[网络协议] Juniper IP monitor（RPM）

开发: C++知识库 Java知识库 JavaScript Python PHP知识库人工智能区块链大数据移动开发嵌入式开发工具数据结构与算法开发测试游戏开发网络协议系统运维
教程: HTML教程 CSS教程 JavaScript教程 Go语言教程 JQuery教程 VUE教程 VUE3教程 Bootstrap教程 SQL数据库教程 C语言教程 C++教程 Java教程 Python教程 Python3教程 C#教程
数码: 电脑笔记本显卡显示器固态硬盘硬盘耳机手机 iphone vivo oppo 小米华为单反装机图拉丁

-> 网络协议 -> Juniper IP monitor（RPM） -> 正文阅读

[网络协议]Juniper IP monitor（RPM）

本文已Juniper防火墙为例，介绍IP monitoring。

Juniper的IP monitor类似于思科的SLA ,华为的NQA ， Juniper使用到的工具叫做real-time performance monitoring (RPM)? ，当你看到RPM这个单词的时候不要陌生。RPM可以用在很多路由相关的地方，比如静态，比如动态路由等等。详细内容如下。

1.这个RPM有很多的探测功能如下

The device sends out the following probe types:

HTTP GET request at a target URL
HTTP GET request for metadata at a target URL
ICMP echo request to a target address (the default)
ICMP timestamp request to a target address
UDP ping packets to a target device
UDP timestamp requests to a target address
TCP ping packets to a target device

我们以常用的PING举例，看下如下的图片，内网接入了四家运营商，那么如何使用RPM去做运营商线路的监控与切换呢？

2.Juniper SRX的接口配置

root@SRX-Firewall# show interfaces | display set
set interfaces ge-0/0/0 unit 0 family inet address 2.1.1.1/30
set interfaces ge-0/0/1 unit 1 family inet address 2.1.1.5/30
set interfaces ge-0/0/2 unit 2 family inet address 2.1.1.9/30
set interfaces ge-0/0/4 unit 80 family inet address 80.10.126.1/24

3.实现的目标是，当ISP1线路down ，ISP2链路接管; ISP1与ISP2链路down ， ISP3接管，以此类推，具体的RPM配置如下

set services rpm probe Failover1 test probe-ge1 probe-type icmp-ping
set services rpm probe Failover1 test probe-ge1 target address 2.1.1.2<<<< Monitoring 1 address
set services rpm probe Failover1 test probe-ge1 probe-count 5
set services rpm probe Failover1 test probe-ge1 probe-interval 1
set services rpm probe Failover1 test probe-ge1 test-interval 5
set services rpm probe Failover1 test probe-ge1 thresholds total-loss 3
set services rpm probe Failover1 test probe-ge1 next-hop 2.1.1.2

set services rpm probe Failover2 test probe2-ge1 probe-type icmp-ping
set services rpm probe Failover2 test probe2-ge1 target address 2.1.1.2 <<<< 1st address in probe2
set services rpm probe Failover2 test probe2-ge1 probe-count 5
set services rpm probe Failover2 test probe2-ge1 probe-interval 1
set services rpm probe Failover2 test probe2-ge1 test-interval 5
set services rpm probe Failover2 test probe2-ge1 thresholds total-loss 3
set services rpm probe Failover2 test probe2-ge1 next-hop 2.1.1.2
set services rpm probe Failover2 test probe2-ge2 probe-type icmp-ping
set services rpm probe Failover2 test probe2-ge2 target address 2.1.1.6<<<< 2nd address in probe2
set services rpm probe Failover2 test probe2-ge2 probe-count 5
set services rpm probe Failover2 test probe2-ge2 probe-interval 1
set services rpm probe Failover2 test probe2-ge2 test-interval 5
set services rpm probe Failover2 test probe2-ge2 thresholds total-loss 3
set services rpm probe Failover2 test probe2-ge2 next-hop 2.1.1.6

