Routing

Hi all,

Can someone check my config here please. I'm expecting to see vlan 300 (192.168.67.0/24) in Area 0, but it's in Area 1.

show ospf database           

    OSPF database, Area 0.0.0.0
 Type       ID               Adv Rtr           Seq      Age  Opt  Cksum  Len 
Router   1.1.1.1          1.1.1.1          0x80000086   403  0x22 0x9e49  48
Router  *XXX.XXX.XXX.XXX     XXX.XXX.XXX.XXX     0x8000005c   463  0x22 0x38f3  60
Summary  36.36.36.0       1.1.1.1          0x8000002e   403  0x22 0x288d  28
Summary *36.36.36.0       XXX.XXX.XXX.XXX     0x8000004c  2338  0x22 0x275d  28
Summary  192.168.101.0    1.1.1.1          0x8000002e   403  0x22 0xe2e   28
Summary *192.168.101.0    XXX.XXX.XXX.XXX     0x8000004d  1213  0x22 0x49d3  28
ASBRSum  2.2.2.2          1.1.1.1          0x8000002c   403  0x22 0xb44f  28
ASBRSum *2.2.2.2          XXX.XXX.XXX.XXX     0x80000054  2713  0x22 0xd309  28
ASBRSum  XXX.XXX.XXX.XXX     1.1.1.1          0x8000002c   403  0x22 0x8a92  28

    OSPF database, Area 0.0.0.1
 Type       ID               Adv Rtr           Seq      Age  Opt  Cksum  Len 
Router   1.1.1.1          1.1.1.1          0x80000085   404  0x22 0x41c0  36
Router   2.2.2.2          2.2.2.2          0x80000084   952  0x22 0x42e7  60
Router  *XXX.XXX.XXX.XXX     XXX.XXX.XXX.XXX     0x80000052  1588  0x22 0xf8f0  48
Network  192.168.101.2    1.1.1.1          0x8000002c   667  0x22 0x909d  32
Summary  35.35.35.0       1.1.1.1          0x8000000e   404  0x22 0x8257  28
Summary *35.35.35.0       XXX.XXX.XXX.XXX     0x8000004c   838  0x22 0x4b3c  28
Summary  192.168.67.0     1.1.1.1          0x8000000e   404  0x22 0xf998  28
Summary *192.168.67.0     XXX.XXX.XXX.XXX     0x80000036  1963  0x22 0xe472  28
ASBRSum *1.1.1.1          XXX.XXX.XXX.XXX     0x8000000a    88  0x22 0x9694  28
ASBRSum  XXX.XXX.XXX.XXX     1.1.1.1          0x8000000e   404  0x22 0xbc7f  28
    OSPF AS SCOPE link state database
 Type       ID               Adv Rtr           Seq      Age  Opt  Cksum  Len 
Extern   172.10.1.0      1.1.1.1          0x8000005b   666  0x20 0x4a4a  36
Extern   172.10.1.0      2.2.2.2          0x80000058   953  0x20 0x96f2  36



show interfaces vlan 
unit 300 {
    family inet {
        address 192.168.67.1/24;
    }
}

show policy-options policy-statement export_lan
 
from {
    route-filter 192.168.67.0/24 exact;
}
then accept;


show protocols ospf   
export export_lan;
area 0.0.0.0 {
    interface gr-0/0/0.35;
    /* 192.168.67.0/24 */
    interface vlan.300;
}
area 0.0.0.1 {
    interface gr-0/0/0.36;
}

Thanks.

show ospf database advertising-router self 

    OSPF database, Area 0.0.0.0
 Type       ID               Adv Rtr           Seq      Age  Opt  Cksum  Len 
Router  *XXX.XXX.XXX.XXX     XXX.XXX.XXX.XXX     0x8000005c  1753  0x22 0x38f3  60
Summary *36.36.36.0       XXX.XXX.XXX.XXX     0x8000004d   628  0x22 0x255e  28
Summary *192.168.101.0    XXX.XXX.XXX.XXX     0x8000004d  2503  0x22 0x49d3  28
ASBRSum *2.2.2.2          XXX.XXX.XXX.XXX     0x80000055  1003  0x22 0xd10a  28

