Create a Post
Showing results for 
Search instead for 
Did you mean: 

static route redundancy with different priority nexthop gateways using alternate monitored address

Hi checkmates,

I want to configure route redundancy for a specific static route where the nexthop should be an upstream vpn gateway as priority 1 path and a connected router for priority 2 path.
The priority 2 route should become active when the vpn goes down.

Form my understanding the default nexthop ping monitoring would make no sense since the priority 1 nexthop (upstream vpn gateway) would still be active in case of vpn breakdown.

My idea is to create a dedicated ip on the upstream vpn gateway which then DNAT to a vpn internal remote ip.
This ip should be monitored from the checkpoint and if not reachable then issue the routing failover (priority 2) route.

# monitored nexthop, will be DNATed on the upstream vpn gateway to internal vpn endpoint
set static-route nexthop gateway address on

# failover to priority 2 nexthop, failback to priority 1 nexthop once monitored ip becomes up again
set static-route nexthop gateway address priority 1 on
set static-route nexthop gateway address priority 2 on

I have R80.30 and read about BFD using ICMP ping which would be a possibility but there's not much info on this.

Also do I have to add one route with two gateways and different priorities or two separate identical routes with each gateway using different priorities?

Can someone help me with this?

0 Kudos
1 Reply

From CLI you will need to add a route twice with each gateway using different priorities. In WebUI, you can add two different gateways to a given route. Just to clarify, BFD does not use ICMP. You can use remote-ip monitoring with either ICMP or BFD. Please involve PS, SE or Diamond to help with configuration.  

0 Kudos