[j-nsp] rpm / ip-monitoring
Ben Dale
bdale at comlinx.com.au
Thu Aug 28 10:17:30 EDT 2014
Rather than making configuration changes, if you're running recent code (12.1) on branch SRX, have a look at the preferred-route option in ip-monitoring.
You can override your default route dynamically based on the RPM failing, without having to override config.
The day this is feature (and ip-monitoring in general) is merged back down to mainline Junos will be a glorious one...
Cheers,
Ben
On 28 Aug 2014, at 9:00 pm, Mattias Gyllenvarg <mattias at gyllenvarg.se> wrote:
> I have looked over these and they are the basis of the configuration I am
> using.
>
> The setup is advanced in some senses.
>
> The Primary link is a to an IP-VPN running BGP to the "mpls cloud" of a
> global operator.
> So, from there I get a default that I override with a static OR dynamic
> default to a local Internet connection that also serves as backup via IPsec
> (BGP on top of that too but peers with a HUB node and not the "cloud").
>
> As the local internet is just a cheap line, I do not have the luxury of BGP
> and so must use some other metod like this one.
>
> What I would have want is to have the ip-monitor not actually disable the
> interface and just set the admin-distance for it to the worst level.
>
> That way the test would still work as it requests the packet be sent by the
> exact interface, but no other traffic would take this route unless all
> other options are down.
>
> //Mattias
>
>
>
> On Thu, Aug 28, 2014 at 10:50 AM, Darren O'Connor <darrenoc at outlook.com>
> wrote:
>
>> A small topology diagram would help so we could figure out exactly what
>> this interface points to. Not sure if its in the path or not. If it is,
>> then the below comments already state what the problem is.
>>
>> Thanks
>> Darren
>> http://www.mellowd.co.uk/ccie
>>
>>
>>
>>> Date: Wed, 27 Aug 2014 17:52:02 -0700
>>> From: gonnason at gmail.com
>>> To: juniper-nsp at puck.nether.net
>>> Subject: Re: [j-nsp] rpm / ip-monitoring
>>>
>>> Instead of disabling the interface, can you just alter routing to avoid
>>> that path, but RPM could still test since that interface would still be
>> up?
>>>
>>> -Mike Gonnason
>>>
>>>
>>> On Wed, Aug 27, 2014 at 5:37 PM, Tyler Christiansen <tyler at adap.tv>
>> wrote:
>>>
>>>> Good point. I glossed over that a bit.
>>>>
>>>> In that case, you won't even be able to test if it's working or not as
>> you
>>>> have disabled it (as Andrew points out). I suppose you could write a
>>>> script that re-enables the interface every hour or twenty four hours or
>>>> whatever interval, then the RPM probe would just shut it back down if
>> it's
>>>> not fixing, but that seems a bit of a hassle.
>>>>
>>>> --tc
>>>>
>>>>
>>>> On Wed, Aug 27, 2014 at 4:35 PM, Andrew Jones <aj at jonesy.com.au>
>> wrote:
>>>>
>>>>> Surely the test will never recover without intervention, as the
>> interface
>>>>> it uses gets disabled?
>>>>>
>>>>>
>>>>> On 28.08.2014 02:28, Tyler Christiansen wrote:
>>>>>
>>>>>> I could be mistaken, but I believe it automatically reverts when the
>>>> test
>>>>>> is successful unless you specify no-preempt.
>>>>>>
>>>>>>
>>>>>> On Wed, Aug 27, 2014 at 12:50 AM, Mattias Gyllenvarg <
>>>>>> mattias at gyllenvarg.se>
>>>>>> wrote:
>>>>>>
>>>>>> Dear List
>>>>>>>
>>>>>>> I have a rpm /ip-monitor setup that is supposed to test the
>> function
>>>> of a
>>>>>>> local internet line (ping internet destination).
>>>>>>>
>>>>>>> And disable it if it is not responding.
>>>>>>>
>>>>>>> This works fine BUT, how do I get it to re-enable when it is
>> working
>>>>>>> again.
>>>>>>>
>>>>>>> I need this to work with DHCP so I cannot work with a default
>> route.
>>>>>>>
>>>>>>>
>>>>>>> **********************
>>>>>>>
>>>>>>> services {
>>>>>>> rpm {
>>>>>>> probe Internet {
>>>>>>> test PING-GOOGLE-DNS {
>>>>>>> target address 8.8.8.8;
>>>>>>> probe-count 5;
>>>>>>> probe-interval 2;
>>>>>>> test-interval 20;
>>>>>>> thresholds {
>>>>>>> total-loss 4;
>>>>>>> }
>>>>>>> destination-interface fe-0/0/3.0;
>>>>>>> }
>>>>>>> }
>>>>>>> }
>>>>>>> ip-monitoring {
>>>>>>> policy Local-Internet-Test {
>>>>>>> match {
>>>>>>> rpm-probe Internet;
>>>>>>> }
>>>>>>> then {
>>>>>>> interface fe-0/0/3 {
>>>>>>> disable;
>>>>>>> }
>>>>>>> }
>>>>>>> }
>>>>>>> }
>>>>>>> }
>>>>>>>
>>>>>>> *************************
>>>>>>>
>>>>>>> --
>>>>>>> *Med Vänliga Hälsningar / Best Regards*
>>>>>>> *Mattias Gyllenvarg*
>>>>>>> _______________________________________________
>>>>>>> juniper-nsp mailing list juniper-nsp at puck.nether.net
>>>>>>> https://puck.nether.net/mailman/listinfo/juniper-nsp
>>>>>>>
>>>>>> _______________________________________________
>>>>>> juniper-nsp mailing list juniper-nsp at puck.nether.net
>>>>>> https://puck.nether.net/mailman/listinfo/juniper-nsp
>>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> juniper-nsp mailing list juniper-nsp at puck.nether.net
>>>>> https://puck.nether.net/mailman/listinfo/juniper-nsp
>>>>>
>>>>
>>>>
>>>>
>>>> --
>>>>
>>>> *Tyler Christiansen | Technical Operations*
>>>> tyler <http://adap.tv/>@adap.tv <http://adap.tv/> | www.adap.tv
>>>> *m :* 864.346.4095
>>>> _______________________________________________
>>>> juniper-nsp mailing list juniper-nsp at puck.nether.net
>>>> https://puck.nether.net/mailman/listinfo/juniper-nsp
>>>>
>>> _______________________________________________
>>> juniper-nsp mailing list juniper-nsp at puck.nether.net
>>> https://puck.nether.net/mailman/listinfo/juniper-nsp
>>
>> _______________________________________________
>> juniper-nsp mailing list juniper-nsp at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/juniper-nsp
>>
>
>
>
> --
> *Med Vänliga Hälsningar / Best Regards*
> *Mattias Gyllenvarg*
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
More information about the juniper-nsp
mailing list