Junos OS

 View Only
last person joined: 2 days ago 

Ask questions and share experiences about Junos OS.
  • 1.  OSPF Route Filter - Seeing Unexpected Route

    Posted 05-01-2017 10:55

    Hello,

     

    I'm trying to configure a SRX firewall with a route filter to filter incoming OSPF routes. The following is the route filter config:

     

    policy-statement Greenland-OPSF-import {
    term allow {
    from {
    protocol ospf;
    route-filter 10.18.254.240/29 exact;
    route-filter 10.18.95.0/24 exact;
    route-filter 10.18.70.0/24 exact;
    }
    then accept;
    }
    term reject {
    then reject;
    }
    }

     

    I've applied this to OSPF:

     

    user@FW# show protocols ospf
    import Greenland-OPSF-import;

    area 30.30.30.30 {
    interface irb.50 {
    passive;
    }
    interface st0.1;
    }

     

    Besides the 3 routes that I've put in the route filter list I'm also seeing a 10.118.95.0/24 route. Where is that coming from? 

     

    user@FW> show route protocol ospf

    inet.0: 23 destinations, 26 routes (23 active, 0 holddown, 0 hidden)
    + = Active Route, - = Last Active, * = Both

    10.18.70.0/24 *[OSPF/150] 00:12:30, metric 1, tag 209
    > via st0.1
    10.18.95.0/24 [OSPF/10] 00:12:30, metric 3
    > via st0.1
    10.18.254.240/29 *[OSPF/10] 00:12:30, metric 2
    > via st0.1
    10.118.95.0/24 [OSPF/10] 00:12:30, metric 3
    > via st0.1
    172.17.0.0/30 [OSPF/10] 00:12:30, metric 1
    > via st0.1
    224.0.0.5/32 *[OSPF/10] 01:55:37, metric 1
    MultiRecv


    #SRX
    #ospf
    #routefilter
    #routing


  • 2.  RE: OSPF Route Filter - Seeing Unexpected Route
    Best Answer

    Posted 05-01-2017 16:20

    OSPF import policies only allow the filtering of external routes. 

     

    In the import statement, you list the name of the routing policy used to filter OSPF external routes from being installed into the routing tables of OSPF neighbors. You can filter the routes, but not link-state address (LSA) flooding. An external route is a route that is outside the OSPF Autonomous System (AS). The import policy does not impact the OSPF database. This means that the import policy has no impact on the link-state advertisements.

     

    https://www.juniper.net/documentation/en_US/junos/topics/concept/ospf-routing-policy-understanding.html

     

    https://www.juniper.net/documentation/en_US/junos/topics/concept/ospf-routing-policy-understanding.html



  • 3.  RE: OSPF Route Filter - Seeing Unexpected Route

    Posted 10-17-2022 06:51
    Hi,

    I read the Juniper documentation, but it didn't specifically say it can filter the OSPF route (not LSA) within the SAME area. So, can the import statement filter OSPF routes generated by the OSPF router within the SAME area?




    ------------------------------
    Wilson Cheng
    ------------------------------



  • 4.  RE: OSPF Route Filter - Seeing Unexpected Route

    Posted 05-03-2017 09:51

    Like spuluka said, you can only filter external routes, so your existing policy only applies to the 10.18.70.0/24 route. The other subnets mentioned in your "allow" term will still show up in your table even if you remove them from the term because they are not external routes.



  • 5.  RE: OSPF Route Filter - Seeing Unexpected Route

    Posted 05-03-2017 09:57

    Thanks guys, that is helpful. So if I only wanted to see internal OSPF routes and nothing external I'd simply use a deny all route filter?



  • 6.  RE: OSPF Route Filter - Seeing Unexpected Route

    Posted 05-03-2017 11:21

    If you just want to do it to that one specific router, then yes. You can also just turn the area into a stub and not have to deal with policies. Of course this affects all the routers in that area.



  • 7.  RE: OSPF Route Filter - Seeing Unexpected Route

    Posted 05-12-2017 08:42

    I'm playing around with stub areas. It has the desired effect of external routes not prorogating. The problem is that the routes from the stub area aren't being prorogated to the main area. For devices in the main area, I'm seeing a summary route to the interface on the adjacent device in the stub area but none of the routes in the stub area. Is there something I need to do to get stub area routes advertised into the main area?



  • 8.  RE: OSPF Route Filter - Seeing Unexpected Route

    Posted 05-13-2017 09:32

    On the ABR where you connect to the stub area add the "no summaries" option to your OSPF area setup.

     

    example

     

    set protocols ospf area 0.0.0.128 stub no-summaries