Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

Using RPM Probes for Detecting Network Failures

 

A primary interface’s status is not always a good indicator of a network’s connectivity. In some instances, when Layer 2 protocols are unable to detect end-to-end failures, or when multiple network hops separate the services gateway from remote resources, other means of triggering a failover are desired.

This example shows how to configure a set of watch prefixes that when they are not present in the routing table, will enable the dialer interface. Static routing with Bidirectional Forwarding Detection (BFD) or routing protocols can be used to dynamically change the status of the routes in the routing table.

The main advantage of this approach is that real-time performance monitoring (RPM) probes do not require any special routing protocol support or the use of BFD. RPM probes can be configured to use standard Internet Control Message Protocol (ICMP) messages, HTTP get requests, or TCP/UDP pings to verify end-to-end connectivity. The RPM monitor scripts can be downloaded from the following URL: www.juniper.net/support/downloads/

Figure 1 shows the watch prefix.

Figure 1: Watch Prefix
Watch Prefix

Even though this example builds on the scenarios already described (Using the CBA750B 3G/4G Wireless WAN Bridge for Primary Connectivity, Using the CBA750B 3G/4G Wireless WAN Bridge for Management Access, and Using the CBA750B 3G/4G Wireless WAN Bridge for Backup), the following configuration represents a complete working scenario:

/* Enable the commit script. The commit script must be stored under /var/db/scripts/commit */

set system scripts commit allow-transients

set system scripts commit file rpm-monitor-config.xslt

/* Enable the event script. The script file must be stored under /var/db/scripts/event */

set event-options event-script file rpm-monitor.xslt


/* Local dhcp server configuration */

/* This server assigns addresses to the hosts in the Trust network */

set system services dhcp pool 192.168.1.0/24 address-range low 192.168.1.2

set system services dhcp pool 192.168.1.0/24 address-range high 192.168.1.254

set system services dhcp pool 192.168.1.0/24 router 192.168.1.1


/* This configuration creates a log file named rpm-monitor containing the login messages from the script */

set system syslog file rpm-monitor user warning

set system syslog file rpm-monitor match cscript


/* Interface Configs */

set interfaces interface-range Trust member-range fe-0/0/2 to fe-0/0/6

set interfaces interface-range Trust unit 0 family ethernet-switching port-mode access

set interfaces interface-range Trust unit 0 family ethernet-switching vlan members Trust

set interfaces ge-0/0/0 unit 0 family inet address 198.0.0.2/24

set interfaces vlan description CBA750B-data

set interfaces vlan unit 1 description Trust

set interfaces vlan unit 1 family inet address 192.168.1.1/24

set vlans default l3-interface vlan.1


/* The backup interface should be normally disabled */

/* The monitoring scripts point to an RPM probe and, if the probe fails, the script will enable the backup interface */

set interfaces ge-0/0/1 unit 0 apply-macro rpm-monitor-server1 test-name server1

set interfaces ge-0/0/1 unit 0 apply-macro rpm-monitor-server1 test-owner rpm-monitor-probes

set interfaces ge-0/0/1 unit 0 disable

set interfaces ge-0/0/1 unit 0 family inet dhcp


/* RPM probe configuration */

/* Note that we are using the primary link address as the source so, when the backup link is enabled, the probes will still fail unless the primary link comes back up. This script pings destination ‘target’ address. Wait for 5’ ping failures and has a ‘5 second’ probe interval. After 5 pings, the test waits for 15seconds before starting the pings again.*/

set services rpm probe rpm-monitor-probes test server1 probe-type icmp-ping

set services rpm probe rpm-monitor-probes test server1 target address 96.17.23.148

set services rpm probe rpm-monitor-probes test server1 probe-count 5

set services rpm probe rpm-monitor-probes test server1 probe-interval 5

set services rpm probe rpm-monitor-probes test server1 test-interval 15

set services rpm probe rpm-monitor-probes test server1 source-address 10.0.1.20


/* Default route pointing to the primary link */

set routing-options static route 0.0.0.0/0 next-hop 198.0.0.1


/* NAT configuration */

set security nat source rule-set Outbound-NAT from zone trust

set security nat source rule-set Outbound-NAT to zone untrust

set security nat source rule-set Outbound-NAT rule Nat-All match source-address 0.0.0.0/0

set security nat source rule-set Outbound-NAT rule Nat-All match destination-address 0.0.0.0/0

set security nat source rule-set Outbound-NAT rule Nat-All then source-nat interface


* Zones and policies */

set security zones security-zone untrust interfaces ge-0/0/0.0 host-inbound-traffic system-services ping

set security zones security-zone untrust interfaces ge-0/0/1.0 host-inbound-traffic system-services dhcp

set security zones security-zone trust host-inbound-traffic system-services ping

set security zones security-zone trust interfaces vlan.1 host-inbound-traffic system-services dhcp

set security zones security-zone trust interfaces vlan.1 host-inbound-traffic system-services ping

set security zones security-zone trust interfaces vlan.1 host-inbound-traffic system-services ssh

set security policies from-zone trust to-zone untrust policy permit-outbound match source-address any

set security policies from-zone trust to-zone untrust policy permit-outbound match destination-address any

set security policies from-zone trust to-zone untrust policy permit-outbound match application any

set security policies from-zone trust to-zone untrust policy permit-outbound then permit

Monitoring

The 3G signal strength and connection status can be monitored from the CBA750B’s management interface, in the Device Information section under Status -> Internet Connections.

Traffic statistics can be found under Status -> Statistics.

When using the RPM monitor scripts, it is useful to look at the script logs. These logs record events such as probe failures, enabling/disabling of the backup interface, and so on. Using the configuration shown in the example, the logs can be viewed with the show log rpm-monitor command.

# run show log rpm-monitor

Jan 22 05:15:48 SRX210-Home cscript: rpm-monitor: Triggered by ping_test_up test server1 owner rpm-monitor-probes

Jan 22 05:15:48 SRX210-Home cscript: rpm-monitor: RPM probe up flagged, but there is nothing to do with the logical interfaces Jan 22 05:16:59 SRX210-Home cscript: rpm-monitor: Triggered by ping_test_up test server1 owner rpm-monitor-probes

Jan 22 05:16:59 SRX210-Home cscript: rpm-monitor: RPM probe up flagged, but there is nothing to do with the routes

The result of the RPM probes can be viewed with the following command:

pato@SRX210-Home# run show services rpm history-results

Owner, Test Probe received Round trip time

rpm-monitor-probes, server1 Fri Jan 22 05:29:40 2010 192057 usec

rpm-monitor-probes, server1 Fri Jan 22 05:29:45 2010 194821 usec

rpm-monitor-probes, server1 Fri Jan 22 05:29:50 2010 197966 usec

rpm-monitor-probes, server1 Fri Jan 22 05:29:55 2010 188755 usec

rpm-monitor-probes, server1 Fri Jan 22 05:30:00 2010 189775 usec

rpm-monitor-probes, server1 Fri Jan 22 05:30:16 2010 199006 usec

rpm-monitor-probes, server1 Fri Jan 22 05:30:21 2010 190135 usec

rpm-monitor-probes, server1 Fri Jan 22 05:30:26 2010 190896 usec

rpm-monitor-probes, server1 Fri Jan 22 05:30:31 2010 192937 usec

rpm-monitor-probes, server1 Fri Jan 22 05:30:36 2010 203084 usec