Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

Using RPM Probes for Detecting Network Failures

 

A primary interface’s status is not always a good indicator of a network’s connectivity. In some instances, when Layer 2 protocols are unable to detect end-to-end failures, or when multiple network hops separate the services gateway from remote resources, other means of triggering a failover are desired.

This example shows how to configure a set of watch prefixes that, when they are not present in the routing table, will enable the dialer interface. Static routing with Bidirectional Forwarding Detection (BFD) or routing protocols can be used to dynamically change the status of the routes in the routing table.

The main advantage of this approach is that real-time performance monitoring (RPM) probes do not require any special routing protocol support or the use of BFD. RPM probes can be configured to use standard Internet Control Message Protocol (ICMP) messages, HTTP get requests, or TCP/UDP pings to verify end-to-end connectivity. The RPM monitor scripts can be downloaded from the following URL: www.juniper.net/support/downloads/

Figure 1 shows the watch prefix.

Figure 1: Watch Prefix
Watch Prefix

Even though this example builds on the scenarios already described (Using the CBA850 3G/4G/LTE Wireless WAN Bridge for Primary Connectivity and Using the CBA850 3G/4G/LTE Wireless WAN Bridge for Backup), the following configuration represents a complete working scenario:

/* Enable the commit script. The commit script must be stored under /var/db/scripts/commit */

set system scripts commit allow-transients

set system scripts commit file rpm-monitor-config.xslt

/* Enable the event script. The script file must be stored under /var/db/scripts/event */

set event-options event-script file rpm-monitor.xslt


/* Local dhcp server configuration */

/* This server assigns addresses to the hosts in the Trust network */

set system services dhcp pool 192.168.1.0/24 address-range low 192.168.1.2

set system services dhcp pool 192.168.1.0/24 address-range high 192.168.1.254

set system services dhcp pool 192.168.1.0/24 router 192.168.1.1


/* This configuration creates a log file named rpm-monitor containing the login messages from the script */

set system syslog file rpm-monitor user warning

set system syslog file rpm-monitor match cscript


/* Interface Configs */

set interfaces interface-range Trust member-range ge-0/0/2 to ge-0/0/6

set interfaces interface-range Trust unit 0 family ethernet-switching port-mode access

set interfaces interface-range Trust unit 0 family ethernet-switching vlan members Trust

set interfaces ge-0/0/0 unit 0 family inet address 198.0.0.2/24

set interfaces vlan description CBA850-data

set interfaces vlan unit 1 description Trust

set interfaces vlan unit 1 family inet address 192.168.1.1/24

set vlans default l3-interface vlan.1


/* The backup interface should be normally disabled */

/* The monitoring scripts point to an RPM probe and, if the probe fails, the script will enable the backup interface */

set interfaces ge-0/0/1 unit 0 apply-macro rpm-monitor-server1 test-name server1

set interfaces ge-0/0/1 unit 0 apply-macro rpm-monitor-server1 test-owner rpm-monitor-probes

set interfaces ge-0/0/1 unit 0 disable

set interfaces ge-0/0/1 unit 0 family inet dhcp


/* RPM probe configuration */

/* Note that we are using the primary link address as the source so, when the backup link is enabled, the probes will still fail unless the primary link comes back up. This script pings destination ‘target’ address. Wait for 5’ ping failures and has a ‘5 second’ probe interval. After 5 pings, the test waits for 15seconds before starting the pings again.*/

set services rpm probe rpm-monitor-probes test server1 probe-type icmp-ping

set services rpm probe rpm-monitor-probes test server1 target address 96.17.23.148

set services rpm probe rpm-monitor-probes test server1 probe-count 5

set services rpm probe rpm-monitor-probes test server1 probe-interval 5

set services rpm probe rpm-monitor-probes test server1 test-interval 15

set services rpm probe rpm-monitor-probes test server1 source-address 10.0.1.20


/* Default route pointing to the primary link */

set routing-options static route 0.0.0.0/0 next-hop 198.0.0.1


/* NAT configuration */

set security nat source rule-set Outbound-NAT from zone trust

set security nat source rule-set Outbound-NAT to zone untrust

set security nat source rule-set Outbound-NAT rule Nat-All match source-address 0.0.0.0/0

set security nat source rule-set Outbound-NAT rule Nat-All match destination-address 0.0.0.0/0

set security nat source rule-set Outbound-NAT rule Nat-All then source-nat interface


* Zones and policies */

set security zones security-zone untrust interfaces ge-0/0/0.0 host-inbound-traffic system-services ping

set security zones security-zone untrust interfaces ge-0/0/1.0 host-inbound-traffic system-services dhcp

set security zones security-zone trust host-inbound-traffic system-services ping

set security zones security-zone trust interfaces vlan.1 host-inbound-traffic system-services dhcp

set security zones security-zone trust interfaces vlan.1 host-inbound-traffic system-services ping

set security zones security-zone trust interfaces vlan.1 host-inbound-traffic system-services ssh

set security policies from-zone trust to-zone untrust policy permit-outbound match source-address any

set security policies from-zone trust to-zone untrust policy permit-outbound match destination-address any

set security policies from-zone trust to-zone untrust policy permit-outbound match application any

set security policies from-zone trust to-zone untrust policy permit-outbound then permit

Monitoring

The 3G signal strength and connection status can be monitored from the CBA850’s management interface, in the Device Information section under Status->Internet->Connections.

Traffic statistics can be found under Status->Internet->Statistics.

When using the RPM monitor scripts, it is useful to look at the script logs. These logs record events such as probe failures, enabling/disabling of the backup interface, and so on. Using the configuration shown in the example, the logs can be viewed with the show log rpm-monitor command.

The result of the RPM probes can be viewed with the show services rpm history-results command.