Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
ON THIS PAGE
 

Configure a Backup Router

To add a backup router to your device, configure the backup-router or the inet6-backup-router statement at the [edit system] hierarchy level.

You (the network administrator) can use the backup router to reach the network while loading, configuring, and recovering the router or switch without installing a default route in the forwarding table. Include the optional destination option and specify an address that is reachable through the backup router. Use the address format network/mask-length. This configuration supports both IPv4 and IPv6 addresses. The prefix of the destination address cannot overlap with the destination prefix learned from the routing protocol process (rpd).

If the backup router configuration has multiple static routes that point to a gateway from the management Ethernet interface, you must configure prefixes that are more specific than the static routes.

For example, if you configure the static route 172.16.0.0/12 from the management Ethernet interface for management purposes, you must specify the backup router configuration as follows:

Any destinations defined by the backup router are not visible in the routing table. They are only visible in the local forwarding table when the rpd is not running.

On systems with dual redundant Routing Engines, the backup Routing Engine's reachability through the private management interface is based only on the functionality of the backup-router configuration. It is not based on whether the rpd is running. On both Routing Engines, the backup-router statement adds the destination prefix upon bootup. On the primary Routing Engine, a static route requires the rpd to be running before the static route installs the destination prefix to the routing and forwarding tables.

Active routes and more specific routes take precedence over destination prefixes defined with the backup-router statement.

Configure a Backup Router Running IPv4 for Routers

In the example shown in Figure 1, the backup router is the default gateway of the management network.

As required, the backup router address is reachable and directly connected to the management interfaces on the two routing devices (fxp0 and me0).

Figure 1: Backup Router Sample TopologyBackup Router Sample Topology

Optionally, instead of configuring the backup router at the [edit system] hierarchy level, you can use a configuration group, as shown in this procedure. This is a recommended best practice for configuring the backup router, especially if the device has dual Routing Engines. This procedure uses groups called re0 and re1 as an example.

To configure a backup router running IPv4:

  1. Include the backup-router statement at the [edit system] hierarchy level.

    For example:

  2. (Optional) Configure a static route to the management network.

    The software uses the backup router only during the boot sequence. If you want to configure a backup router for use after startup, you can set up a static route. The static route goes into effect when the rpd is running.

  3. If you used one or more configuration groups, apply the configuration groups, substituting the appropriate group names.

    For example:

  4. Commit the changes:

Configure a Backup Router Running IPv6 for Routers

To configure a backup router running IPv6:

  1. Include the inet6-backup-router statement at the [edit system] hierarchy level.

    For example:

  2. (Optional) Configure a static route to the management network.

    The software uses the backup router only during the boot sequence. If you want to configure a backup router for use after startup, you can set up a static route. The static route goes into effect when the rpd is running.

  3. If you used one or more configuration groups, apply the configuration groups, substituting the appropriate group names.

    For example:

  4. Commit the changes:

Configure a Backup Router for SRX Series Firewalls

This procedure describes how to manage two SRX Series Firewalls in a chassis cluster mode using a backup router configuration. The backup router address is reachable and directly connected to the management interfaces on the SRX chassis cluster (fxp0).

When you configure the backup router for SRX Series Firewalls in chassis cluster mode, the backup router configuration facilitates the management access on the backup node only. You enable access to the primary node through the routing on the primary node. When you configure the backup router, Junos OS injects a route into the forwarding table on the secondary node. You cannot view the routing table on the secondary node since the routing subsystem does not run on the secondary node. This example uses groups node0 and node1.

  1. Include the backup-router statement at the [edit system] hierarchy level.
  2. Configure node0.

    To configure this section of the example, copy the following commands, paste them into a text file, remove any line breaks, change any details necessary to match your network configuration, and copy and paste the commands into the CLI at the [edit] hierarchy level.

  3. Configure node1.

    To configure this section of the example, copy the following commands, paste them into a text file, remove any line breaks, change any details necessary to match your network configuration, and copy and paste the commands into the CLI at the [edit] hierarchy level.

  4. Apply the group settings configuration.
  5. Commit the changes at the [edit] hierarchy level.