Introduction
This is blog we will see how to enable automatic failover of route when Internet is having issue via primary ISP1.
Static route do not have ability to monitor network issue in next hop. Static route will create traffic blackhole as static route will not become inactive if there is issue in next hop network.
Refer below topology in which we have dual ISP connected to SRX.
Fig 1 Topology
In normal scenario, internal LAN host behind the vSRX is able to reach Internet destination ip address 5.1.1.1 via ISP1 1.1.1.1.
Issue
We have issue in ISP1 network. In this case, static route will not prefer ISP2.
Primary ISP1 next hop 1.1.1.1 is not reachable but static route is preferring ISP1. Primary ISP1 static route will not disappear from routing table until interface goes down in vSRX.
Due to this, LAN host will not have Internet access until we remove ISP1 static route.
Next hop is not reachable but still static route is pointing to problematic next hop.
Solution
We can configure ip monitoring to solve this solution. IP monitoring will monitor test servers in Internet. If test server is not reachable, then route will prefer backup ISP2 path without any manual intervention.
Lets see that in action.
As per above Fig1, we have test server in Internet with ip address 5.1.1.2. Lets try to monitor that server and configure ip monitor route failover feature when that ip address 5.1.1.2 is not reachable, vSRX should prefer ISP2.
Below is the configuration applied in vSRX to achieve route failover.
Configuration:
set services rpm probe Internet-Server test test-srv target address 5.1.1.2
set services rpm probe Internet-Server test test-srv probe-count 5
set services rpm probe Internet-Server test test-srv probe-interval 5
set services rpm probe Internet-Server test test-srv test-interval 3
set services rpm probe Internet-Server test test-srv thresholds successive-loss 5
set services rpm probe Internet-Server test test-srv destination-interface ge-0/0/0.0
set services rpm probe Internet-Server test test-srv hardware-timestamp
set services rpm probe Internet-Server test test-srv next-hop 1.1.1.1
set services ip-monitoring policy Internet match rpm-probe Internet-Server
set services ip-monitoring policy Internet then preferred-route route 0.0.0.0/ next-hop 2.1.1.1
During normal scenario, test server 5.1.1.2 is reachable via ISP1. So ip monitor status is PASS.
LAN host is able to reach Internet destination 5.1.1.2 via ISP1.
Routing table of vSRX shows that next hop primary static route is ISP1.
Let's see what happens when ISP1 is having network issue.
Now we are unable to reach ISP1 next hop 1.1.1.1. IP monitor service automatically installs static route preferring ISP2 based on above configuration.
root@CE> ping 1.1.1.1 rapid
PING 1.1.1.1 (1.1.1.1): 56 data bytes Issue with ISP1
.....
--- 1.1.1.1 ping statistics ---
5 packets transmitted, 0 packets received, 100% packet loss
root@CE> show route
inet.0: 7 destinations, 9 routes (7 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
0.0.0.0/0 *[Static/1] 00:00:10, metric2 0 IP monitor installs ISP2 route
> to 2.1.1.1 via ge-0/0/1.0
[Static/5] 00:27:26
> to 1.1.1.1 via ge-0/0/0.0
[Static/7] 00:35:37
> to 2.1.1.1 via ge-0/0/1.0 Manual static route
LAN host is able to reach Internet destination 5.1.1.2 via ISP2.
INT> trace 5.1.1.1
trace to 5.1.1.1, 8 hops max, press Ctrl+C to stop
1 10.1.1.1 0.523 ms 0.316 ms 0.307 ms
2 2.1.1.1 2.480 ms 2.038 ms 2.327 ms <-- ISP2
3 *5.1.1.1 5.110 ms (ICMP type:3, code:3, Destination port unreachable)
