[j-nsp] New post: OSPF export policing

Serghei Istrati s.istrati at moldcell.md
Tue Mar 24 04:17:22 EDT 2009 

Hi All. Here is my config :

************************************************************
R1
VRF-A
instance-type vrf;
interface xxx
route-distinguisher xx:yy;
vrf-import xx
vrf-export xx;
forwarding-options {
    family inet {
        filter {
            input xxxx;
        }
    }
}
protocols {
    ospf {
        export export-1;
        area 0.0.0.5 {
            interface xxx;
                   }
    }
}

show policy-options policy-statement export-1
term no-default {
    from {
        route-filter 0.0.0.0/0 exact;
    }
    then reject;
}
term 1 {
    from {
        protocol static;
        route-filter 10.11.12.0/24 orlonger;
    }
    then accept;
}
term deny {
    then reject;
}

**********************************************************

R2
VRF-B

instance-type vrf;
interface xxx
route-distinguisher xxx:yyy;
vrf-import xx;
vrf-export xx;
routing-options {
    static {  
                 ........
        
    }
}
protocols {
    bgp {
        group xxx {
         neighbor xxx
         import xxx
          export xxx
           ........
           ........}}

    ospf {
        export export-default;
        area 0.0.0.5 {
            interface xxx;
                   }
    }
} }



show policy-options policy-statement export-default 
term default {
    from {
        protocol bgp;
        route-filter 0.0.0.0/0 exact;
    }
    then accept;
}
term deny-all {
    then reject;
}
********************************************************







Best regards
 
Serghei Istrati

-----Original Message-----
From: Tommy Perniciaro [mailto:TPerniciaro at accuvant.com] 
Sent: Thursday, March 19, 2009 7:33 PM
To: Serghei Istrati; 'juniper-nsp at puck.nether.net'
Subject: Re: [j-nsp] New post: OSPF export policing

Can you share your VRF and OSPF configuration?

----- Original Message -----
From: juniper-nsp-bounces at puck.nether.net <juniper-nsp-bounces at puck.nether.net>
To: juniper-nsp at puck.nether.net <juniper-nsp at puck.nether.net>
Sent: Thu Mar 19 09:57:22 2009
Subject: [j-nsp] New post: OSPF export policing

Hi All. I have unwanted 0.0.0.0/0 route from OSPF peer. I have problems with route export in an OSPF area.

I have 2 Juniper boxes.R1 and R2 with several vrf-instances in each of them(with different OSPF area in different pairs of vrf) 

Now I'm making new VRF in each of Routers. VRF-A in R1 and VRF-B in R2.  and I'm configuring OSPF area 0.0.0.5 between VRF-A and VRF-B (in separate VLAN). 

I need to export only 10.11.12.0/24 static route through OSPF  from VRF-A to VRF-B

And I need to export only 0.0.0.0/0 BGP route through OSPF from VRF-B to VRF-A.

I'm using route policy to OSPF export. I have installed my 10.11.12.0/24 static route in VRF-B from OSPF VRF-A. And I have 0.0.0.0/0 in VRF-A from VRF-B.

 

!!! But, I also have  0.0.0.0/0 static route in VRF-B from OSPF VRF-A ???  Why ?? I don't have any static 0.0.0.0/0 in VRF-A

 

I have static 0.0.0.0/0 only in other VRF in R1.

my OSPF export policy on R1 VRF-A is:

term 1

      from  route-filter 0.0.0.0/0 exact

      then reject

term 2

      from protocol static

             route-filter 10.11.12.0/24 

      then accept

 

In OSPF Trace from R1(VRF-A)  I see that R1 uses transit area 0.0.0.0 to export static 0.0.0.0/0 but  I don't have area 0.0.0.0 in R1.

I have area 0.0.0.0 only between router R2 and another R3.

 

 

Please, If someone can to suggest some idea . Thank You

 

Best regards

 

Serghei Istrati



__________________________________________________ 
MOLDCELL S.A. DISCLAIMER: 

This E-mail and any files transmitted with it are confidential 
and intended solely for the use of the individual or entity to 
whom they are addressed. If you are not the intended recipient 
you are hereby notified that any dissemination, forwarding, 
copying or use of any of the information is prohibited. The 
opinions expressed in this message belong to sender alone. 
There is no implied endorsement by MOLDCELL S.A. 

19/3/2009

_______________________________________________
juniper-nsp mailing list juniper-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

__________________________________________________ 
MOLDCELL S.A. DISCLAIMER: 

This E-mail and any files transmitted with it are confidential 
and intended solely for the use of the individual or entity to 
whom they are addressed. If you are not the intended recipient 
you are hereby notified that any dissemination, forwarding, 
copying or use of any of the information is prohibited. The 
opinions expressed in this message belong to sender alone. 
There is no implied endorsement by MOLDCELL S.A. 

24/3/2009

More information about the juniper-nsp mailing list