  3 08:18:36  SRX-Test rmopd[1835]: PING_TEST_FAILED: pingCtlOwnerIndex = STATIC_ROUTE_1, pingCtlTestName = probe-dc-ge1
root>show log CHANGE-LOG | no-more

Mar  3 08:18:19  SRX-Test file[4408]: UI_CFG_AUDIT_OTHER: User 'root' deactivate: [routing-options static route 0.0.0.0/0]
root>show route

inet.0: 9 destinations, 9 routes (9 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

0.0.0.0/0          *[BGP/170] 03:27:49, localpref 100
                      AS path: 100 I, validation-state: unverified
                    > to 192.168.3.1 via ge-0/0/3.0

When ISP-A is active again:

root>show services rpm history-results

STATIC_ROUTE_1, probe-dc-ge1 Tue Mar  3 08:46:18 2020 Tue Mar  3 08:46:21 2020  Request timed out
STATIC_ROUTE_1, probe-dc-ge1 Tue Mar  3 08:46:22 2020 Tue Mar  3 08:46:25 2020  Request timed out
STATIC_ROUTE_1, probe-dc-ge1 Tue Mar  3 08:46:25 2020 Tue Mar  3 08:46:25 2020             1330 usec
STATIC_ROUTE_1, probe-dc-ge1 Tue Mar  3 08:46:28 2020 Tue Mar  3 08:46:28 2020             1331 usec
STATIC_ROUTE_1, probe-dc-ge1 Tue Mar  3 08:46:31 2020 Tue Mar  3 08:46:31 2020              863 usec
STATIC_ROUTE_1, probe-dc-ge1 Tue Mar  3 08:46:34 2020 Tue Mar  3 08:46:34 2020             1335 usec
STATIC_ROUTE_1, probe-dc-ge1 Tue Mar  3 08:46:37 2020 Tue Mar  3 08:46:37 2020             1086 usec
STATIC_ROUTE_1, probe-dc-ge1 Tue Mar  3 08:46:40 2020 Tue Mar  3 08:46:40 2020             1329 usec
STATIC_ROUTE_1, probe-dc-ge1 Tue Mar  3 08:46:43 2020 Tue Mar  3 08:46:43 2020             1199 usec

root>show log DAEMON-INFO-LOG

Mar  3 08:18:36  SRX-Test rmopd[1835]: PING_TEST_FAILED: pingCtlOwnerIndex = STATIC_ROUTE_1, pingCtlTestName = probe-dc-ge1
Mar  3 08:18:59  SRX-Test last message repeated 7 times
Mar  3 08:46:25  SRX-Test rmopd[1835]: PING_TEST_COMPLETED: pingCtlOwnerIndex = STATIC_ROUTE_1, pingCtlTestName = probe-dc-ge1
Mar  3 08:46:31  SRX-Test last message repeated 2 times
Mar  3 08:46:34  SRX-Test rmopd[1835]: PING_TEST_COMPLETED: pingCtlOwnerIndex = STATIC_ROUTE_1, pingCtlTestName = probe-dc-ge1
Mar  3 08:46:35  SRX-Test file[4755]: UI_CHILD_EXITED: Child exited: PID 4761, status 7, command '/usr/sbin/mustd'
Mar  3 08:46:37  SRX-Test rmopd[1835]: PING_TEST_COMPLETED: pingCtlOwnerIndex = STATIC_ROUTE_1, pingCtlTestName = probe-dc-ge1
Mar  3 08:46:43  SRX-Test last message repeated 2 times

root>show log CHANGE-LOG

Mar  3 08:18:19  SRX-Test file[4408]: UI_CFG_AUDIT_OTHER: User 'root' deactivate: [routing-options static route 0.0.0.0/0]
Mar  3 08:46:33  SRX-Test file[4755]: UI_CFG_AUDIT_OTHER: User 'root' activate: [routing-options static route 0.0.0.0/0]

root>show route

inet.0: 9 destinations, 10 routes (9 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

0.0.0.0/0          *[Static/5] 00:00:15
                    > to 192.168.2.1 via ge-0/0/2.0
                    [BGP/170] 03:52:54, localpref 100
                      AS path: 100 I, validation-state: unverified
                    > to 192.168.3.1 via ge-0/0/3.0

 

Related Links

 Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search