Juniper RPM and Event Policy
Juniper RPM and Event Policy
PNETLAB Store
PNETLab.com
https://user.pnetlab.com/store/labs/detail?id=16036296249670
Lab Objective:
The objective of this lab exercise is for you to learn and understand RPM and Event Policy on
Junos.
Task:
We have 4 devices: R1 and vSRX are our DC, R3 is ISP 1 and R4 is ISP2. We will setup ISP1 is Primary
Path to reach prefix 8.8.8.8/32, Path to ISP2 will be disable. When ISP 1 down, vSRX will automatic
enable ISP2. That we will do.
Solution
Basic Configuration:
1
Download PNETLab Platform
PNETLAB Store
PNETLab.com
Router R1 R3 R4
Configuration interface Ethernet0/0 interface Loopback0 interface Loopback0
no shutdown no shutdown no shutdown
ip address 10.1.12.1 ip address 8.8.8.8 ip address 8.8.8.8
255.255.255.0 255.255.255.255 255.255.255.255
! ! !
ip route 0.0.0.0 0.0.0.0 interface Ethernet0/0 interface Ethernet0/0
10.1.12.2 no shutdown no shutdown
ip address 10.1.23.3 ip address 10.1.24.4
255.255.255.0 255.255.255.0
! !
ip route 0.0.0.0 0.0.0.0 ip route 0.0.0.0 0.0.0.0
10.1.23.2 10.1.24.2
Router vSRX
Configuration set system host-name vSRX
set system root-authentication encrypted-password
"$1$xUFvoveE$x5BHW/vKO/pJy18MH4BRv0"
set system login user baolhq uid 2004
set system login user baolhq class super-user
set system login user baolhq authentication encrypted-password
"$1$i2JCd1Oc$/7oTkR0uzS6zppbfJnvZ60"
set interfaces ge-0/0/0 unit 0 family inet address 10.1.12.2/24
set interfaces ge-0/0/1 unit 0 family inet address 10.1.23.2/24
set interfaces ge-0/0/2 unit 0 family inet address 10.1.24.2/24
set routing-options static route 8.8.8.8/32 next-hop 10.1.23.3
set security policies from-zone TRUST to-zone TRUST policy 1 match source-
address any
set security policies from-zone TRUST to-zone TRUST policy 1 match destination-
address any
set security policies from-zone TRUST to-zone TRUST policy 1 match application
any
set security policies from-zone TRUST to-zone TRUST policy 1 then permit
set security zones security-zone TRUST host-inbound-traffic system-services all
set security zones security-zone TRUST host-inbound-traffic protocols all
set security zones security-zone TRUST interfaces ge-0/0/0.0
set security zones security-zone TRUST interfaces ge-0/0/1.0
set security zones security-zone TRUST interfaces ge-0/0/2.0
2
Download PNETLab Platform
PNETLAB Store
PNETLab.com
The real-time performance monitoring (RPM) feature allows network operators to accurately
measure the performance between two network endpoints. RPM is configured on vSRX which
sends ICMP echoes to R3:
- First, if system have more than 3 times of failure log in 1 mins, event policy
PING_TEST_FAILED will be active and the command will be configured by System via
baolhq account.
- The log PING_TEST_FAILED will match with test-owner icmp-ping-probe and test-name
ping-probe-test
3
Download PNETLab Platform
PNETLAB Store
PNETLab.com
- After event active, the system will push a log: updating configuration from event policy
enable-on-ping-failure
R1#traceroute 8.8.8.8
Type escape sequence to abort.
Tracing the route to 8.8.8.8
VRF info: (vrf in name/id, vrf out name/id)
4
Download PNETLab Platform
PNETLAB Store
PNETLab.com
5
Download PNETLab Platform
PNETLAB Store
PNETLab.com
You can see that after we shutdown interface e0/0 of R3, the event policy PING_TEST_FAILED was
active and the system login via baolhq account in order to configure the new route. Let check
route on vRSX :
R1#traceroute 8.8.8.8
Type escape sequence to abort.
Tracing the route to 8.8.8.8
6
Download PNETLab Platform
PNETLAB Store
PNETLab.com