[j-nsp] New post: OSPF export policing

Tommy Perniciaro TPerniciaro at accuvant.com
Thu Mar 19 13:33:28 EDT 2009 

Can you share your VRF and OSPF configuration?

----- Original Message -----
From: juniper-nsp-bounces at puck.nether.net <juniper-nsp-bounces at puck.nether.net>
To: juniper-nsp at puck.nether.net <juniper-nsp at puck.nether.net>
Sent: Thu Mar 19 09:57:22 2009
Subject: [j-nsp] New post: OSPF export policing

Hi All. I have unwanted 0.0.0.0/0 route from OSPF peer. I have problems with route export in an OSPF area.

I have 2 Juniper boxes.R1 and R2 with several vrf-instances in each of them(with different OSPF area in different pairs of vrf) 

Now I'm making new VRF in each of Routers. VRF-A in R1 and VRF-B in R2.  and I'm configuring OSPF area 0.0.0.5 between VRF-A and VRF-B (in separate VLAN). 

I need to export only 10.11.12.0/24 static route through OSPF  from VRF-A to VRF-B

And I need to export only 0.0.0.0/0 BGP route through OSPF from VRF-B to VRF-A.

I'm using route policy to OSPF export. I have installed my 10.11.12.0/24 static route in VRF-B from OSPF VRF-A. And I have 0.0.0.0/0 in VRF-A from VRF-B.

 

!!! But, I also have  0.0.0.0/0 static route in VRF-B from OSPF VRF-A ???  Why ?? I don't have any static 0.0.0.0/0 in VRF-A

 

I have static 0.0.0.0/0 only in other VRF in R1.

my OSPF export policy on R1 VRF-A is:

term 1

      from  route-filter 0.0.0.0/0 exact

      then reject

term 2

      from protocol static

             route-filter 10.11.12.0/24 

      then accept

 

In OSPF Trace from R1(VRF-A)  I see that R1 uses transit area 0.0.0.0 to export static 0.0.0.0/0 but  I don't have area 0.0.0.0 in R1.

I have area 0.0.0.0 only between router R2 and another R3.

 

 

Please, If someone can to suggest some idea . Thank You

 

Best regards

 

Serghei Istrati
PRODUCT & SERVICE DEVELOPMENT
JV "MOLDCELL" JSC
Mob: +373 79400220
Tel: +373 22206226
Fax: +373 22206023
e-mail: s.istrati at moldcell.md <BLOCKED::mailto:s.istrati at moldcell.md> 
www.moldcell.md <BLOCKED::http://www.moldcell.md/> 

 


__________________________________________________ 
MOLDCELL S.A. DISCLAIMER: 

This E-mail and any files transmitted with it are confidential 
and intended solely for the use of the individual or entity to 
whom they are addressed. If you are not the intended recipient 
you are hereby notified that any dissemination, forwarding, 
copying or use of any of the information is prohibited. The 
opinions expressed in this message belong to sender alone. 
There is no implied endorsement by MOLDCELL S.A. 

19/3/2009

_______________________________________________
juniper-nsp mailing list juniper-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

More information about the juniper-nsp mailing list