Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

Configuring IP Monitoring with Route Failover

 

Using IP monitoring with route failover, you can track an IP address or a set of IP addresses using a real-time performance monitoring (RPM) probe. If the RPM probe fails, you can inject a route into the routing table. After the RPM probe successfully reaches its target, the route is withdrawn from both the routing and forwarding tables.

Figure 1 shows the topology used in the configuration example and how IP monitoring works.

Figure 1: Real-Time Performance Monitoring Topology
Real-Time Performance Monitoring Topology

In the normal state of operation, the next-hop router to reach IP address 5.1.1.1 on the SRX Series gateway is 1.1.1.2. However, when the RPM probe to IP address 5.1.1.2 fails, you should use IP address 2.1.1.2 as the next hop.

To achieve this result, define an RPM probe to monitor IP address 5.1.1.2. Enter the following configuration:

Also configure the IP monitoring policy to add a preferred route when the RPM probe fails. Enter the following configuration:

In the steady state, you can reach IP address 5.1.1.1 through the device with the IP address 1.1.1.2, and the RPM probes are successful. To verify the operation of the steady state, use the following commands:

root# run traceroute 5.1.1.1 source 10.1.1.1

In the following show command output, the PASS results in the Status field indicates that the probe is successful:

root# run show services ip-monitoring status

In the following show command output, the Probes sent count and Probes received count are equal and the Loss percentage is 0. This indicates that the probe is successful.

root# run show services rpm probe-results

When IP address 5.1.1.2 is unreachable, the RPM probes fail, and the route specified in the IP monitoring configuration is pushed to the routing table. The route pushed has a preference of one (1), which has a higher preference than any static route or route learned through a routing protocol. The server with the IP address of 5.1.1.1 is now reachable through the device with the IP address of 2.1.1.2. To verify the operation of the fail state, use the following commands:

root# run show services ip-monitoring status

In the following show command output, to 2.1.1.2 via fe-0/0/2.0 indicates that the route has changed:

root# run show route 5.1.1.1

In the following show command output, (2.1.1.2) indicates that the route has changed from (1.1.1.2) shown in the steady state traceroute:

root# run traceroute 5.1.1.1 source 10.1.1.1

When IP address 5.1.1.2 is again reachable, the RPM probe successfully reaches its target, and the route that was added in the routing table is withdrawn.

To verify the operation of the restored steady state, use the following commands and verify that the results are similar to the steady-state results previously described:

root# run show services rpm probe-results
root# run show route 5.1.1.1
root# run show services ip-monitoring status
root# run traceroute 5.1.1.1 source 10.1.1.1

It is important to note that in the RPM configuration, you specify the next-hop value. This guarantees that all of the probes (even after the failover) take the same route to reach the tracked IP address.

Without the next-hop value, it is possible that after the new route is injected (when the RPM probe fails), there might be a new route to reach the tracked IP address. It is also possible that if the system chooses this new route, an upstream router might not have a route to the tracked IP address, the probes might always fail, and the system might never fail back. Hence, it is always a best practice to include the next-hop statement in the configuration.