Customer wants to check the reachability of next-hop before applaying it to traffic according traffic policy.
In GRT (Global Routing Table) everything is ok.
If you don't have vpn-instance, when you configure in such way:
ip-redirect nexthop X.X.X.X NQA TEST icmp
traffic correctly redirected to next hop, defined by traffic policy. If next hop is unreachable NQA will detect it and traffic will go by ordinary routing table. It works.
Actually customer wants to use such scheme in VPN-instance. But following configuration doesn't work:
nqa test-instance SRX1 icmp
destination-address ipv4 10.163.185.138
source-address ipv4 10.163.185.137
interval seconds 1
traffic behavior FW-LTE-Trust
redirect ip-nexthop 10.163.185.138 nqa SRX1 icmp
Sometimes triaffic is lost, sometimes it goes by ordinary routing table, but PBR doesn't work. At the same time according to display traffic policy statistic this packets were matched by classifier.
Use redirect ip-nexthop 10.163.185.138 vpn-instance TEST to avoid traffic losses if next-hop became unreachable.