    OSPF database, Area 0.0.0.1
 Type       ID               Adv Rtr           Seq      Age  Opt  Cksum  Len 
Router  *XXX.XXX.XXX.XXX     XXX.XXX.XXX.XXX     0x80000052  2878  0x22 0xf8f0  48
Summary *35.35.35.0       XXX.XXX.XXX.XXX     0x8000004c  2128  0x22 0x4b3c  28
Summary *192.168.67.0     XXX.XXX.XXX.XXX     0x80000037   253  0x22 0xe273  28
ASBRSum *1.1.1.1          XXX.XXX.XXX.XXX     0x8000000a  1378  0x22 0x9694  28

Hello,

192.168.67.0/24 is inside this router LSA, along with other OSPF-enabled interface subnets:

show ospf database advertising-router self 

    OSPF database, Area 0.0.0.0
 Type       ID               Adv Rtr           Seq      Age  Opt  Cksum  Len 
Router  *XXX.XXX.XXX.XXX     XXX.XXX.XXX.XXX     0x8000005c  1753  0x22 0x38f3  60

If it wasn't there, the 192.168.67.0 summary in area 1 would not exist.

"show ospf database lsa-id XXX.XXX.XXX.XXX extensive" will reveal the truth.

HTH

Thx

Alex

Thanks. XXX.XXX.XXX.XXX is a public IP I've masked out.

I was confused as to why 192.168.67.0/24 was not showing in Area 0 when I've put that interface into it and applied an export policy. I expect to see vlan.300 showing in area 0 (0.0.0.0) when I do 'show ospf database'.

Do you have a link to the right docs I can read up on if I'm just missing some basic theory here?

Thanks,

Gavin.

Hello,

OSPF-enabled interface subnets are present inside Router LSA. To see each interface subnet contained inside Router LSA, You have to use "extensive" modifier.

---

@suretec wrote:

I expect to see vlan.300 showing in area 0 (0.0.0.0) when I do 'show ospf database'.

 

 

---

"show ospf database" without "extensive" displays OSPF LSA headers only. 

 

---

@suretec wrote:

 

Do you have a link to the right docs I can read up on if I'm just missing some basic theory here?

 

---

Yes You are.
Please have a read into RFC 2328 section  12.4.1 Router-LSAs https://www.rfc-editor.org/rfc/rfc2328.txt

Also JUNOS public documentation has examples showing Router LSA contents

https://www.juniper.net/documentation/en_US/junos/topics/reference/command-summary/show-ospf-database.html#jd0e794

user@host> show ospf database extensive
    OSPF link state database, Area 0.0.0.1
 Type       ID               Adv Rtr           Seq      Age  Opt  Cksum  Len
Router   10.255.70.103    10.255.70.103    0x80000002   286  0x20 0x4112  48
  bits 0x0, link count 2
  id 10.255.71.242, data 12.1.1.1, Type PointToPoint (1)
  TOS count 0, TOS 0 metric 1
  id 12.1.1.0, data 255.255.255.0, Type Stub (3) ## OSPF-enabled interface subnet
  TOS count 0, TOS 0 metric 1
  Aging timer 00:55:14
  Installed 00:04:43 ago, expires in 00:55:14
  Last changed 00:04:43 ago, Change count: 2

 HTH

Thx

Alex

Thank you. I understand the summary now.

Hi Alex,

Do I really need my export_lan policy statement if I just mark vlan.300 as passive?

Pros and cons?

Hello,

If You need VLAN.300 subnet to be present in OSPF LSDB, You have 3 choices:

1/ enable OSPF on vlan.300 interface. JUNOS will insert VLAN.300 subnet into Router LSA and will send OSPF packets out vlan.300 and will process OSPF packets received on VLAN.300.

