This email originated from OUTSIDE the Internet Central Corporate
Network. Please treat HYPERLINKS and ATTACHMENTS with caution.
You also just run it over a point-to-point eg
https://www.juniper.net/documentation/us/en/software/junos/high-availability/topics/topic-map/bfd-configuring.html
Doesn't this work for your setup?
On Wed, 5 Apr 2023 at 14:17, Steven Maddox via uknof
<[email protected]> wrote:
On 29/03/2023 12:41, Richard Halfpenny wrote:
> BGP to the customer's own router/firewall?
Sure BGP, BFD, OSPF, ICMP, lots of stuff the customers router
could do,
which we can check for (ICMP being the most ubiquitous and
simplest to
just check for a non-reply). However the problem with this
approach is
finding an elegant way for the Juniper to automatically take that
non-reply as a reason to drop the related pseudowire path...
whilst at
the same time knowing when its back to then allow that path to
reform!
The hope is to still try and find a way of doing this using the
features
of a Juniper only.
But here is a possible inelegant way!..
Imagine for a moment you've got two suppliers NNIs on a QFX5100...
one
as ge-1/0/1 (e.g. BT Wholesale) and one as ge-1/0/2 (e.g. TalkTalk).
A customer has two leased lines coming in on that same QFX5100,
one is
their primary line as unit ge-1/0/1.100 and one is their backup
line as
unit ge-1/0/2.200. Coincidentally unit 100 uses VLAN 100 and unit
200
uses VLAN 200 :)
However the customers public /30 (for Internet access) lives on an
MX480
on unit lt-4/0/0.999. You want lt-4/0/0.999 to form a pseudowire to
ge-1/0/1.100 (primary path), unless that destination unit is
"down", in
which case form it to ge-1/0/1.200 (secondary path). But still keep
checking to see if the primary path becomes possible again and
swap back
to it when it can automatically.
But ge-1/0/1.100 and ge-1/0/1.200 won't ever go "down" (as they're
VLANs
on an NNI).
We *could* put two extra units on the QFX of ge-1/0/1.10100 (also
listening to vlan 100) and ge-1/0/1.10200 (vlan 200) that just have
private subnets on them (that customers router would also need).
Then
some script (running on the QFX) could do ping tests to see which is
working, and the one that isn't working gets its pseudowire config
purefully hobbled (forcing the MX480 to use the other path) and then
when it returns working... unhobble it :P
On 29/03/2023 05:48, scott via uknof wrote:
> BFD is made for this (Both up and down) if the provider will do
that
> with you
Well that's my thoughts exactly, which is why I mentioned BFD in the
original e-mail.
But with Junipers it seems that BFD must be tied to something else
(e.g.
a static route, BGP, OSPF, etc...) and it can't be tied to whether a
unit should be considered a valid endpoint for a pseudowire or not :S
At least, not anything we've found!
On 28/03/2023 13:13, James Greig wrote:
> we monitor for a "significant traffic drop"
Yeah we use Observium too, although lately we've begun to regret
it as
some of their users seem, err fanatical? The other month I
accidentally
pasted my clipboard into their Discord (about a dozen words, nothing
long), unfortunately one of their users fancies themselves as a
codebreaker... and thought they'd "deciphered" the word 'LibreNMS' in
the contents (and we don't even use LibreNMS, we pay for Observium).
Apparently any mention of that project (even if you just plainly
didn't
mention it!?) gets you an instant and permanent ban... it's
completely
nutty there!
As for your approach though... ultimately I'd be worried that it'd
mean
pseudowires would flip between circuits in the middle of night when
usage goes low.
Steven Maddox
Business Systems Engineer
Internet Central Limited
Registered in England & Wales number 03079542 at Ivy House Foundry,
Stoke-on-Trent, ST1 3NR. VAT registration number GB278923705.
Read our
disclaimer at http://ic.uk/legal before acting on this e-mail.
*CONFIDENTIALITY AND DISCLAIMER NOTICE: *
This email is intended only for the person to whom it is addressed
and/or otherwise authorized personnel. The information contained
herein and attached is confidential. If you are not the intended
recipient, please be advised that viewing this message and any
attachments, as well as copying, forwarding, printing, and
disseminating any information related to this email is prohibited, and
that you should not take any action based on the content of this email
and/or its attachments. If you received this message in error, please
contact the sender and destroy all copies of this email and any
attachment. Please note that the views and opinions expressed herein
are solely those of the author and do not necessarily reflect those of
the company. While antivirus protection tools have been employed, you
should check this email and attachments for the presence of viruses.
No warranties or assurances are made in relation to the safety and
content of this email and attachments. The Company accepts no
liability for any damage caused by any virus transmitted by or
contained in this email and attachments. No liability is accepted for
any consequences arising from this email.
*AVIS DE CONFIDENTIALITÉ ET DE NON RESPONSABILITE* :
Ce courriel, ainsi que toute pièce jointe, est confidentiel et peut
être protégé par le secret professionnel. Si vous n’en êtes pas le
destinataire visé, veuillez en aviser l’expéditeur immédiatement et le
supprimer. Vous ne devez pas le copier, ni l’utiliser à quelque fin
que ce soit, ni divulguer son contenu à qui que ce soit. BSO se
réserve le droit de contrôler toute transmission qui passe par son
réseau. Veuillez noter que les opinions exprimées dans cet e-mail sont
uniquement celles de l'auteur et ne reflètent pas nécessairement
celles de la société. Bien que des outils de protection antivirus
aient été utilisés, vous devez vérifier cet e-mail et les pièces
jointes pour toute présence de virus. Aucune garantie ou assurance
n'est donnée concernant la sécurité et le contenu de cet e-mail et de
ses pièces jointes. La Société décline toute responsabilité pour tout
dommage causé par tout virus transmis par ou contenu dans cet e-mail
et ses pièces jointes. Aucune responsabilité n'est acceptée pour les
conséquences découlant de cet e-mail.
