Junos OS

Does anyone know how to use groups to bulk apply interfaces to OSPF or IS-IS? I have tried with no success. The following configuration for example does not work.

groups {
ospf-interfaces {
protocols {
ospf {
area <*> {
interface <ge-0/0/0.*>;
}
}
}
}
isis-interfaces {
protocols {
isis {
interface <ge-0/0/0.*>;
}
}
}

protocols {
ospf {
apply-groups ospf-interfaces;
}
isis {
apply-groups isis-interfaces;
}

r1# run show isis interface

r1# run show ospf interface

hi,

http://www.juniper.net/techpubs/en_US/junos9.6/information-products/topic-collections/swconfig-cli/understanding-the-JUNOS-configuration-groups.html#jd0e15416 says:

You can also use wildcards in a configuration group to allow configuration data to be inherited by any object that matches a wildcard expression

So, you can use wildcards to match any existing object, not to add objects matching wildcard.

As you noticed,  your config will not work:

admin@gw# show groups isis-interfaces 
protocols {
    isis {
        interface <fe-0/1/*.*> {
            passive;
        }
    }
}

admin@gw# show protocols isis 
apply-groups isis-interfaces;

[edit]
admin@gw# 
admin@gw# show protocols isis | display inheritance 

[edit]

The same group applied to modified isis configuration, changes configuration of matching interfaces:

admin@gw# show protocols isis                          
apply-groups isis-interfaces;
interface fe-0/1/2.123;
interface fe-0/1/3.456;
interface fe-1/0/0.789;

[edit]

admin@gw# show protocols isis | display inheritance    
interface fe-0/1/2.123 {
    ##
    ## 'passive' was inherited from group 'isis-interfaces'
    ##
    passive;
}
interface fe-0/1/3.456 {
    ##
    ## 'passive' was inherited from group 'isis-interfaces'
    ##
    passive;
}
interface fe-1/0/0.789;

[edit]

It's possible to use group to add interfaces to isis protocol, but we can't use wildcards in interface names:

admin@gw# show groups isis-add-interfaces                         
protocols {
    isis {
        interface fe-0/1/2.222;
        interface fe-0/1/3.333;
    }
}

[edit]

admin@gw# show protocols isis                          
apply-groups isis-add-interfaces;

[edit]
admin@gw# show protocols isis | display inheritance    
##
## 'fe-0/1/2.222' was inherited from group 'isis-add-interfaces'
##
interface fe-0/1/2.222;
##
## 'fe-0/1/3.333' was inherited from group 'isis-add-interfaces'
##
interface fe-0/1/3.333;

[edit]
admin@gw# 

Anyway, I see no gain here and prefer to add the interfaces explicitly under protocol isis and have full control.

It's also possible to add  'interface all' under isis and use group to add  'family iso' only to interfaces matching wildcard. 

jtb

Thank you jtb, as you say there is no gain from configuring IS-IS this way. It is useful to create a group to add "family iso" and "family mpls" to selected interfaces using wildcards, then configure IS-IS for interface all. 

I was really hoping it was possible more for OSPF, as configuring "interface all" is not desirable there, and adding interfaces one by one is tiresome.

Hey Nigel,

 Have you considered using commit scripts?

 You can build a simple script that would automatically add every interface with family iso configured also as protocols isis interface xxx (and more, if you like).

 The logic will basically be that if you have family iso configured for an interface, it is a core-facing interface and therefore should have other functionality enabled like MPLS or a specific firewall filter/CoS implementation.

 I personally prefer scripts over groups for automation for they avoid the need of "|display inheritance" after a show command.

Cheers,