[j-nsp] Controlling routes between OSPF areas
Morgan McLean
wrx230 at gmail.com
Wed May 9 18:58:25 EDT 2012
Will,
You mean the export policy restricting 0/0 from area 0 to area 1 must be on
the srx that has an interface from area 0, and an interface from area 1.
Correct?
I've tried this with no luck on my ospf export policy:
+ term deny-test {
+ from {
+ area 0.0.0.0;
+ route-filter 192.168.30.156/30 exact;
+ }
+ to area 0.0.0.1;
+ then reject;
+ }
On Wed, May 9, 2012 at 3:50 PM, Morgan McLean <wrx230 at gmail.com> wrote:
> I tried the restrict statement under area 1 for another route as a test:
>
> [edit protocols ospf area 0.0.0.1]
> + area-range 192.168.30.156/30 {
> + restrict;
> + exact;
> + }
>
> And I still see it on the other end:
>
>
> 192.168.30.156/30 *[OSPF/10] 22:22:03, metric 2
> > to 192.168.30.110 via ge-7/0/0.0
>
> Morgan
>
>
> On Wed, May 9, 2012 at 3:18 PM, OBrien, Will <ObrienH at missouri.edu> wrote:
>
>> Your export policy must be applied at the announcement router. For
>> example, my area 0 router only announces a default route and nothing else.
>> Set a match and don't forget the reject.
>>
>> Will
>>
>> On May 9, 2012, at 4:30 PM, "Morgan Mclean" <wrx230 at gmail.com> wrote:
>>
>> > Hi everyone,
>> >
>> > I have a two network segments, OSPF area 0 and 1. I have a firewall
>> cluster with interfaces in both areas. I need to stop say a default route
>> from area 0 making its way into area 1.
>> >
>> > I've tried import and export policies but nothing seems to really work.
>> Can anybody please give me an example? Is this against how OSPF works?
>> >
>> > Thanks,
>> > Morgan
>> > _______________________________________________
>> > juniper-nsp mailing list juniper-nsp at puck.nether.net
>> > https://puck.nether.net/mailman/listinfo/juniper-nsp
>>
>
>
More information about the juniper-nsp
mailing list