Routing

I three routers with OSPF set up on them.  For one reason or another they are not sharing routes on the backbone.  I have tried to figure out what I am doing wrong but I am just lost.  Any thoughts?  The following configuation is simlar with IP differences on all three routers.

Thank you,

version 9.5R1.8;
system {
    host-name test2;
    domain-name test.net;
       }
    services {
        ssh;
        web-management {
            http;
        }          
        dhcp {     
            pool 10.0.1.0/24 {
                address-range low 10.0.1.10 high 10.0.1.200;
                router {
                    10.0.1.1;
                }
            }
        }
    }
    syslog {
        user * {
            any emergency;
        }
        file messages {
            any critical;
            authorization info;
        }
        file interactive-commands {
            interactive-commands error;
        }
    }
    max-configurations-on-flash 5;
    max-configuration-rollbacks 5;
    license {      
        autoupdate {
            url https://ae1.juniper.net/junos/key_retrieval;
        }
    }
}
interfaces {
    ge-0/0/0 {
        unit 0 {
            family inet {
                address 192.168.1.2/30;
            }
        }
    }
    ge-0/0/1 {
        unit 0 {
            family inet {
                address 192.168.1.5/30;
            }
        }
    }
    fe-0/0/7 {
        description "Bridge to Test1";
        unit 0 {   
            family inet {
                address 10.0.1.1/24;
            }
        }
    }
    lo0 {
        unit 0 {
            family inet {
                address 127.0.0.1/32;
            }
        }
    }
}
routing-options {
    router-id 192.168.1.5;
    autonomous-system 1;
}
protocols {
    ospf {
        area 0.0.0.0 {
            interface ge-0/0/0.0 {
                hello-interval 5;
            }      
            interface ge-0/0/1.0 {
                hello-interval 5;
            }
            interface fe-0/0/7.0 {
                passive;
                hello-interval 5;
            }
        }
    }
}
security {
    screen {
        ids-option untrust-screen {
            inactive: ip {
                source-route-option;
                tear-drop;
            }
            tcp {
                syn-flood {
                    alarm-threshold 1024;
                    attack-threshold 200;
                    source-threshold 1024;
                    destination-threshold 2048;
                    queue-size 2000; ## Warning: 'queue-size' is deprecated
                    timeout 20;
                }
                land;
            }
        }
    }
    zones {
        security-zone trust {
            tcp-rst;
        }
        security-zone untrust {
            screen untrust-screen;
        }
        security-zone Gateway {
            host-inbound-traffic {
                system-services {
                    all;
                }
                protocols {
                    all;
                }
            }      
            interfaces {
                fe-0/0/7.0;
                ge-0/0/0.0;
                ge-0/0/1.0;
            }
        }
    }
    policies {
        from-zone trust to-zone trust {
            policy default-permit {
                match {
                    source-address any;
                    destination-address any;
                    application any;
                }
                then {
                    permit;
                }
            }
        }
        from-zone trust to-zone untrust {
            policy default-permit {
                match {
                    source-address any;
                    destination-address any;
                    application any;
                }
                then {
                    permit;
                }
            }
        }
        from-zone untrust to-zone trust {
            policy default-deny {
                match {
                    source-address any;
                    destination-address any;
                    application any;
                }
                then {
                    deny;
                }
            }
        }
    }
}      

Hi,

what do you mean by "no sharing routes"? Which routes exactly you are missing (if you are missing direclty connected route of your passive interface then check the state of this interface. If it is Down then route would not be advertised)? Please attach output of "show ospf neighbor" and "show route.

Regards

Michael Pergament

Dont so much get hung up on the 10 network.  What I reallly would like is to see an example of a working three router OSPF backbone area so I can figure out what I am doing wrong.   I'm just trying to connect the routers with /30 subnets and I cant seem to ping beyond the direct connection.

Here is the configuration I was trying to achieve.  Again, dont worry about the 10 network.

Router 1

ge0: 192.168.1.1/30  - Connected to router 2 ge0

ge1: 192.168.1.10/30 - Connected to router 3 ge1

Router 2

ge0: 192.168.1.2/30 - Connected to router 1 ge0

ge1: 192.168.1.5/30 - Connected to router 3 ge0

Router 3

ge0: 192.168.1.6/30 - Connected to router 2 ge1

ge1: 192.168.1.9/30 - Connected to router 1 ge1

Right now from router 1 (with the config I posted) I can ping 1.9 and 1.2 on the other routers, but I cannot ping 1.5 or 1.6.  That is what I mean by not sharing routes.

Any thoughts?

You need a policy from Zone Gateway to zone Gateway to allow for that otherwise traffic would be dropped!

         from-zone Gateway to-zone Gateway {
            policy default-permit {
                match {
                    source-address any;
                    destination-address any;
                    application any;
                }
                then {
                    permit;
                }
            }

Regards

Michael

The firewall on these guys has been interesting from the start. That fixed it up.

Thank you,