[j-nsp] Controlling routes between OSPF areas

Morgan McLean wrx230 at gmail.com
Wed May 9 22:06:26 EDT 2012 

Also, just to add to this, if I try to deny a route by neighbor or
next-hop, the entire route is denied regardless of where it comes from.

If I try to deny the export of a route from protocol static on the
announcing router, again it doesn't matter to which neighbor, it denies the
entire route.

Am I just SOL? BGP is so much easier to work with....

Morgan

On Wed, May 9, 2012 at 3:58 PM, Morgan McLean <wrx230 at gmail.com> wrote:

> Will,
>
> You mean the export policy restricting 0/0 from area 0 to area 1 must be
> on the srx that has an interface from area 0, and an interface from area 1.
> Correct?
>
> I've tried this with no luck on my ospf export policy:
>
> +    term deny-test {
> +        from {
> +            area 0.0.0.0;
> +            route-filter 192.168.30.156/30 exact;
> +        }
> +        to area 0.0.0.1;
> +        then reject;
> +    }
>
>
> On Wed, May 9, 2012 at 3:50 PM, Morgan McLean <wrx230 at gmail.com> wrote:
>
>> I tried the restrict statement under area 1 for another route as a test:
>>
>> [edit protocols ospf area 0.0.0.1]
>> +     area-range 192.168.30.156/30 {
>> +         restrict;
>> +         exact;
>> +     }
>>
>> And I still see it on the other end:
>>
>>
>> 192.168.30.156/30  *[OSPF/10] 22:22:03, metric 2
>>                     > to 192.168.30.110 via ge-7/0/0.0
>>
>> Morgan
>>
>>
>> On Wed, May 9, 2012 at 3:18 PM, OBrien, Will <ObrienH at missouri.edu>wrote:
>>
>>> Your export policy must be applied at the announcement router. For
>>> example, my area 0 router only announces a default route and nothing else.
>>> Set a match and don't forget the reject.
>>>
>>> Will
>>>
>>> On May 9, 2012, at 4:30 PM, "Morgan Mclean" <wrx230 at gmail.com> wrote:
>>>
>>> > Hi everyone,
>>> >
>>> > I have a two network segments, OSPF area 0 and 1. I have a firewall
>>> cluster with interfaces in both areas. I need to stop say a default route
>>> from area 0 making its way into area 1.
>>> >
>>> > I've tried import and export policies but nothing seems to really
>>> work. Can anybody please give me an example? Is this against how OSPF works?
>>> >
>>> > Thanks,
>>> > Morgan
>>> > _______________________________________________
>>> > juniper-nsp mailing list juniper-nsp at puck.nether.net
>>> > https://puck.nether.net/mailman/listinfo/juniper-nsp
>>>
>>
>>
>

More information about the juniper-nsp mailing list