Netscreen – Track IP

IP tracking allows you to track the connectivity of critical IP`s.This allows you to change your routing based on the connectivity of configured IP`s.

There are 3 main points to Track IP : 

1. If a Tracked IP becomes unreachable, the weight of the address is added to the overall failed address total.
2. If the total failed address weight exceeds the IP Track threshold, IP Track is considered to have failed.
3. Once failed the interface will be placed as `Down` and removed from the routing table. This allows for changes in the routing based on failed connections/addresses.

Terms

• Weight:    The weight for the specified IP address – used to compare against Track IP threshold.
• Interval:    How often Ping`s or ARP`s are sent.
• Threshold: How many Ping or ARP failures before the address is considered unreachable.

Interface based

Interface based allows you to disable interfaces based on the whether the configured IP address is reachable.

The example below will disable interface eth2 if 10 consecutive Pings fail.

set interface ethernet2 monitor track-ip ip
set interface ethernet2 monitor track-ip threshold 255
set interface ethernet2 monitor track-ip ip [IP] threshold 10
set interface ethernet2 monitor track-ip ip [IP] weight 255

To check the Track IP status for this interface you can use the following command,

netscreen(M)-> get interface eth2 monitor track-ip
ip address           intval threshold wei gateway         fail-count success
10.1.1.1             1         1 255 0.0.0.0                  0 99%
10.1.2.1             1         1 255 0.0.0.0                  0 99%
failure weight: 255, threshold: 10, not failed: 0 ip(s) failed, weighted sum = 0

NSRP

Using NSRP Track IP allows you to bring down an interface based on the connectivity on the configured address and in turn cause the cluster to fail over.

set nsrp track-ip ip [address]
set nsrp track-ip ip [address] interface[name]
set nsrp track-ip ip [address] method [arp | ping]
set nsrp track-ip ip [address] interval [sec]
set nsrp track-ip ip [address] threshold [1-200]
set nsrp track-ip ip [address] weight [1-255]

To check the Track IP status for NSRP Track IP you can use the following command,

netscreen(M)-> get nsrp track-ip
ip address      interval threshold     wei  interface  meth fail-count success-rate
1.1.1.1               1        10      200  ethernet1  ping      15         97%
2.2.2.2               1        10       55  ethernet2  ping       0        100%
failure weight: 255, threshold: 255, not failed: 1 ip(s) failed, weighted sum = 200

• Author
• Recent Posts

Rick Donato

Rick Donato is a Network Automation Architect/Evangelist and the founder of Packet Coders.

Latest posts by Rick Donato (see all)

• How to Configure a BIND Server on Ubuntu - March 15, 2018
• What is a BGP Confederation? - March 6, 2018
• Cisco – What is BGP ORF (Outbound Route Filtering)? - March 5, 2018

Want to become an IT Security expert?

Here is our hand-picked selection of the best courses you can find online:
Internet Security Deep Dive course
Complete Cyber Security Course – Hackers Exposed
CompTIA Security+ (SY0-601) Certification Complete course
and our recommended certification practice exams:
AlphaPrep Practice Tests - Free Trial