set services rpm probe Failover3 test probe3-ge1 probe-type icmp-ping
set services rpm probe Failover3 test probe3-ge1 target address 2.1.1.2<<<< 1st address in probe3
set services rpm probe Failover3 test probe3-ge1 probe-count 5
set services rpm probe Failover3 test probe3-ge1 probe-interval 1
set services rpm probe Failover3 test probe3-ge1 test-interval 5
set services rpm probe Failover3 test probe3-ge1 thresholds total-loss 3
set services rpm probe Failover3 test probe3-ge1 next-hop 2.1.1.2
set services rpm probe Failover3 test probe3-ge2 probe-type icmp-ping
set services rpm probe Failover3 test probe3-ge2 target address 2.1.1.6<<<< 2nd address in probe3
set services rpm probe Failover3 test probe3-ge2 probe-count 5
set services rpm probe Failover3 test probe3-ge2 probe-interval 1
set services rpm probe Failover3 test probe3-ge2 test-interval 5
set services rpm probe Failover3 test probe3-ge2 thresholds total-loss 3
set services rpm probe Failover3 test probe3-ge2 next-hop 2.1.1.6
set services rpm probe Failover3 test probe3-ge3 probe-type icmp-ping
set services rpm probe Failover3 test probe3-ge3 target address 2.1.1.10<<<< 3rd address in probe3
set services rpm probe Failover3 test probe3-ge3 probe-count 5
set services rpm probe Failover3 test probe3-ge3 probe-interval 1
set services rpm probe Failover3 test probe3-ge3 test-interval 5
set services rpm probe Failover3 test probe3-ge3 thresholds total-loss 3
set services rpm probe Failover3 test probe3-ge3 next-hop 2.1.1.10

4.接下来调用监控策略，如果ISP1链路down了，就走ISP2的链路，我们看下ip-monitoring的状态就很清晰了。

set services ip-monitoring policy GE1 match rpm-probe Failover1
set services ip-monitoring policy GE1 then preferred-route route 0.0.0.0/0 next-hop 2.1.1.6
set services ip-monitoring policy GE1 then preferred-route route 0.0.0.0/0 preferred-metric 4
set services ip-monitoring policy GE1_2 match rpm-probe Failover2
set services ip-monitoring policy GE1_2 then preferred-route route 0.0.0.0/0 next-hop 2.1.1.10
set services ip-monitoring policy GE1_2 then preferred-route route 0.0.0.0/0 preferred-metric 3
set services ip-monitoring policy GE1_2_3 match rpm-probe Failover3
set services ip-monitoring policy GE1_2_3 then preferred-route route 0.0.0.0/0 next-hop 80.10.126.254
set services ip-monitoring policy GE1_2_3 then preferred-route route 0.0.0.0/0 preferred-metric 2

---------------------All ISPs are up-----------------------------------

[edit]
root@SRX-Firewall# run show services ip-monitoring status
#这里解释一下，当步骤3的failover1探测正常时，那么路由的下一跳是走2.1.1.2； 当failover1探测失败后，那么会匹配步骤4的策略，下一跳走2.1.1.6，以此类推。
Policy - GE1 (Status: PASS)
  RPM Probes:
    Probe name             Test Name       Address          Status
    ---------------------- --------------- ---------------- ---------
    Failover1              probe-ge1       2.1.1.2          PASS
  Route-Action:
    route-instance    route             next-hop         state
    ----------------- ----------------- ---------------- -------------
    inet.0            0.0.0.0/0         2.1.1.6          NOT-APPLIED
 
Policy - GE1_2 (Status: PASS)
  RPM Probes:
    Probe name             Test Name       Address          Status
    ---------------------- --------------- ---------------- ---------
    Failover2              probe2-ge1      2.1.1.2          PASS
    Failover2              probe2-ge2      2.1.1.6          PASS
  Route-Action:
    route-instance    route             next-hop         state
    ----------------- ----------------- ---------------- -------------
    inet.0            0.0.0.0/0         2.1.1.10         NOT-APPLIED
 
Policy - GE1_2_3 (Status: PASS)
  RPM Probes:
    Probe name             Test Name       Address          Status
    ---------------------- --------------- ---------------- ---------
    Failover3              probe3-ge1      2.1.1.2          PASS
    Failover3              probe3-ge2      2.1.1.6          PASS
    Failover3              probe3-ge3      2.1.1.10         PASS
  Route-Action:
    route-instance    route             next-hop         state
    ----------------- ----------------- ---------------- -------------
    inet.0            0.0.0.0/0         80.10.126.254    NOT-APPLIED
 
[edit]
root@SRX-Firewall# run show route 0.0.0.0
 
inet.0: 28 destinations, 28 routes (28 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
 
0.0.0.0/0          *[Static/5] 08:57:12
                    > to 2.1.1.2 via ge-0/0/0.0