I have two SRX300s in a chassis cluster (working fine) with two ISP feeds and I want to have fail over between the ISPs. Both ISP interfaces are DHCP with DHCP assigned gateways. I have the ISP connections working and I have assigned them to routing instances. I also have RPM probes working for each ISP connection.
I am stuck on how to do fail over between ISPs since the ISP interface IP addresses are dynamically assigned by DHCP. I would also like to be able to do filter based forwarding (most hosts on the network will use the first ISP, but some hosts on the network will use the second ISP, unless the second ISP is down).
Any help on getting this working is appreciated.
Here is my current configuration:
Here are the routing tables:
The RPM probes are working:
And a simple network diagram:
I am stuck on how to do fail over between ISPs since the ISP interface IP addresses are dynamically assigned by DHCP. I would also like to be able to do filter based forwarding (most hosts on the network will use the first ISP, but some hosts on the network will use the second ISP, unless the second ISP is down).
Any help on getting this working is appreciated.
Here is my current configuration:
Code:
version 22.4R1.10;
groups {
node0 {
system {
host-name srx300-1;
}
}
node1 {
system {
host-name srx300-2;
}
}
}
apply-groups "${node}";
chassis {
cluster {
reth-count 4;
redundancy-group 0 {
node 0 priority 200;
node 1 priority 100;
}
redundancy-group 1 {
node 0 priority 200;
node 1 priority 100;
preempt;
interface-monitor {
reth0 weight 255;
}
}
}
}
services {
rpm {
probe ISP1-probe {
test ISP1-test {
target address 8.8.8.8;
probe-count 3;
probe-interval 2;
test-interval 2;
thresholds {
successive-loss 3;
total-loss 3;
}
destination-interface reth0.297;
}
}
probe ISP2-probe {
test ISP2-test {
target address 1.1.1.1;
probe-count 3;
probe-interval 2;
test-interval 2;
thresholds {
successive-loss 3;
total-loss 3;
}
destination-interface reth0.296;
}
}
}
ip-monitoring {
policy Test-ISP1 {
match {
rpm-probe ISP1-probe;
}
}
policy Test-ISP2 {
match {
rpm-probe ISP2-probe;
}
}
}
}
security {
security zones, policies, etc. deleted for brevity
}
interfaces {
ge-0/0/2 {
gigether-options {
redundant-parent reth0;
}
}
ge-0/0/3 {
gigether-options {
redundant-parent reth0;
}
}
ge-0/0/4 {
gigether-options {
redundant-parent reth0;
}
}
ge-0/0/5 {
gigether-options {
redundant-parent reth0;
}
}
ge-1/0/2 {
gigether-options {
redundant-parent reth0;
}
}
ge-1/0/3 {
gigether-options {
redundant-parent reth0;
}
}
ge-1/0/4 {
gigether-options {
redundant-parent reth0;
}
}
ge-1/0/5 {
gigether-options {
redundant-parent reth0;
}
}
fab0 {
fabric-options {
member-interfaces {
ge-0/0/7;
}
}
}
fab1 {
fabric-options {
member-interfaces {
ge-1/0/7;
}
}
}
lo0 {
unit 0 {
family inet {
address 127.0.0.1/32;
}
}
}
reth0 {
vlan-tagging;
redundant-ether-options {
redundancy-group 1;
no-flow-control;
minimum-links 2;
lacp {
active;
periodic fast;
}
}
unit 66 {
vlan-id 66;
family inet {
address 10.200.66.3/24;
}
}
unit 67 {
vlan-id 67;
family inet {
address 10.200.67.3/24;
}
}
unit 68 {
vlan-id 68;
family inet {
address 10.200.68.3/24;