2/ emable OSPF on vlan.300 and make it as passive.  JUNOS will insert vlan.300 subnet into Router LSA and will NOT send OSPF packets out vlan.300. Received OSPF packets on VLAN.300 will not be processed.

3/ do NOT enable OSPF on VLAN.300 and export VLAN.300 subnet into OSPF LSDB via policy. JUNOS will create "AS External" (Type-5) LSA for VLAN.300 subnet with Type-2 metric by default. JUNOS will NOT send OSPF packets out vlan.300. Received OSPF packets on VLAN.300 will not be processed.

HTH

Thx

Alex

This looks similar to the issue i am trying to understand, why a vlan is advertised over area x instead of over area y.

i've reread the posts here but i'm still not getting it.

Alex could you explain a little more as to why the vlan is seen as a summary in area 1 and not in area 0, or is it the case that if Gavin had run show ospf database extensive he would have seen his vlan 300 subnet in area 0 too?

in my case we want tagged routes to use vlan 300 in area 300 but those taged routes also need to be advertised to carrier the routers in area 0. if we enable ospf and make it passive in area 300 we loose the ability to tag, but the peer router routes to the subnet across area 300 instead of area 0 or via the carrier

would greatly appreciate any help.

Thanks

Chris 

Hello,

---

@Chris2 wrote:

is it the case that if Gavin had run show ospf database extensive he would have seen his vlan 300 subnet in area 0 too?

 

 

 

---

Correct.

---

@Chris2 wrote:

 

 

in my case we want tagged routes to use vlan 300 in area 300 but those taged routes also need to be advertised to carrier the routers in area 0. if we enable ospf and make it passive in area 300 we loose the ability to tag, 

 

 

 

---

You can only tag Type-5 or Type-7 routes in OSPF.

You cannot tag Type-1,2,3 OSPF routes. Type-4 routes/LSA are auto-created, so You cannot even configure them at will let alone tag.

This is OSPF protocol feature/limitation if You will.

When You ad

---

@Chris2 wrote:

This looks similar to the issue i am trying to understand, why a vlan is advertised over area x instead of over area y.

 

i've reread the posts here but i'm still not getting it.

Alex could you explain a little more as to why the vlan is seen as a summary in area 1 and not in area 0, or is it the case that if Gavin had run show ospf database extensive he would have seen his vlan 300 subnet in area 0 too?

 

in my case we want tagged routes to use vlan 300 in area 300 but those taged routes also need to be advertised to carrier the routers in area 0. if we enable ospf and make it passive in area 300 we loose the ability to tag, but the peer router routes to the subnet across area 300 instead of area 0 or via the carrier

 

 

would greatly appreciate any help.

 

Thanks

 

Chris 

 

---

vertise "passive" interface subnet into OSPF, it is advertised as Type-1 in the same area or Type-3 in different area. No way to tag interface subnet like this, You have to export direct interface subnet route into OSPF to be able to add tag.

---

@Chris2 wrote:

but the peer router routes to the subnet across area 300 instead of area 0 or via the carrier

 

 

---

In the OSPF protocol spec, the route across same area is always preferred over route via different area. This is another protocol feature/limitation if You will. You might need to convince Your provider to configure OSPF sham links (RFC4577 section 4.2.7 ) to allow routing via provider core.

But if I were You, I'd stop tinkering with OSPF and migrate to BGP. You will get much more traffic engineering capabilities with BGP.

HTH

Thx
Alex 

Thanks Alex,

was kind of suspectig we where running up against limitations in OSPF, was hoping we could just get this doing what we want but may need to seriosuly think about moving onto a more extensible solution.

i found this cisco blog quite useful in helping me understand whats going on here

https://cciethebeginning.wordpress.com/2015/01/21/ospf-inter-area-and-intra-area-routing-rules/#

My big question now is trying to understand why a route will choose area 300 instead of area 0 when there has been no declaration for the route to be in any area. As i understand it, a direct interface route would be in the router LSA and advertised across both area 0 and area 300, so why is area 300 chosen? is it because there is a preference to route across non area 0 (non backbone) if there is a choice of both?

is there a list somewhere of the heirachy of decision making.

if i undretsand this correctly, is it impossible to designate a route in an area and maintain tagging? we must just let the protocol advertise to all areas and make its own a choice, which we are unable to influence, to which ospf area it will decide to route across if we ant to tag?

