Hi guys, we have two srx 550s set up with vrrp for failover, we have a main internet line and its taken a while for the business to order the second one.
So now i have to get the two working, i think i have most of the config in place but i just want to check things like vpn tunnels and how they will be routed once the other line is in place.
VRRP set up on FW1
set interfaces vlan unit 10 family inet address 10.64.10.2/23 vrrp-group 10 virtual-address 10.64.10.1 set interfaces vlan unit 10 family inet address 10.64.10.2/23 vrrp-group 10 priority 200 set interfaces vlan unit 10 family inet address 10.64.10.2/23 vrrp-group 10 preempt set interfaces vlan unit 10 family inet address 10.64.10.2/23 vrrp-group 10 accept-data set interfaces vlan unit 10 family inet address 10.64.10.2/23 vrrp-group 10 track interface ge-0/0/5 priority-cost 100
VRRP set up on FW2
set interfaces vlan unit 10 family inet address 10.64.10.3/23 vrrp-group 10 virtual-address 10.64.10.1 set interfaces vlan unit 10 family inet address 10.64.10.3/23 vrrp-group 10 priority 150 set interfaces vlan unit 10 family inet address 10.64.10.3/23 vrrp-group 10 accept-data
ge-0/0/5 is the interface of the external ip, im pretty sure that the VRRP side of things is fine but what im not so sure about is the BGP tunnels that we have to AWS.
FW1 BGP config
We have two tunnels and to avoid asymmetric routing we have manipulated traffic via prepending the path
set protocols bgp group AWS neighbor 169.**.**.193 import AWS1-import set protocols bgp group AWS neighbor 169.**.**.193 export AWS1-export set protocols bgp group AWS neighbor 169.**.**.193 peer-as 9059 set protocols bgp group AWS neighbor 169.**.**.193 local-as 65510 set protocols bgp group AWS neighbor 169.**.**.205 export AWS2-export set protocols bgp group AWS neighbor 169.**.**.205 peer-as 9059 set protocols bgp group AWS neighbor 169.**.**.205 local-as 65510
set policy-options policy-statement AWS1-export term 1 from route-filter 10.64.0.0/16 exact set policy-options policy-statement AWS1-export term 1 then accept set policy-options policy-statement AWS1-export then reject
set policy-options policy-statement AWS1-import term 1 from protocol bgp set policy-options policy-statement AWS1-import term 1 then local-preference 200 set policy-options policy-statement AWS1-import term 1 then accept set policy-options policy-statement AWS2-export term 1 from route-filter 10.64.0.0/16 exact set policy-options policy-statement AWS2-export term 1 then as-path-prepend " 65510 65510 " set policy-options policy-statement AWS2-export term 1 then accept set policy-options policy-statement AWS2-export then reject
FW2 BGP config
set policy-options policy-statement AWS3-export term 1 from route-filter 10.64.0.0/16 exact set policy-options policy-statement AWS3-export term 1 then as-path-prepend " 65010 65010 65010 " set policy-options policy-statement AWS3-export term 1 then accept set policy-options policy-statement AWS3-export then reject
any help would be appreciated as the policy option side isn't my strong point at the moment