IP Monitoring

In this post, I will show an example of how you can monitor a certain gateway for a specific route and if the gateway isn’t responding to ICMP requests, you can fail over to another gateway device. ip_monitoring

root@srx# run show route 172.1.1.0/24 

inet.0: 10 destinations, 10 routes (10 active, 0 holddown, 0 hidden)
Restart Complete
+ = Active Route, - = Last Active, * = Both

172.1.1.0/24       *[Static/5] 00:20:03
                    > to 10.11.1.100 via reth0.0

Currently for 172.1.1.0/24 we send our packets to GW2 (10.11.1.100). What we would like to do is if this device can’t respond to ICMP requests, we will forward packets to the other gateway GW1 (10.11.1.1)

Configuration is pretty straight forward and self explanatory I believe.

root@srx# show services 
rpm {
    probe remote-gw {
        test icmp-test {
            probe-type icmp-ping;
            target address 10.11.1.100;
            probe-count 10;
            probe-interval 1;
            test-interval 30;
            thresholds {
                successive-loss 5;
                total-loss 5;
            }
        }
    }
}
ip-monitoring {
    policy track_gw_health {
        match {
            rpm-probe remote-gw;
        }
        then {
            preferred-route {
                route 172.1.1.0/24 {
                    next-hop 10.11.1.1;
                }
            }
        }
    }
}

We are monitoring GW2 (10.11.1.100) with RPM probe and by using the ip-monitoring stanza, if this probe fails we are installing the route 172.1.1.0/24 with another next-hop GW1. When everything is working as expected i.e GW2 is responding to requests, probe status is PASS as you can see.

root@srx> show services ip-monitoring status 

Policy - track_gw_health (Status: PASS)
  RPM Probes:
    Probe name             Test Name       Address          Status   
    ---------------------- --------------- ---------------- ---------
    remote-gw              icmp-test       10.11.1.100      PASS     
  Route-Action:
    route-instance    route             next-hop         state
    ----------------- ----------------- ---------------- ------------- 
    inet.0            172.1.1.0/24      10.11.1.1        NOT-APPLIED  

If we simulate a fail scenario, here what happens;

root@srx> show services ip-monitoring status    

Policy - track_gw_health (Status: FAIL)
  RPM Probes:
    Probe name             Test Name       Address          Status   
    ---------------------- --------------- ---------------- ---------
    remote-gw              icmp-test       10.11.1.100      FAIL     
  Route-Action:
    route-instance    route             next-hop         state
    ----------------- ----------------- ---------------- ------------- 
    inet.0            172.1.1.0/24      10.11.1.1        APPLIED      


root@srx> show route 172.1.1.0/24               

inet.0: 10 destinations, 11 routes (10 active, 0 holddown, 0 hidden)
Restart Complete
+ = Active Route, - = Last Active, * = Both

172.1.1.0/24       *[Static/1] 00:00:12, metric2 0
                    > to 10.11.1.1 via reth0.0
                    [Static/5] 00:27:32
                    > to 10.11.1.100 via reth0.0

Status turns to FAIL and as it can be seen in the routing table, route is installed with the new next hop.

About: rtoodtoo

Worked for more than 10 years as a Network/Support Engineer and also interested in Python, Linux, Security and SD-WAN // JNCIE-SEC #223 / RHCE / PCNSE


4 thoughts on “IP Monitoring”

Leave a Reply to VCancel reply

Discover more from RtoDto.net

Subscribe now to keep reading and get access to the full archive.

Continue reading