Thanks again.

Hello,

It looks like You are missing basics here and I thoroughly recommend this book to understand OSPF:

https://www.amazon.com/OSPF-Choosing-Large-Scale-Networks/dp/0321168798

---

@Chris2 wrote:

 

 

My big question now is trying to understand why a route will choose area 300 instead of area 0 when there has been no declaration for the route to be in any area.

 

---

If You let me know what do You mean saying "declaration(s)" I hope I will be able to answer. OSPF RFC do not have this language. OSPF route is normally "originated" in a given area and then it is propagated into all or none or selected areas. 

Where the originated route can be propagated depends on its "Type" (see Jeff Doyle book, or RFC 2328).

---

@Chris2 wrote:

As i understand it, a direct interface route would be in the router LSA and advertised across both area 0 and area 300, so why is area 300 chosen?

 

---

If direct interface LAN1 is present in area 300 and is injected into OSPF as "passive" then when an Area Border Router (ABR) that has ports in both area 0 _AND_ area 300 will choose area 300 path for an incoming packet whose dst.IP==${IP_from_LAN1_subnet}.

Did it answer You question?

---

@Chris2 wrote:

 

 

if i undretsand this correctly, is it impossible to designate a route in an area and maintain tagging? we must just let the protocol advertise to all areas and make its own a choice, which we are unable to influence, to which ospf area it will decide to route across if we ant to tag?

 

 

---

I already mentioned that only Type-5 and Type-7 OSPF LSA/routes can have tags. To inject a subnet as Type-5/7 LSA into OSPF, you need OSPF export policy matching on Your chosen prefix. But then You cannot filter where Type-5 goes since it has AS-wide flooding scope (except stub/NSSA areas) and can be filtered only on ASBR/at point of origination which defeats Your purpose. Type-7 are converted into Type5 by NSSA ABR so same principle applies.

Hope this makes sense.

HTH

Thx

Alex

Thanks Alex, 

 

i appreciate i am missing some key aspects of OSPF, i'll see if i can source a uk copy of that book.

 

---

@aarseniev wrote:

 

If You let me know what do You mean saying "declaration(s)" I hope I will be able to answer. OSPF RFC do not have this language. OSPF route is normally "originated" in a given area and then it is propagated into all or none or selected areas. 

Where the originated route can be propagated depends on its "Type" (see Jeff Doyle book, or RFC 2328).

 

what i meant by declaration is the config that allocates an interface to the ospf area, i.e

 

set protocols ospf area 0.0.0.300 interface vlan.300 passive

if no config assigning an interface/vlan/route to an area, whats the mechanisim/procedure that decides? I'd like to be able to work it out so i know what to do or not to do to influence area assignment.

 

 

---

@aarseniev wrote:

 

 

If direct interface LAN1 is present in area 300 and is injected into OSPF as "passive" then when an Area Border Router (ABR) that has ports in both area 0 _AND_ area 300 will choose area 300 path for an incoming packet whose dst.IP==${IP_from_LAN1_subnet}.

Did it answer You question?

---

 

 What happens if direct interface LAN1 is present in area 0 & 300 (no set protocols ospf area 0.0.0.300 interface vlan.300 passive config)? why would area 300 be choosen? i can understand if the interface is injected into ospf as passive, just don't understand what i see when its not injected.

 

Where you write "If direct interface LAN1 is present in area 300" what determines if that direct interface is in area 0 or area 300?

 

Thanks

try to add

set policy-options policy-statement export_lan to area 0