Thursday, February 14, 2013

Juniper Static Route Failover

In this scenario, we are doing static routing, but we want the capability to provide fast failover in the event of an outage. We can use Bi-directional Forwarding Detection, but this requires it to be set up on both ends. Let's assume for this exercise that BFD is not an option for our neighbor routers.


As you can see (from left to right), we have one core Juniper router (10.0.0.1) and 2 next hops. Lets pretend that these next hops are both ISPs that we want in place for business continuity in the event that one ISP should experience an outage.

Core Juniper Router Configuration:

Configure a static route:
set routing-options static route 0.0.0.0/0 next-hop 10.0.0.2

Configure Real-time Performance Monitoring:
set services rpm probe ROUTE1 test ROUTE1 target address 10.0.0.2
set services rpm probe ROUTE1 test ROUTE1 probe-count 3
set services rpm probe ROUTE1 test ROUTE1 probe-interval 15
set services rpm probe ROUTE1 test ROUTE1 test-interval 10
set services rpm probe ROUTE1 test ROUTE1 thresholds successive-loss 3
set services rpm probe ROUTE1 test ROUTE1 thresholds total-loss 3
set services rpm probe ROUTE1 test ROUTE1 next-hop 10.0.0.2

Configure IP Monitoring:
set services ip-monitoring policy ROUTE1 match rpm-probe ROUTE1
set services ip-monitoring policy ROUTE1 then preferred-route route 0.0.0.0/0 next-hop 10.0.0.3

With the above configuration, we are telling our router to monitor the connection to our next hop. Should our performance monitoring metrics fail, then our policy that we create under the services ip-monitoring hierarchy will be applied.

We can verify that RPM is running properly by issuing the following command from operational mode:
show services rpm history-results


Owner, Test                 Probe received                          Round trip time
ROUTE1, ROUTE1    Wed Feb  6 01:26:34 2013       1461 usec
ROUTE1, ROUTE1    Wed Feb  6 01:26:49 2013       1477 usec

ROUTE1, ROUTE1    Wed Feb  6 01:27:04 2013       7215 usec

ROUTE1, ROUTE1    Wed Feb  6 01:27:14 2013       1420 usec


We can verify whether or not our IP monitoring policy has been applied by issuing the following command from operational mode:
show services ip-monitoring status


Policy - ROUTE1
  RPM Probes:
    Probe name             Address          Status   
    ---------------------- ---------------- ---------
    ROUTE1                 10.0.0.2       PASS     
  Route-Action:
    route-instance    route             next-hop         State
    ----------------- ----------------- ---------------- ------------- 
    inet.0               0.0.0.0           10.0.0.3     NOT-APPLIED

Enjoy!

4 comments:

  1. i think there is an error on your example in this line?
    set services ip-monitoring policy ROUTE1 then preferred-route route 10.0.99.0/24 next-hop 10.0.0.3

    it should be?

    set services ip-monitoring policy ROUTE1 then preferred-route route 0/0 next-hop 10.0.0.3

    ReplyDelete
  2. Hi Hugo, you are correct. I will change it. When I originally was testing I had a remote network of 10.0.99.0/24 that I wanted to change the route for. In this instance since we are just monitoring the default route it would be 0/0. Thanks!

    ReplyDelete
  3. Hi Mitchell, if router 10.0.0.1 is a MX960 router, not service ip-monitoring, how to config ?

    ReplyDelete
    Replies
    1. quangdung, there are multiple ways to do this. You can use dynamic routing with BFD, for example. You could also load balance per flow as well. It all depends on what you are trying to accomplish.

      Delete