Routing

Expand all | Collapse all

ospf: how filter out external prefix 0.0.0.0/0 ?

Jump to Best Answer
  • 1.  ospf: how filter out external prefix 0.0.0.0/0 ?

    Posted 07-11-2014 03:37

    Hello,

     

     I have two MX routers, both should generate 0.0.0.0/0 and advertise to servers but with different metric. All works ok but i see that MX router advertise each other 0/0 prefix. I try to block this:

     

    # run show ospf route  extern
    Topology default Route Table:
    
    Prefix             Path  Route      NH       Metric NextHop       Nexthop
                       Type  Type       Type            Interface     Address/LSP
    0.0.0.0/0          Ext2  Network    IP           30 ae2.231  192.168.20.126

     
    I have filter policy:  on impoprt i try to block prefix 0/0 from second router, in export policy i have to generate my own prefix 0/0

    # show  protocols ospf
    export ospf-global-export;
    import ospf-global-import;
    
    
    # show policy-options policy-statement ospf-global-import
    term 1 {
        from {
            route-filter 0.0.0.0/0 exact;
        }
        then reject;
    }
    term default {
        then accept;
    }
    
    1# show policy-options policy-statement ospf-global-export
    term 1 {
        from {
            route-filter 0.0.0.0/0 exact;
        }
        then {
            metric 55;
            accept;
        }
    }
    term default {
        then reject;
    }
    
    

     

    Though i have import policy with reject action i still  see 0/0 from second router. How can i filter out   prefix 0/0 ?

     

     

     



  • 2.  RE: ospf: how filter out external prefix 0.0.0.0/0 ?
    Best Answer

    Posted 07-11-2014 05:28

    Hello there,

     


    @Tedy wrote:

     

    Though i have import policy with reject action i still  see 0/0 from second router. 

     

     

     


    This is expected

    http://www.juniper.net/techpubs/en_US/junos11.4/topics/example/ospf-import-routing-policy-configuring.html

     

    OSPF import policy allows you to prevent external routes from being added to the routing tables of OSPF neighbors. The import policy does not impact the OSPF database. This means that the import policy has no impact on the link-state advertisements. 

     


    @Tedy wrote:

     How can i filter out   prefix 0/0 ?

     

     

     



    Migrate servers to stub or NSSA area(s) and configure MXes to inject a 0/0 route into these areas

     

    http://www.juniper.net/techpubs/en_US/junos13.2/topics/example/ospf-stub-area-configuring.html

     

    user@host# show protocols ospf
    area 0.0.0.7 {
    stub default-metric 10 no-summaries;
    }

    Or

     

    http://www.juniper.net/techpubs/en_US/junos11.4/topics/topic-map/ospf-stub-and-not-so-stubby-areas.html

     

    user@host# show protocols ospf
    area 0.0.0.9 {
    nssa {
    default-lsa {
    default-metric 10;
    metric-type 1;
    type-7;
    }
    no-summaries;
    }
    }

     

    HTH

    Thanks
    Alex

     

     

     



  • 3.  RE: ospf: how filter out external prefix 0.0.0.0/0 ?

    Posted 07-14-2014 14:58

    Thanks for help!

     

    I tested both ways: stub and nssa. In stub i can't generate 0/0 prefiks, in nssa area it works. I have question about neighbor session between routers. It is necessary or not recommended ? When i added neighbor statement between routers i noticed unstable behavior. 

     

    Below my config, on both routers are the same

     

    export ospf-global-export;
    import ospf-global-import;
    area 0.0.0.100 {
        nssa {
            default-lsa {
                default-metric 10;
                metric-type 1;
                type-7;
            }
            no-summaries;
        }
        interface ae2.100 {
            interface-type nbma;
            priority 200;
            hello-interval 10;
            inactive: neighbor 1.1.1.14 eligible;
            neighbor 1.1.1.5;
            neighbor 1.1.1.6;
            inactive: poll-interval 30;
        }
    }

