Juniper IP monitor「建议收藏」-

Juniper IP monitor（RPM）「建议收藏」JuniperIPmonitor（RPM）

本文已Juniper防火墙为例，介绍IP monitoring。

Juniper的IP monitor类似于思科的SLA ,华为的NQA ， Juniper使用到的工具叫做real-time performance monitoring (RPM) ，当你看到RPM这个单词的时候不要陌生。RPM可以用在很多路由相关的地方，比如静态，比如动态路由等等。详细内容如下。

1.这个RPM有很多的探测功能如下

The device sends out the following probe types:

HTTP GET request at a target URL

HTTP GET request for metadata at a target URL

ICMP echo request to a target address (the default)

ICMP timestamp request to a target address

UDP ping packets to a target device

UDP timestamp requests to a target address

TCP ping packets to a target device

我们以常用的PING举例，看下如下的图片，内网接入了四家运营商，那么如何使用RPM去做运营商线路的监控与切换呢？

2.Juniper SRX的接口配置

root@SRX-Firewall# show interfaces | display setset interfaces ge-0/0/0 unit 0 family inet address 2.1.1.1/30set interfaces ge-0/0/1 unit 1 family inet address 2.1.1.5/30set interfaces ge-0/0/2 unit 2 family inet address 2.1.1.9/30set interfaces ge-0/0/4 unit 80 family inet address 80.10.126.1/24

是否还在为Ide开发工具频繁失效而烦恼，来吧关注以下公众号获取最新激活方式。亲测可用！

为防止网络爬虫，请关注公众号回复”口令”

激活idea 激活CLion DataGrip DataSpell dotCover dotMemory dotTrace GoLand PhpStorm PyCharm ReSharper ReShaC++ Rider RubyMine WebStorm 全家桶 解锁下载刷新

【正版授权，激活自己账号】：Jetbrains全家桶Ide使用，1年售后保障，每天仅需1毛

【官方授权 正版激活】：官方授权 正版激活 自己使用，支持Jetbrains家族下所有IDE…

3.实现的目标是，当ISP1线路down ，ISP2链路接管; ISP1与ISP2链路down ， ISP3接管，以此类推，具体的RPM配置如下

set services rpm probe Failover1 test probe-ge1 probe-type icmp-pingset services rpm probe Failover1 test probe-ge1 target address 2.1.1.2<<<< Monitoring 1 addressset services rpm probe Failover1 test probe-ge1 probe-count 5set services rpm probe Failover1 test probe-ge1 probe-interval 1set services rpm probe Failover1 test probe-ge1 test-interval 5set services rpm probe Failover1 test probe-ge1 thresholds total-loss 3set services rpm probe Failover1 test probe-ge1 next-hop 2.1.1.2set services rpm probe Failover2 test probe2-ge1 probe-type icmp-pingset services rpm probe Failover2 test probe2-ge1 target address 2.1.1.2 <<<< 1st address in probe2set services rpm probe Failover2 test probe2-ge1 probe-count 5set services rpm probe Failover2 test probe2-ge1 probe-interval 1set services rpm probe Failover2 test probe2-ge1 test-interval 5set services rpm probe Failover2 test probe2-ge1 thresholds total-loss 3set services rpm probe Failover2 test probe2-ge1 next-hop 2.1.1.2set services rpm probe Failover2 test probe2-ge2 probe-type icmp-pingset services rpm probe Failover2 test probe2-ge2 target address 2.1.1.6<<<< 2nd address in probe2set services rpm probe Failover2 test probe2-ge2 probe-count 5set services rpm probe Failover2 test probe2-ge2 probe-interval 1set services rpm probe Failover2 test probe2-ge2 test-interval 5set services rpm probe Failover2 test probe2-ge2 thresholds total-loss 3set services rpm probe Failover2 test probe2-ge2 next-hop 2.1.1.6set services rpm probe Failover3 test probe3-ge1 probe-type icmp-pingset services rpm probe Failover3 test probe3-ge1 target address 2.1.1.2<<<< 1st address in probe3set services rpm probe Failover3 test probe3-ge1 probe-count 5set services rpm probe Failover3 test probe3-ge1 probe-interval 1set services rpm probe Failover3 test probe3-ge1 test-interval 5set services rpm probe Failover3 test probe3-ge1 thresholds total-loss 3set services rpm probe Failover3 test probe3-ge1 next-hop 2.1.1.2set services rpm probe Failover3 test probe3-ge2 probe-type icmp-pingset services rpm probe Failover3 test probe3-ge2 target address 2.1.1.6<<<< 2nd address in probe3set services rpm probe Failover3 test probe3-ge2 probe-count 5set services rpm probe Failover3 test probe3-ge2 probe-interval 1set services rpm probe Failover3 test probe3-ge2 test-interval 5set services rpm probe Failover3 test probe3-ge2 thresholds total-loss 3set services rpm probe Failover3 test probe3-ge2 next-hop 2.1.1.6set services rpm probe Failover3 test probe3-ge3 probe-type icmp-pingset services rpm probe Failover3 test probe3-ge3 target address 2.1.1.10<<<< 3rd address in probe3set services rpm probe Failover3 test probe3-ge3 probe-count 5set services rpm probe Failover3 test probe3-ge3 probe-interval 1set services rpm probe Failover3 test probe3-ge3 test-interval 5set services rpm probe Failover3 test probe3-ge3 thresholds total-loss 3set services rpm probe Failover3 test probe3-ge3 next-hop 2.1.1.10

