Hello,
@gedebook2009 wrote:
Hi Alex,
Thanks for your help. I have tried. I did correctly with assigning export policy only at network-summary-export hierarchy without export on protocols ospf hierarchy. And I also did using area-range. But none of these meet my needs.
I labbed up Your scenario and it works for me. Using the same topology, router names and interface names:
1/ INITIAL STATE, without any "*export" policies
R1:
set protocols ospf area 0.0.0.2 interface ge-0/0/0.0
set protocols ospf area 0.0.0.2 interface ge-0/0/2.0 passive
set protocols ospf area 0.0.0.2 interface lo0.0 passive
set protocols ospf area 0.0.0.3 interface ge-0/0/1.0
regress@R1> show ospf neighbor
Address Interface State ID Pri Dead
169.254.15.0 ge-0/0/0.0 Full 198.51.100.1 128 36
169.254.25.0 ge-0/0/1.0 Full 198.51.100.2 128 35
R3 view:
regress@R3> show route 10/24 exact
inet.0: 29 destinations, 31 routes (29 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
10.0.0.0/24 *[OSPF/10] 00:07:25, metric 2
> to 169.254.25.1 via ge-0/0/0.0
2/ Adding network-summary-export to R1:
set policy-options policy-statement PL-BLK-10.0.0.0 term 1 from route-filter 10.0.0.0/24 exact
set policy-options policy-statement PL-BLK-10.0.0.0 term 1 then reject
set policy-options policy-statement PL-BLK-10.0.0.0 term else then accept
set protocols ospf area 0.0.0.3 network-summary-export PL-BLK-10.0.0.0
R3 view:
regress@R3> show route 10/24 exact
regress@R3>
R2 view:
regress@R2> show route 10/24 exact
inet.0: 29 destinations, 30 routes (29 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
10.0.0.0/24 *[OSPF/10] 00:22:46, metric 2
> to 169.254.15.1 via ge-0/0/0.0
3/ Using " area-range...restrict" on R1:
set protocols ospf area 0.0.0.2 area-range 10.0.0.0/24 restrict
delete protocols ospf area 0.0.0.3 network-summary-export
R2 view:
regress@R2> show route 10/24 exact
inet.0: 29 destinations, 30 routes (29 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
10.0.0.0/24 *[OSPF/10] 00:27:47, metric 2
> to 169.254.15.1 via ge-0/0/0.0
R3 view:
regress@R3> show route 10/24 exact
regress@R3>
@gedebook2009 wrote:
On my doing is advertising an external route. Should I put the ge-0/0/2.0 interface in passive? That would be bad 😞 . Is there any options to do?
External OSPF routes are not filtered by "network-summary-export" or "area-range" knobs, this is as per OSPF RFCs.
If You want to use OSPF export policy and create external OSPF routes, then You have 2 options:
a] area 2 shall be a normal area and 3 shall be stub or NSSA;
b] more complex variant: area 2 is NSSA and area 3 is stub.
And then You get Your filtering automatically at R1/area border, without "area-range" or "network-summary-export".
However, in my view, using stub or NSSA areas is a bad OSPF design and should be avoided as much as possible because otherwise You are exposing self to known but unintended consequences when trying to expand Your network.
HTH
Thx
Alex