本人第一次寫Blog,前端時間一直在研究juniper的策略路由,現在將相關配置分享下。
Juniper交換機的策略路由器,與cisco、H3C的邏輯原理不太一樣。
SRX支持原生的RPM觸發路由倒換,類似Cisco IP SLA的功能。M/T/MX/EX/QFX沒有這個功能,但可通過JUNOS內置的"event-options"這個通用的自動運維特性實現一樣的效果。
其原理是通過RPM監控目標地址,當監控失敗後RPM會在系統日誌裏生成"PING_TEST_FAILED”日誌,可在event-options裏定義"PING_TEST_FAILED"這一事件觸發後續動作,後續動作定義爲設備配置更改"change-configuration", 內容爲刪除原有靜態路由,生成新路由,然後deactive自身這條policy,active新的policy以在後面當監控目標成功後重新恢復原配置。
注意級別必須在Info級別以下才能看見RPM Trap信息
# show system sysloguser
* {any
emergency;}file
messages {any
notice;authorization
info;}
配置RPM:
# show servicesrpm
{ probe
my-probe { test
my-test { probe-type
icmp-ping; target
address 192.168.5.4; probe-count
3; probe-interval
1; test-interval
1; thresholds
{ successive-loss
3; } traps
test-failure; } }}
配置event-options:
policy
ping-fail { events
PING_TEST_FAILED; attributes-match
{ PING_TEST_FAILED.test-owner
matches my-probe; PING_TEST_FAILED.test-name
matches my-test; } then
{ change-configuration
{ commands
{ "delete
routing-options static route 23.1.1.0/24 next-hop 12.1.1.2"; "set
routing-options static route 23.1.1.0/24 next-hop 12.1.1.3"; "deactivate
event-options policy ping-fail"; "activate
event-options policy ping-success"; } user-name
lab; commit-options
{ log
"ping fail change is succeful!"; } } }}inactive:
policy ping-success { events
PING_TEST_COMPLETED; attributes-match
{ PING_TEST_COMPLETED.test-name
matches my-test; PING_TEST_COMPLETED.test-owner
matches my-probe; } then
{ change-configuration
{ commands
{ "set
routing-options static route 23.1.1.0/24 next-hop 12.1.1.2"; "delete
routing-options static route 23.1.1.0/24 next-hop 12.1.1.3"; "deactivate
event-options policy ping-success"; "activate
event-options policy ping-fail"; } user-name
lab; commit-options
{ log
"ping ok change is succeful!"; } } }}