IP Monitoring
In this post, I will show an example of how you can monitor a certain gateway for a specific route and if the gateway isn’t responding to ICMP requests, you can fail over to another gateway device. 
root@srx# run show route 172.1.1.0/24
inet.0: 10 destinations, 10 routes (10 active, 0 holddown, 0 hidden)
Restart Complete
+ = Active Route, - = Last Active, * = Both
172.1.1.0/24 *[Static/5] 00:20:03
> to 10.11.1.100 via reth0.0
Currently for 172.1.1.0/24 we send our packets to GW2 (10.11.1.100). What we would like to do is if this device can’t respond to ICMP requests, we will forward packets to the other gateway GW1 (10.11.1.1)
Configuration is pretty straight forward and self explanatory I believe.
root@srx# show services
rpm {
probe remote-gw {
test icmp-test {
probe-type icmp-ping;
target address 10.11.1.100;
probe-count 10;
probe-interval 1;
test-interval 30;
thresholds {
successive-loss 5;
total-loss 5;
}
}
}
}
ip-monitoring {
policy track_gw_health {
match {
rpm-probe remote-gw;
}
then {
preferred-route {
route 172.1.1.0/24 {
next-hop 10.11.1.1;
}
}
}
}
}
We are monitoring GW2 (10.11.1.100) with RPM probe and by using the ip-monitoring stanza, if this probe fails we are installing the route 172.1.1.0/24 with another next-hop GW1. When everything is working as expected i.e GW2 is responding to requests, probe status is PASS as you can see.
root@srx> show services ip-monitoring status
Policy - track_gw_health (Status: PASS)
RPM Probes:
Probe name Test Name Address Status
---------------------- --------------- ---------------- ---------
remote-gw icmp-test 10.11.1.100 PASS
Route-Action:
route-instance route next-hop state
----------------- ----------------- ---------------- -------------
inet.0 172.1.1.0/24 10.11.1.1 NOT-APPLIED
If we simulate a fail scenario, here what happens;
root@srx> show services ip-monitoring status
Policy - track_gw_health (Status: FAIL)
RPM Probes:
Probe name Test Name Address Status
---------------------- --------------- ---------------- ---------
remote-gw icmp-test 10.11.1.100 FAIL
Route-Action:
route-instance route next-hop state
----------------- ----------------- ---------------- -------------
inet.0 172.1.1.0/24 10.11.1.1 APPLIED
root@srx> show route 172.1.1.0/24
inet.0: 10 destinations, 11 routes (10 active, 0 holddown, 0 hidden)
Restart Complete
+ = Active Route, - = Last Active, * = Both
172.1.1.0/24 *[Static/1] 00:00:12, metric2 0
> to 10.11.1.1 via reth0.0
[Static/5] 00:27:32
> to 10.11.1.100 via reth0.0
Status turns to FAIL and as it can be seen in the routing table, route is installed with the new next hop.
So much awesomeness! I only wish my work would use more Juniper SRX’s instead of Cisco ASA’s.
🙂
more PA posts 🙂
Hopefully Victor:)