Configuration Library
Highlighted
Configuration Library

SRX OSPF Redistribution

‎11-22-2010 06:15 AM

Title:  SRX OSPF Redistribution

Product: SRX

Version: 9.x and higher

Network Topology: srx/ns/ssg branches (area 0.0.0.x), ns/ssg core (area 0.0.0.0).  VPN's are route based with p2mp tunnel interfaces.  Tested with Junos 10.13r7 and ScreenOS 5.4.0r15.0/6.2r5.0.

Description: the configuration below provides an example of OSPF redistribution on the SRX.  This customer required both connected and select static routes to be redistributed as external type 1's. The VPN's and tunnel interface configuration is not included.

Configuration:

/OSPF enabled on the st0.0, added to area 3 and configured with two export policies.

protocols {
    ospf {
        export [ Connected-Routes Static-Routes ];
        area 0.0.0.3 {
            interface st0.0 {
                interface-type p2mp;
                hello-interval 10;
                dead-interval 40;
            }
        }
    }
}

/Policy statement for connected (or Direct) and static routes.  Metric, preference and type added at customers request.  The route filters must match what's in the active routing table (see routes below).

policy-options {
    policy-statement Connected-Routes {
        from {
            protocol direct;
            route-filter 192.168.1.0/24 exact;
        }
        then {
            metric 20;
            local-preference 20;
            external {
                type 1;
            }
            accept;
        }
    }
    policy-statement Static-Routes {
        from {
            protocol static;
            route-filter 192.168.2.0/24 exact;
            route-filter 192.168.3.0/24 exact;
            route-filter 192.168.4.0/24 exact;
        }
        then {
            metric 20;
            external {
                type 1;
            }
            accept;
        }
    }
}

/Static routes.

routing-options {
    static {
        route 192.168.2.0/24 next-hop 192.168.1.10;
        route 192.168.3.0/24 next-hop 192.168.1.10;
        route 192.168.4.0/24 next-hop 192.168.1.10;

/Direct or connected route.

    reth3 {
        redundant-ether-options {
            redundancy-group 1;
        }
        unit 0 {
            family inet {
                address 192.168.1.1/24;

John Judge
JNCIS-SEC, JNCIS-ENT,

If this solves your problem, please mark this post as "Accepted Solution". Kudos are appreciated.