     

    
     show policy-options policy-statement ospf-global-export
    term 1 {
        from {
            route-filter 0.0.0.0/0 exact;
        }
        then {
            metric 55;
            accept;
        }
    }
    term default {
        then reject;
    }
    
    
     show policy-options policy-statement ospf-global-import
    term 1 {
        from {
            route-filter 0.0.0.0/0 exact;
        }
        then reject;
    }
    term default {
        then accept;
    }
    

     

    my bird.cfg on servers

    
    protocol ospf MyOSPF {
            tick 2;
            import all;
            export all;
            rfc1583compat yes;
            area 100 {
                    nssa;
                    interface "bond0" {
                            hello 10;
                            type nbma;
                            neighbors { 1.1.1.9 eligible;
                                       1.1.1.14 eligible;

     

     

    and my scenario:

    graph_1.png

     

     

     



  • 4.  RE: ospf: how filter out external prefix 0.0.0.0/0 ?

    Posted 07-15-2014 05:44

    Hello,

     


    @Tedy wrote:

    Thanks for help!

     

     I have question about neighbor session between routers. It is necessary or not recommended ? When i added neighbor statement between routers i noticed unstable behavior. 

     


     

     


    It is recommended to put R1-R2 link into area 0 and use separate OSPF area per spoke if possible.

    The instability You noticed is due to putting EVERY router in same OSPF area, hence Your LSA with 0/0 route is reaching e.g. Serv3 from R1 not only directly, but also via R2. If R1-R2 link is in area 0, Serv3 will have 2 LSAs each with 0/0 route, arriving directly from R1 and R2.

     

    HTH

    Thanks
    Alex



  • 5.  RE: ospf: how filter out external prefix 0.0.0.0/0 ?

    Posted 07-17-2020 08:24

    Hi,

     

    I have a similar challenge.

    I have a separate link to iBGP but I set up iBGP session between loopback interfaces. I have OSPF area 0 sessions between the physical dedicated SVI interfaces of MX routers.  Using other interfaces I created a separate OSPF NSSA area to down of my network to broadcast the default route as Tedy showed. The question is how to limit the redistribution of 0.0.0.0/0 route in area 0 (used for iBGP)?

     

    Regards,

    Mateusz



  • 6.  RE: ospf: how filter out external prefix 0.0.0.0/0 ?

    Posted 07-18-2020 12:54

    Hi Mateusz,

     

    How are you generating default route for redistributing in NSSA area?

    You should try advertising the default route by following below script, this will only advertise default route in NSSA area.

     

     
    set protocols ospf area 0.0.0.1 nssa default-lsa default-metric 10
    set protocols ospf area 0.0.0.1 nssa default-lsa metric-type 1

    set protocols ospf area 0.0.0.1 nssa default-lsa type-7

     

     



  • 7.  RE: ospf: how filter out external prefix 0.0.0.0/0 ?

    Posted 07-20-2020 23:55

    not only in the area of ​​nssa. Area 0 can't be nssa and if I run it for iBGP as IGP, the defaulte route is also advertised there. See the  first two posts. I want to do something like the picture below with OSPF area 0 recommended as IGP for iBGP. OSPF Area 1 (nssa) as the default route broadcaster in the client devices zone. 

     

    Alex wrote that: "It is recommended to put R1-R2 link into area 0 and use separate OSPF area per spoke if possible."  ....because it is recommended that BGP sessions should be set up between logical interfaces ....that's how I understand it so I tray to do that. Please help 🙂

     

     

     

     

     

    WAN UMS.jpg



  • 8.  RE: ospf: how filter out external prefix 0.0.0.0/0 ?

    Posted 07-21-2020 01:30

    Hello,

     


    @mateula wrote:

    not only in the area of ​​nssa. Area 0 can't be nssa and if I run it for iBGP as IGP, the defaulte route is also advertised there.

     

     

    "advertised there" means "0/0 route is announced via iBGP"?

    Are You redistributing OSPF into iBGP?

    If yes then You should apply import policy to Your iBGP which rejects/filters out 0/0 route.

    HTH

    Thx

    Alex