[prev in list] [next in list] [prev in thread] [next in thread] 

List:       juniper-nsp
Subject:    Re: [j-nsp] New post: OSPF export policing
From:       "Serghei Istrati" <s.istrati () moldcell ! md>
Date:       2009-03-24 8:17:22
Message-ID: E390BB9C0C681A44B32F3D5A2FACE42C034E233A () svappl02 ! moldcell ! intern
[Download RAW message or body]


Hi All. Here is my config :

************************************************************
R1
VRF-A
instance-type vrf;
interface xxx
route-distinguisher xx:yy;
vrf-import xx
vrf-export xx;
forwarding-options {
    family inet {
        filter {
            input xxxx;
        }
    }
}
protocols {
    ospf {
        export export-1;
        area 0.0.0.5 {
            interface xxx;
                   }
    }
}

show policy-options policy-statement export-1
term no-default {
    from {
        route-filter 0.0.0.0/0 exact;
    }
    then reject;
}
term 1 {
    from {
        protocol static;
        route-filter 10.11.12.0/24 orlonger;
    }
    then accept;
}
term deny {
    then reject;
}

**********************************************************

R2
VRF-B

instance-type vrf;
interface xxx
route-distinguisher xxx:yyy;
vrf-import xx;
vrf-export xx;
routing-options {
    static {  
                 ........
        
    }
}
protocols {
    bgp {
        group xxx {
         neighbor xxx
         import xxx
          export xxx
           ........
           ........}}

    ospf {
        export export-default;
        area 0.0.0.5 {
            interface xxx;
                   }
    }
} }



show policy-options policy-statement export-default 
term default {
    from {
        protocol bgp;
        route-filter 0.0.0.0/0 exact;
    }
    then accept;
}
term deny-all {
    then reject;
}
********************************************************







Best regards
 
Serghei Istrati

-----Original Message-----
From: Tommy Perniciaro [mailto:TPerniciaro@accuvant.com] 
Sent: Thursday, March 19, 2009 7:33 PM
To: Serghei Istrati; 'juniper-nsp@puck.nether.net'
Subject: Re: [j-nsp] New post: OSPF export policing

Can you share your VRF and OSPF configuration?

----- Original Message -----
From: juniper-nsp-bounces@puck.nether.net <juniper-nsp-bounces@puck.nether.net>
To: juniper-nsp@puck.nether.net <juniper-nsp@puck.nether.net>
Sent: Thu Mar 19 09:57:22 2009
Subject: [j-nsp] New post: OSPF export policing

Hi All. I have unwanted 0.0.0.0/0 route from OSPF peer. I have problems with route \
export in an OSPF area.

I have 2 Juniper boxes.R1 and R2 with several vrf-instances in each of them(with \
different OSPF area in different pairs of vrf) 

Now I'm making new VRF in each of Routers. VRF-A in R1 and VRF-B in R2.š and I'm \
configuring OSPF area 0.0.0.5 between VRF-A and VRF-B (in separate VLAN). 

I need to export only 10.11.12.0/24 static route through OSPFš from VRF-A to VRF-B

And I need to export only 0.0.0.0/0 BGP route through OSPF from VRF-B to VRF-A.

I'm using route policy to OSPF export. I have installed my 10.11.12.0/24 static route \
in VRF-B from OSPF VRF-A. And I have 0.0.0.0/0 in VRF-A from VRF-B.

 

!!! But, I also haveš 0.0.0.0/0 static route in VRF-B from OSPF VRF-A ???š Why ?? I \
don't have any static 0.0.0.0/0 in VRF-A

 

I have static 0.0.0.0/0 only in other VRF in R1.

my OSPF export policy on R1 VRF-A is:

term 1

ššššš fromš route-filter 0.0.0.0/0 exact

ššššš then reject

term 2

ššššš from protocol static

šššššššššššš route-filter 10.11.12.0/24 

ššššš then accept

 

In OSPF Trace from R1(VRF-A)š I see that R1 uses transit area 0.0.0.0 to export \
static 0.0.0.0/0 butš I don't have area 0.0.0.0 in R1.

I have area 0.0.0.0 only between router R2 and another R3.

 

 

Please, If someone can to suggest some idea . Thank You

 

Best regards

 

Serghei Istrati



__________________________________________________ 
MOLDCELL S.A. DISCLAIMER: 

This E-mail and any files transmitted with it are confidential 
and intended solely for the use of the individual or entity to 
whom they are addressed. If you are not the intended recipient 
you are hereby notified that any dissemination, forwarding, 
copying or use of any of the information is prohibited. The 
opinions expressed in this message belong to sender alone. 
There is no implied endorsement by MOLDCELL S.A. 

19/3/2009

_______________________________________________
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

__________________________________________________ 
MOLDCELL S.A. DISCLAIMER: 

This E-mail and any files transmitted with it are confidential 
and intended solely for the use of the individual or entity to 
whom they are addressed. If you are not the intended recipient 
you are hereby notified that any dissemination, forwarding, 
copying or use of any of the information is prohibited. The 
opinions expressed in this message belong to sender alone. 
There is no implied endorsement by MOLDCELL S.A. 

24/3/2009

_______________________________________________
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp


[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic