[j-nsp] Controlling routes between OSPF areas

Ivan Ivanov ivanov.ivan at gmail.com
Thu May 10 13:19:46 EDT 2012


Hi,

If you want to summarize from area 0 to area 1 you should put the
'area-range' in area 0. Did you try that? Don't forget the restrict to
filter the route.

HTH
Ivan,

On Thu, May 10, 2012 at 5:06 AM, Morgan McLean <wrx230 at gmail.com> wrote:

> Also, just to add to this, if I try to deny a route by neighbor or
> next-hop, the entire route is denied regardless of where it comes from.
>
> If I try to deny the export of a route from protocol static on the
> announcing router, again it doesn't matter to which neighbor, it denies the
> entire route.
>
> Am I just SOL? BGP is so much easier to work with....
>
> Morgan
>
> On Wed, May 9, 2012 at 3:58 PM, Morgan McLean <wrx230 at gmail.com> wrote:
>
> > Will,
> >
> > You mean the export policy restricting 0/0 from area 0 to area 1 must be
> > on the srx that has an interface from area 0, and an interface from area
> 1.
> > Correct?
> >
> > I've tried this with no luck on my ospf export policy:
> >
> > +    term deny-test {
> > +        from {
> > +            area 0.0.0.0;
> > +            route-filter 192.168.30.156/30 exact;
> > +        }
> > +        to area 0.0.0.1;
> > +        then reject;
> > +    }
> >
> >
> > On Wed, May 9, 2012 at 3:50 PM, Morgan McLean <wrx230 at gmail.com> wrote:
> >
> >> I tried the restrict statement under area 1 for another route as a test:
> >>
> >> [edit protocols ospf area 0.0.0.1]
> >> +     area-range 192.168.30.156/30 {
> >> +         restrict;
> >> +         exact;
> >> +     }
> >>
> >> And I still see it on the other end:
> >>
> >>
> >> 192.168.30.156/30  *[OSPF/10] 22:22:03, metric 2
> >>                     > to 192.168.30.110 via ge-7/0/0.0
> >>
> >> Morgan
> >>
> >>
> >> On Wed, May 9, 2012 at 3:18 PM, OBrien, Will <ObrienH at missouri.edu
> >wrote:
> >>
> >>> Your export policy must be applied at the announcement router. For
> >>> example, my area 0 router only announces a default route and nothing
> else.
> >>> Set a match and don't forget the reject.
> >>>
> >>> Will
> >>>
> >>> On May 9, 2012, at 4:30 PM, "Morgan Mclean" <wrx230 at gmail.com> wrote:
> >>>
> >>> > Hi everyone,
> >>> >
> >>> > I have a two network segments, OSPF area 0 and 1. I have a firewall
> >>> cluster with interfaces in both areas. I need to stop say a default
> route
> >>> from area 0 making its way into area 1.
> >>> >
> >>> > I've tried import and export policies but nothing seems to really
> >>> work. Can anybody please give me an example? Is this against how OSPF
> works?
> >>> >
> >>> > Thanks,
> >>> > Morgan
> >>> > _______________________________________________
> >>> > juniper-nsp mailing list juniper-nsp at puck.nether.net
> >>> > https://puck.nether.net/mailman/listinfo/juniper-nsp
> >>>
> >>
> >>
> >
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>



-- 
Best Regards!

Ivan Ivanov


More information about the juniper-nsp mailing list