View Only
last person joined: 20 hours ago 

Ask questions and share experiences about ACX Series, CTP Series, MX Series, PTX Series, SSR Series, JRR Series, and all things routing, including portfolios and protocols.
  • 1.  ISIS IMPORT-POLICY Question

    Posted 10-01-2022 01:58
    Hi Team, 

    Thanks for checking this one out! I am confused about the ISIS import policy while doing lab and reading the official doc. 

    Since ISIS is a link-state like OSPF we need to have the same LSDB, which may limit us in configuring routing policy like an import policy, I get that it makes totally sense, however in the lab, I configured an import policy on ISIS and that did work, which creates a black hole traffic situation. 


    R3-----------R2-----------R7  --> level 2 adj only 

    R3:,  R2:,  R7:  --> Loopback address advertised in ISIS 

    ON R2: Checking the LSDB, looking at LSP from R3 I can see that his advertising his loopback as an internal route: 

    Area address: 49.0002.1720 (5)
    LSP Buffer Size: 1492
    Speaks: IP
    Speaks: IPV6
    IP router id:
    IP address:
    Hostname: vMx3
    IS neighbor: vMX2.00, Internal, Metric: default 10
    Extended IS Reachability TLV, Type: 22, Length: 33
    IS extended neighbor: vMX2.00, Metric: default 10 SubTLV len: 22
    IP address:
    Neighbor's IP address:
    Local interface index: 336, Remote interface index: 336
    IP prefix:, Internal, Metric: default 0, Up

    Now if I check R2 I have an ISIS route to R3, which works as expected. 
    root@vMX2# run show route
    inet.0: 16 destinations, 16 routes (16 active, 0 holddown, 0 hidden)
    + = Active Route, - = Last Active, * = Both *[IS-IS/18] 00:00:37, metric 10
    > to via ge-0/0/3.0

    -> Import Policy on R2: 
    root@vMX2# top show policy-options policy-statement ISIS-IMPORT
    term 1 {
    from {
    protocol isis;
    route-filter exact;
    then reject;

    I applied this as an import on ISIS,   set protocols isis import ISIS-IMPORT on R2 

    When I check the routing table, I no longer have that, it got filtered, however, the LSDB is the same, if I check the R7 he is computing that with R2 as the next hop, this leads to blackholing the traffic. 

    root@vMX2# run show isis route
    IS-IS routing table Current version: L1: 289 L2: 294

    [edit protocols isis]
    root@vMX2# run show route protocol isis

    [edit protocols isis]
    root@vMX2# run show policy ISIS-IMPORT statistics
    Policy ISIS-IMPORT:
    [150] Term 1:
    from [108 0] proto IS-IS
    [8 0] route filter: exact
    then [8 0] reject

    [edit protocols isis]

    Juniper Doc: 


    If an IS-IS import policy is applied that results in a reject terminating action for a non-external route, then the reject action is ignored and the route is accepted anyway. By default, such a route is now installed in the routing table with a priority of low. This behavior prevents traffic black holes, that is, silently discarded traffic, by ensuring consistent routing. However, you can use the the reject policy option to reject routes based on the prefix or the configured tag.

    Example: Configuring a Routing Policy to Prioritize IS-IS Routes

    Are import policies allowed?  Why is that? Besides the use case of prioritizing the routes is there any other use case? For now, I see the import policy similar to OSPF import on externals with the difference that it filters not only externals but the internals and external ISIS routes. 

    Many Thanks!

    Alin Bandiu

  • 2.  RE: ISIS IMPORT-POLICY Question

    Posted 10-03-2022 07:17

    Since Junos 17.1 import policies are allowed! 

    They work as an import on external in OSPF but can block internals also for entering rib. 

    Maybe helps! 

    Alin Bandiu