SRX

 View Only
last person joined: 13 hours ago 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.
  • 1.  SRX filter incoming OSPF routes

    Posted 03-04-2011 08:00

    I have 2 SRX100 in one chassis cluster. It run OSPF with 2 Cisco routers.

    How can I filter incoming routes on SRX side?

     

    I've tried policy-options but it does not work 😞

     

     

    ospf {
    
        import ospf_import;
        area 0.0.0.1 {
            stub;
            interface reth0.0 {
                priority 0;
            }
            interface reth1.0 {
                priority 0;
            }
        }
    }

     

     

     

    policy-statement ospf_import {
        term reject_other {
            from {
                route-filter Q.W.E.R/30 exact;
            }
            then reject;
        }
    }

     

    show route:
    Q.W.E.R/30 *[OSPF/10] 17:14:56, metric 2 > to A.A.A.A via reth0.0

     

    A.A.A.A - first cisco router.

    JUNOS Software Release [10.0R3.10]


    #interoperability
    #ospf


  • 2.  RE: SRX filter incoming OSPF routes

    Posted 03-04-2011 14:34

    Hi,

     

       First off please use the "Insert Code" feature of the forum to paste in config chunks since the way you did it is very hard to read and messy.

     

    The quick answer is that you cant filter OSPF routes, if you could OSPF would not be OSPF.  Its a link state routing protocol so every device must have a full view of the network.  The only way to filter routes is to create OSPS area's or not include some interfaces in the OSPF are command and manual export them into OSPF.

     

    Once clever way that I use to do this is I create a Virtual Router on my SRX that will peer OSPF with the network.  This VR will have all the ospf routes.  I then use policies to imports just the routes that I want into my main table and send them off to whatever else I need.

     

    Im sure others will have weird workarounds aswell.

     

     



  • 3.  RE: SRX filter incoming OSPF routes

    Posted 03-04-2011 23:59

    Magraw, I'm sorry for text formating. Fixed.

     

    I know that OSPF have all known routes in it database. But is it possible to filter routes from OSPF to route table?



  • 4.  RE: SRX filter incoming OSPF routes
    Best Answer

    Posted 03-05-2011 03:23

    Hi,

     

    The short answer is no, but a better answer is - are you sure this is what you want to do?

     

    OSPF relies on a consistent link-state database between all routers in an area to stop loops from forming, and consistent topologies

     

    If you don't want your router to learn the route, can you stop it being advertised in the first place?

     

    If you're trying to stop traffic being forwarded to a prefix, then can you configure a static route with a next-hop of discard and let it become more preferred?

     

    Failing that, you could configure the prefix as a martian and the route will not be installed into the forwarding table eg:

     

     

    set routing-options martians Q.W.E.R/30

     

     

    But this means the router will NEVER forward traffic to that prefix, even if you have a different route for it.



  • 5.  RE: SRX filter incoming OSPF routes

    Posted 03-05-2011 07:03

    dfex, thank you very much!



  • 6.  RE: SRX filter incoming OSPF routes

    Posted 03-05-2011 11:59

    OSPF requires the databses on all peers in an area be consistent.

     

    I think the user is looking for a Cisco 'distribute-in' list. Juniper will tell you that's a no-no.

     

    i have used them many times and find them handy. Unfortunately, you will have to find another way to accomplish the task under JUNOS.