Routing

Expand all | Collapse all

Change AD for OSPF external route

  • 1.  Change AD for OSPF external route

    Posted 02-19-2021 06:56
    Hey guys,

    the question is, how can I change on ASBR external-preference in OSPF for a particular prefix (via policy)?
    I see the option "set protocols ospf external-preference 14", but cannot find out how to apply the policy.

    I need this to solve routing problems in case of bidirectoinal route-import
    (this problem is good described here https://forum.huawei.com/enterprise/en/dual-point-bidirectional-route-redistribution/thread/543751-863)

    I have topology like this:

    R12------R10------R8
        |                   |                 |
    R11-------R9-------R7

    I have OSPF area 0 in R9-10-11-12 domain and ISIS level 2 in R7-8-9-10 domain.
    On R9 and R10 I redistribute routes from each protocol to another.
    All the loopbacks are added as passive to protocols except R12 - its loopback is redistributed, so it is OSPF external with AD 150.
    And I run into the problem described earlier.
    On Huawei it is solved by changing external preference with applied policy.

    But on Juniper I cannot apply the policy when changing external AD.

    I tried to use import policy like this - it does not work
    vlad@R10-P2> show configuration policy-options policy-statement r12
    term 1 {
    from {
    route-filter 10.0.0.12/32 exact;
    }
    then {
    preference 13;          ///(it does not work at all, what this options should actually do?)
    accept;
    }
    }


    vlad@R10-P2> show configuration protocols ospf
    area 0.0.0.0 {
    interface ge-0/0/0.0 {
    metric 10;
    }
    interface ge-0/0/1.0 {
    metric 1500;
    }
    interface lo0.0 {
    passive;
    }
    }
    export isis-to-ospf;
    import r12;

    I tried to add to this config
    "set protocols ospf external-preference 14"
    But it changes the preference for all the external routes, which leads to incorrect routing with loopbacks from isis domain.






    ------------------------------
    VLADISLAV KARPOV
    ------------------------------


  • 2.  RE: Change AD for OSPF external route

    Posted 03-04-2021 23:14
    I didn't find how you could change preference with policy for only a specific OSPF route, however, have you considered tagging the R12 route when redistributing into OSPF, and not allowing that route be imported into IS-IS on either IS-IS R9/R10? In this case, R9 and R10 can only learn R12 IP via OSPF, and reject it from IS-IS.

    ------------------------------
    Bryton J. Herdes, JNCIE-SP #3023
    Network Engineer
    AS395439
    ------------------------------



  • 3.  RE: Change AD for OSPF external route

    Posted 03-05-2021 05:41
    Hello Bryton,

    thank you for the responce.
    If I  will not redistribute it to ISIS, how R7-8 would reach R12?

    ------------------------------
    VLADISLAV KARPOV
    ------------------------------



  • 4.  RE: Change AD for OSPF external route

    Posted 03-05-2021 08:39
    As I understand it, you want to prevent a route loop caused by redistribution from OSPF to IS-IS, and back to OSPF caused by preference. Easy way to do this is to tag the route with a value (123) when exporting at your two boundary routers from OSPF to IS-IS, then all your routers will receive it that run only IS-IS, but at your boundary routers you want to make sure it isn't redistributed again from IS-IS to OSPF. You can do that by matching the tag with an IS-IS import policy to reject the123 tagged routes. The routers running only IS-IS will still have full connectivity and the boundary routers will prefer the OSPF route because the IS-IS route for the same prefixes will be rejected.

    ------------------------------
    Bryton J. Herdes, JNCIE-SP #3023
    Network Engineer
    AS395439
    ------------------------------



  • 5.  RE: Change AD for OSPF external route

    Posted 03-05-2021 10:14
    May be I don't understand you, but it does not work like you described.
    Using the tag and reject policy will help to not redistribute route back to OSPF, but it will not prevent the router to accept the route and install it locally.
    For example imagine I have topology described earlier, without any redistribution between OSPF and ISIS.
    Then I do bidirectional redistribution first on R9, then on R10.
    So in ISIS domain propagation of the route 10.0.0.12 will go via R7-R8-R10. R10 will not redistribute it to R12, as we have restricted policy, but will prefer it as best and install this route to RIB:

    vkarpov@R10-P2> show route 10.0.0.12

    inet.0: 21 destinations, 26 routes (21 active, 0 holddown, 0 hidden)
    + = Active Route, - = Last Active, * = Both

    10.0.0.12/32
    *[IS-IS/18] 00:00:12, metric 3610, tag 10
    > to 192.168.108.1 via ge-0/0/2.0                                              <<<< interface towards R8
    [OSPF/150] 00:06:17, metric 1500, tag 10
    > to 192.168.121.2 via ge-0/0/1.0                                              <<< Interface towards R12


    Here is example of export redistribution policies, which I use, tag 10 is for OSPF routes, tag 20 for ISIS:

    policy-statement isis-to-ospf {
    term 1 {
    from tag 10;
    then reject;
    }
    term 2 {
    from {
    protocol isis;
    route-filter 10.0.0.0/16 orlonger;
    }
    then {
    tag 20;
    external {
    type 1;
    }
    accept;
    }
    }
    }
    policy-statement ospf-to-isis {
    term 1 {
    from tag 20;
    then reject;
    }
    term 2 {
    from {
    protocol ospf;
    route-filter 10.0.0.0/16 orlonger;
    }
    then {
    tag 10;
    accept;
    }
    }
    }

    ------------------------------
    VLADISLAV KARPOV
    ------------------------------



  • 6.  RE: Change AD for OSPF external route

     
    Posted 03-05-2021 10:34
    To prevent the redistributed route from being installed use an import policy under OSPF. 

    Regards,

    ------------------------------
    Yasmin Lara
    Juniper Ambassador
    JNCIE-SP, JNCIE-ENT, JNCIE-DC, JNCIE-SEC
    JNCDS-DC, JNCIA-DevOps, JNCIP-CLOUD, CCNP-ENT
    ------------------------------



  • 7.  RE: Change AD for OSPF external route

    Posted 03-05-2021 10:41
    Yasmin is correct, hadn't had a chance to comment this morning yet. You have to make sure you put the policy in the right place per the situation.

    ------------------------------
    Bryton J. Herdes, JNCIE-SP #3023
    Network Engineer
    AS395439
    ------------------------------