Security

Hi all,

I just add an ISG1000 in my new NSM2008 server with route-maps and access-lists to redistribute some routes from trust-vr and untrust-vr to an own-created vr and vice-versa.

The problem is that nsm whant to delete this part of configuration. When I run Summarize delte config (just after importing the device) here is what I see :

  set vrouter vr-mpls
  set import-from vrouter trust-vr route-map "Import from TRUST_VR"  protocol static
  set export-to vrouter trust-vr route-map "Export to TRUST-VR"  protocol static
  set export-to vrouter untrust-vr route-map "Export to UNTRUST_VR"  protocol static
  exit
  set vrouter untrust-vr
  set import-from vrouter vr-mpls route-map "Import from MPLS_VR"  protocol static
  exit
  set vrouter trust-vr
  set import-from vrouter vr-mpls route-map "Import from MPLS_VR"  protocol static
  set export-to vrouter vr-mpls route-map "Export to MPLS_VR"  protocol static
  exit
 
  There are other route-map for non-static routes or between trust-vr and untrust-vr and they are correctly managed by NSM.
On route-maps between a personnal vr and another and only on static route cause this issue.

As anyone got this kind of problem ?

For information, this device was managed in NSM2007.3r3 without any issue before.

Thanks in advance,

Romain
#NSM
#ISG
#route-map

Hi,

 

It looks like you can configure route-maps in 2008, so it might be a problem with import. I know there has been some problems with importing parts of the configuration like MIPs. I sounds like it might be a bug so I would recommend opening a JTAC case with Juniper to look into it.

 

Regards

 

Andy

Hi Andy,

 

I opened a JTAC case and I go into the issue.

I'm able to replicate with any device so it is not an import bug.

 

Currently, I think that NSM2008 has an issue when we configure more than 1 import or export rules in a virtual router.

 

Thanks,

 

Romain

Hi all,

 

Just to tell you that this bug has been corrected in 2008.1r2 (I test it in a pre-released patch)

 

Regards,

 

Romain