4.接下来调用监控策略 ，如果ISP1链路down了，就走ISP2的链路，我们看下ip-monitoring的状态就很清晰了。

set services ip-monitoring policy GE1 match rpm-probe Failover1set services ip-monitoring policy GE1 then preferred-route route 0.0.0.0/0 next-hop 2.1.1.6set services ip-monitoring policy GE1 then preferred-route route 0.0.0.0/0 preferred-metric 4set services ip-monitoring policy GE1_2 match rpm-probe Failover2set services ip-monitoring policy GE1_2 then preferred-route route 0.0.0.0/0 next-hop 2.1.1.10set services ip-monitoring policy GE1_2 then preferred-route route 0.0.0.0/0 preferred-metric 3set services ip-monitoring policy GE1_2_3 match rpm-probe Failover3set services ip-monitoring policy GE1_2_3 then preferred-route route 0.0.0.0/0 next-hop 80.10.126.254set services ip-monitoring policy GE1_2_3 then preferred-route route 0.0.0.0/0 preferred-metric 2

———————All ISPs are up———————————–

[edit]root@SRX-Firewall# run show services ip-monitoring status#这里解释一下，当步骤3的failover1探测正常时，那么路由的下一跳是走2.1.1.2； 当failover1探测失败后，那么会匹配步骤4的策略，下一跳走2.1.1.6，以此类推。Policy - GE1 (Status: PASS)  RPM Probes:    Probe name             Test Name       Address          Status    ---------------------- --------------- ---------------- ---------    Failover1              probe-ge1       2.1.1.2          PASS  Route-Action:    route-instance    route             next-hop         state    ----------------- ----------------- ---------------- -------------    inet.0            0.0.0.0/0         2.1.1.6          NOT-APPLIED Policy - GE1_2 (Status: PASS)  RPM Probes:    Probe name             Test Name       Address          Status    ---------------------- --------------- ---------------- ---------    Failover2              probe2-ge1      2.1.1.2          PASS    Failover2              probe2-ge2      2.1.1.6          PASS  Route-Action:    route-instance    route             next-hop         state    ----------------- ----------------- ---------------- -------------    inet.0            0.0.0.0/0         2.1.1.10         NOT-APPLIED Policy - GE1_2_3 (Status: PASS)  RPM Probes:    Probe name             Test Name       Address          Status    ---------------------- --------------- ---------------- ---------    Failover3              probe3-ge1      2.1.1.2          PASS    Failover3              probe3-ge2      2.1.1.6          PASS    Failover3              probe3-ge3      2.1.1.10         PASS  Route-Action:    route-instance    route             next-hop         state    ----------------- ----------------- ---------------- -------------    inet.0            0.0.0.0/0         80.10.126.254    NOT-APPLIED [edit]root@SRX-Firewall# run show route 0.0.0.0 inet.0: 28 destinations, 28 routes (28 active, 0 holddown, 0 hidden)+ = Active Route, - = Last Active, * = Both 0.0.0.0/0          *[Static/5] 08:57:12                    > to 2.1.1.2 via ge-0/0/0.0