}
}
unit 296 {
description ISP1;
vlan-id 296;
family inet {
dhcp;
}
}
unit 297 {
vlan-id 297;
description ISP2;
family inet {
dhcp;
}
}
}
}
routing-instances {
ISP1 {
interface reth0.296;
instance-type virtual-router;
routing-options {
interface-routes {
rib-group inet from-ISP1;
}
}
}
ISP2 {
interface reth0.297;
instance-type virtual-router;
routing-options {
interface-routes {
rib-group inet from-ISP2;
}
}
}
}
protocols {
l2-learning {
global-mode switching;
}
}
routing-options {
interface-routes {
rib-group inet to-ISPs;
}
rib-groups {
to-ISPs {
import-rib [ inet.0 ISP1.inet.0 ISP2.inet.0 ];
}
from-ISP1 {
import-rib [ ISP1.inet.0 inet.0 ];
}
from-ISP2 {
import-rib [ ISP2.inet.0 inet.0 ];
}
}
}
Code:
srx300-1> show route
inet.0: 11 destinations, 11 routes (10 active, 0 holddown, 1 hidden)
+ = Active Route, - = Last Active, * = Both
10.200.66.0/24 *[Direct/0] 5d 00:38:14
> via reth0.66
10.200.66.3/32 *[Local/0] 5d 00:38:14
Local via reth0.66
10.200.67.0/24 *[Direct/0] 5d 00:38:14
> via reth0.67
10.200.67.3/32 *[Local/0] 5d 00:38:14
Local via reth0.67
10.200.68.0/24 *[Direct/0] 5d 00:38:14
> via reth0.68
10.200.68.3/32 *[Local/0] 5d 00:38:14
Local via reth0.68
75.231.238.248/29 *[Direct/0] 2d 05:49:18
> via reth0.297
75.231.238.251/32 *[Local/0] 2d 05:49:18
Local via reth0.297
192.168.200.0/24 *[Direct/0] 3d 00:22:37
> via reth0.296
192.168.200.101/32 *[Local/0] 3d 00:22:37
Local via reth0.296
ISP1.inet.0: 10 destinations, 10 routes (9 active, 0 holddown, 1 hidden)
+ = Active Route, - = Last Active, * = Both
0.0.0.0/0 *[Access-internal/12] 3d 00:22:37, metric 0
> to 192.168.200.1 via reth0.296
10.200.66.0/24 *[Direct/0] 00:28:19
> via reth0.66
10.200.66.3/32 *[Local/0] 00:28:19
Local via reth0.66
10.200.67.0/24 *[Direct/0] 00:28:19
> via reth0.67
10.200.67.3/32 *[Local/0] 00:28:19
Local via reth0.67
10.200.68.0/24 *[Direct/0] 00:28:19
> via reth0.68
10.200.68.3/32 *[Local/0] 00:28:19
Local via reth0.68
192.168.200.0/24 *[Direct/0] 3d 00:22:37
> via reth0.296
192.168.200.101/32 *[Local/0] 3d 00:22:37
Local via reth0.296
ISP2.inet.0: 10 destinations, 10 routes (9 active, 0 holddown, 1 hidden)
+ = Active Route, - = Last Active, * = Both
0.0.0.0/0 *[Access-internal/12] 2d 05:49:18, metric 0
> to 75.231.238.252 via reth0.297
10.200.66.0/24 *[Direct/0] 00:28:19
> via reth0.66
10.200.66.3/32 *[Local/0] 00:28:19
Local via reth0.66
10.200.67.0/24 *[Direct/0] 00:28:19
> via reth0.67
10.200.67.3/32 *[Local/0] 00:28:19
Local via reth0.67
10.200.68.0/24 *[Direct/0] 00:28:19
> via reth0.68
10.200.68.3/32 *[Local/0] 00:28:19
Local via reth0.68
75.231.238.248/29 *[Direct/0] 2d 05:49:18
> via reth0.297
75.231.238.251/32 *[Local/0] 2d 05:49:18
Local via reth0.297
Code:
srx300-1> show services ip-monitoring status
Policy - Test-ISP1 (Status: PASS)
RPM Probes:
Probe name Test Name Address Status
---------------------- --------------- ---------------- ---------
ISP1-probe ISP1-test 8.8.8.8 PASS
Policy - Test-ISP2 (Status: PASS)
RPM Probes:
Probe name Test Name Address Status
---------------------- --------------- ---------------- ---------
ISP2-probe ISP2-test 1.1.1.1 PASS
{primary:node0}