Routing

 View Only

IMPORTANT MODERATION NOTICE

This community is currently under full moderation, meaning  all posts will be reviewed before appearing in the community. Please expect a brief delay—there is no need to post multiple times. If your post is rejected, you'll receive an email outlining the reason(s). We've implemented full moderation to control spam. Thank you for your patience and participation.



  • 1.  Imported routes from the main inet.0 are not transferred via OSPF

    Posted 12-02-2021 05:35
    Hello!
    I have SRX240H2.

    There is virtual router instanse:

    root# show routing-instances
    to-asa {
        instance-type virtual-router;
        interface ge-0/0/0.0;
        routing-options {
            interface-routes {
                rib-group inet fbf-group;
            }
            static {
                route 0.0.0.0/0 next-hop 10.16.1.1;
            }
        }
        protocols {
            ospf {
                rib-group ri-asa_to_ri-inet0;
                export export-routes-to-asa;
                area 0.0.0.0 {
                    interface ge-0/0/0.0 {
                        interface-type p2p;
                    }
                }
            }
        }
    }​


    I imported direct and ospf routes from inet.0 to this vr:

    root# show routing-options
    interface-routes {
        rib-group inet fbf-group;
    }
    
    root# show protocols
    ospf {
        rib-group fbf-group;
        export export-ospf;
        area 0.0.0.0 {
            interface ge-0/0/2.0 {
                passive;
            }
            interface ge-0/0/1.0;
        }
    }​

    The problem is that the OSPF and direct routes imported from the main inet.0 are not transferred via OSPF to the ASA device.

    I found a solution, but I'm not sure it is correct:

    policy-statement export-routes-to-asa {
        term routers-to-asa-1 {
            from protocol [ direct ospf ];
            then accept;
        }
    }​

    Is this the right decision?

    I thought that the OSPF protocol by default transfer the OSPF routes from the routing table to its neighbors.



  • 2.  RE: Imported routes from the main inet.0 are not transferred via OSPF

    Posted 12-03-2021 05:37
    Hi ,


    can you share the below output .

    configuration of this rib group :
    ri-asa_to_ri-inet0​

    fbf-group​

    >show ospf database 

    -Regards 
    Sharanya


  • 3.  RE: Imported routes from the main inet.0 are not transferred via OSPF

    Posted 12-03-2021 09:57
    root# show routing-options rib-groups
    fbf-group {
        import-rib [ inet.0 to-asa.inet.0 ];
    }
    ri-asa_to_ri-inet0 {
        import-rib [ to-asa.inet.0 inet.0 ];
    }
    ​
    root> show ospf database
    
        OSPF database, Area 0.0.0.0
     Type       ID               Adv Rtr           Seq      Age  Opt  Cksum  Len
    Router  *1.1.1.2          1.1.1.2          0x80000044   138  0x22 0x58f2  48
    Router   10.254.254.7     10.254.254.7     0x8000007e  1431  0x2  0xc04b  48
    Router   192.168.11.1     192.168.11.1     0x8000007d  1428  0x2  0x85bc  48
    Network  10.254.254.1     192.168.11.1     0x80000038   813  0x2  0xef36  36
        OSPF AS SCOPE link state database
     Type       ID               Adv Rtr           Seq      Age  Opt  Cksum  Len
    Extern  *172.29.28.0      1.1.1.2          0x8000003a  2136  0x22 0x8102  36
    

    Thank you!




  • 4.  RE: Imported routes from the main inet.0 are not transferred via OSPF

    Posted 12-03-2021 09:59
    Hi, 

    i think this is expected, the routes you are leaking from inet.0 to the virtual-router are not part of an OSPF neighborship, therefore OSPF would not export the routes automatically, even when they are from "protocol OSPF".

    your approach seems accurate, you need a policy to match the routes and export them. 

    Thanks, 
    Gabriel FV

    ------------------------------
    GABRIEL FLORES
    ------------------------------



  • 5.  RE: Imported routes from the main inet.0 are not transferred via OSPF

    Posted 12-06-2021 05:52
    Thanks a lot, Gabriel!