Routing

Expand all | Collapse all

Filtering routes from IS-IS

Jump to Best Answer
  • 1.  Filtering routes from IS-IS

    Posted 05-16-2017 08:06

    Is there a JunOS equivalent to Cisco's "no isis advertise prefix" or "advertise-passive-only"?

     

    Thank you.


    #is-is


  • 2.  RE: Filtering routes from IS-IS

    Posted 05-16-2017 08:33

    Hi, 

     

    Yes you can use policy to filter routes that are advised by ISIS: 

     

    Here we can see the downstream device is receiving the loopback (10.0.255.7/32) from the upstream node via ISIS:

     

    lab@srx-vpn> show route protocol isis    
    
    inet.0: 8 destinations, 8 routes (8 active, 0 holddown, 0 hidden)
    + = Active Route, - = Last Active, * = Both
    
    0.0.0.0/0          *[IS-IS/165] 2w0d 04:29:05, metric 30
                        > to 137.221.196.5 via ge-0/0/0.0
    10.0.255.7/32      *[IS-IS/18] 2w0d 04:29:05, metric 20
                        > to 137.221.196.5 via ge-0/0/0.0
    137.221.196.0/30   *[IS-IS/18] 2w0d 04:29:15, metric 20
                        > to 137.221.196.5 via ge-0/0/0.0

    Now let's create a policy to filter the prefix from being advertised in the ISIS process:

     

    [edit]
    lab@mx104-edge# show policy-options policy-statement isis-filter    
    from {
        protocol direct;
        route-filter 10.0.255.7/32 exact;
    }
    then reject;

    Apply the policy as an export policy under protocols isis:

     

    lab@mx104-edge# show protocols isis 
    export [ DEFAULT-TO-ISIS isis-filter ];
    level 1 disable;
    interface ge-0/0/1.0 {
        point-to-point;
    }
    interface lo0.0 {
        passive;
    }

    Now we can see the prefix 10.0.255.7/32 is filtered and no longer present on the downstream device whilst other ISIS routes are still present: 

     

    lab@srx-vpn> show route protocol isis    
    
    inet.0: 7 destinations, 7 routes (7 active, 0 holddown, 0 hidden)
    + = Active Route, - = Last Active, * = Both
    
    0.0.0.0/0          *[IS-IS/165] 2w0d 04:29:06, metric 30
                        > to 137.221.196.5 via ge-0/0/0.0
    137.221.196.0/30   *[IS-IS/18] 2w0d 04:29:16, metric 20
                        > to 137.221.196.5 via ge-0/0/0.0

    You can also filter at ingress.

     

    I hope this helps 🙂 

     



  • 3.  RE: Filtering routes from IS-IS

    Posted 05-16-2017 17:36

    It makes sense, but I don't understand what "DEFAULT-TO-ISIS" is, or what it is supposed to mean.



  • 4.  RE: Filtering routes from IS-IS
    Best Answer

    Posted 05-17-2017 01:23

    "DEFAULT-TO-ISIS" is simply another policy that I'm using to inject a default route into ISIS. For reference here is the policy:

     

    [edit]
    lab@mx104-edge# show policy-options policy-statement DEFAULT-TO-ISIS 
    term 1 {
        from {
            protocol aggregate;
            route-filter 0.0.0.0/0 exact;
        }
        then accept;
    }

    We can see the default route is present on the downstream device:

     

    lab@srx-vpn> show route protocol isis 
    
    inet.0: 7 destinations, 7 routes (7 active, 0 holddown, 0 hidden)
    + = Active Route, - = Last Active, * = Both
    
    0.0.0.0/0          *[IS-IS/165] 2w0d 21:22:28, metric 30
                        > to 137.221.196.5 via ge-0/0/0.0
    137.221.196.0/30   *[IS-IS/18] 2w0d 21:22:38, metric 20
                        > to 137.221.196.5 via ge-0/0/0.0

    Let's now remove the policy leaving only the isis-filter policy we created previously:

     

    [edit]
    lab@mx104-edge# show protocols isis 
    export isis-filter;
    level 1 disable;
    interface ge-0/0/1.0 {
        point-to-point;
    }
    interface lo0.0 {
        passive;
    }

    Checking on the downstream device we can now only see a single prefix is received:

     

    lab@srx-vpn> show route protocol isis    
    
    inet.0: 6 destinations, 6 routes (6 active, 0 holddown, 0 hidden)
    + = Active Route, - = Last Active, * = Both
    
    137.221.196.0/30   *[IS-IS/18] 2w0d 21:24:57, metric 20
                        > to 137.221.196.5 via ge-0/0/0.0

    I hope this is now clear 🙂 



  • 5.  RE: Filtering routes from IS-IS

    Posted 05-17-2017 03:39

    It is all clear now.  Thank you.



  • 6.  RE: Filtering routes from IS-IS

    Posted 05-17-2017 03:41

    No problem 🙂