SRX Services Gateway
Reply
Contributor
aeroplane
Posts: 724
Registered: ‎06-30-2009
0

OSPF configuration for route based VPN with multipoint st0 interface

Hi All

 

I was reading the JUNOS Security book. I have SRX650 with route based VPN to four remote bracnhes. I am using multipoint st interface. All is fine. Now If I run the OSPF over this st interface. What is the difference between below two confirgurations for OSPF. My concern is that why we need to explicitly define the neighbours. When I am using the neighbor knob and dynamic-neighbors, it is giving me the warning. "Warning: Neighbors cannot be specified manually if dynamic-neighbors is set" But in the book I found this configuration. 

 

set protocols ospf area 0.0.0.0 interface st0.0 interface-type p2mp
set protocols ospf area 0.0.0.0 interface st0.0 dynamic-neighbors
set protocols ospf area 0.0.0.0 interface st0.0 neighbor 192.168.100.1
set protocols ospf area 0.0.0.0 interface st0.0 neighbor 192.168.100.2
set protocols ospf area 0.0.0.0 interface st0.0 neighbor 192.168.100.3

 

AND

 

set protocols ospf area 0.0.0.0 interface st0.0

 

Thanks

Recognized Expert
ronf
Posts: 238
Registered: ‎04-04-2011
0

Re: OSPF configuration for route based VPN with multipoint st0 interface

I have not tried this particular configuration, but what I don't understand (probably just from ignorance) is why you wouldn't just configure a 1-for-1 binding of tunnel interfaces to VPNs.  Unless the platform is limited to less logical interfaces than you require, I do not see the point of adding in the p2mp complexity.  Am I just missing something?

JNCIE-SEC #127
Juniper Employee
sharanagoud
Posts: 12
Registered: ‎12-02-2009

Re: OSPF configuration for route based VPN with multipoint st0 interface

[ Edited ]

For auto nhtb, dynamic-neighbor flag must be configured to inform routing modules that neighbors are learnt dynamically and when "dynamic-neighbor" flag is enabled means no need to configure individual neighbor.

 

Cofig:

=====

set routing-instances VR1 protocols ospf area 0.0.0.0 interface st0.0 interface-type p2mp
set routing-instances VR1 protocols ospf area 0.0.0.0 interface st0.0 dynamic-neighbors

 

 


Contributor
aeroplane
Posts: 724
Registered: ‎06-30-2009
0

Re: OSPF configuration for route based VPN with multipoint st0 interface

Thanks a lot ! Just last thing and offcourse I will accept the solution :smileyhappy:  In this configuraiton interface-type p2mp is necessary? Say If I Just put the interface st0.0 in the protocol ospf and does not specify p2mp knob.

 

Thanks

Contributor
aeroplane
Posts: 724
Registered: ‎06-30-2009
0

Re: OSPF configuration for route based VPN with multipoint st0 interface

Hi

 

Is there any one?

Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.