Junos OS

Hello!
I'm just learning and in the office I suddenly had a difficult task, which I am not ready for.
There is the following situation:
There is an office that is fully functional on the router3.
Router3 has a tunnel interface st1 to router2.
The router3 enabled the protocol ospf. The tunnel interface st1 is in area 0, and the rest of the interfaces looking towards the local network are located in area 1.

There was a task:
Transfer users to a separate subnet.
I divided the routing tables on the router3 using the virtual-routing router instance, because otherwise, the routes go through router2, and I need to be through router1, because services for users of a separate subnet are located behind it.
In the instance router, I created a new area 2. In which I included the St2 tunnel interface to Router 1 and local interfaces.
On router 1, I created AREA 2 and turned on the St2 tunnel interface there.
But nothing works. I do not see in the new route routing table from the next area.

I'm obviously doing something wrong and I can't figure it out, for me this topic is very complex and new. How do engineers solve similar problems? I would be grateful for any help. Sorry for my English.

Reading your description, this is what I am understanding: 

You have this topology: 

But because the traffic from PCs to Services is going to R1 instead of R2, you did this:

• I don't understand the area 2 including the switch and PC on the bottom right. 
• Is R1 somehow connected to services? 
• Are the tunnels up?
• What kind of devices are R1, R2 and R3? 
• Can you post the configurations of the routers? 
• Can you post show ospf neighbors, show ospf interface from all 3 routers?  

Send more info. and I'll try to help you. Feel free to modify the diagrams and post them back.  

Regards,

Attachment(s)

OSPF QUESTION.pptx   48 KB 1 version

You draw just adorable! I am even ashamed. Not very clever because of this 😞
Well, for the sake of completeness, I will try to explain how the problem appeared.

Initially, there was a topology that worked like a clock and was very logical and understandable even to me 🙂
Like this:

The tunnel interface st is a member of area0 and receives all routes from router2.

Then there was a need to create services on router1 for new individual networks on router3.

I put the switch and at the L2 level I divided one tunnel into two. Because on router 1 there are necessary services that should be available only to new subnets behind router 3.

It turned out so:

I think you can guess that I began to observe the loops in the routes. Router 1 saw the network along the upper tunnel, I think because of the proximity of the route, so Ospf works, on the principle of the shortest route. However, router 3 saw some services behind router 1 through router 2 and responded to requests to it, and not to router1

Then I began to look for information on how to build routing correctly. I came across a virtual router and decided that it suits me. Created on router 3 virtual router and area 2. Created on router only area 2 without virtual router. I also included new interfaces with new subnets in the virtual router. It turned out something similar:

There was a problem with which I came here with a question. Router 3 now has 2 routing tables. Old Inet.0 and new router-instance-name.0 

I do not know how to make routing tables accessible to each other through their tunnel interfaces, and router 2 saw area 2 only through router 1

• I don't understand the area 2 including the switch and PC on the bottom right. 
  • This is what I want to do. The area 2 at the bottom right remained isolated.
• Is R1 somehow connected to services?
  • Yes
• Are the tunnels up?
  • Yes
• What kind of devices are R1, R2 and R3?
  • R1 and R2 - SRX1500, R3 - SRX550
• Can you post the configurations of the routers?
  • Yes, but not now, and not completely
• Can you post show ospf neighbors, show ospf interface from all 3 routers?
  • Yes, but tomorrow

Thank you for trying to help me. I'm very bad at it 😞 But I try to learn and understand how it works.

Oh thanks! Glad you find them useful. I think we are getting somewhere. Take a look at the attached file and let me know if that helps. 

Regards,

Attachment(s)

OSPF QUESTION-2.pptx   51 KB 1 version

Sorry for the long lack, a lot of work. Thank you for the proposed option, but I think it does not suit me. A little later, I will try to formulate and answer you.

Sorry for my absence. Recently, I have a lot of responsibilities and very little time 😞

Ok, I created 3 routers in a virtual environment (R1, R2, R3) and 3 computers (PC-01, PC-02, PC-03) and I hope I can correctly put the question.

For interfaces, I have assigned an IP address from the 192.168/16 network, this is my mpls zone for building tunnels.

For interfaces in the local network and PC's, I chose the green network 172.16/16.

Next, I brought up the tunnel interfaces. Let them be pink 🙂At this stage, there are no problems, like OSPF 🙂
R1 pings R2 and R3. Computers ping your gateway, great!

The meaning of the task is actually not very complicated, I just don’t know how to make the juniper do what I want.

My real-life users are PC-02.
Task: PC-01 refers to PC-02 on the route from R1 to R3. PC-01 turning to PC-03 follows the route R1->R2->R3.

Well, my first step: in order for PC-01 to get access to PC-02 by OSPF through R3. To do this, I simply add the tunnel interfaces of R1 and R3 to the null area, and also announce in the null area interfaces looking towards PC-01 and PC-02. Great, the first step is completed, I have access from PC-01 to PC-02 on the route from R1 to R3!

Great, in the second step I add the tunnel interface st.1 of R2 to the null area, so that when R2 sees the network, PC-03 tells about R1 too. Thus, R1 will know that the network PC-03 is accessible through R2.

I did this and the following steps based on the articles that I managed to find in solving a similar problem. All of them come down to creating a virtual router and a separate routing table.

Step three for me was the creation of a PC-03 network, and a virtual R4. In the virtual R4, I created a new area number 3, where I added a tunnel interface looking towards R2 and the PC-03 network.

In step 3 and further, I cannot get the routing tables at all, or at least export the routes inside R4 to the main table. R2 just loses the network over the tunnel interface with a R3 and I just can’t show the R2 that there is a R3. I even added lo0.3 interface in R3 and lo0.4 interface in R4, so I thought they could share their routes "between" themselves. That's what I have in the end:

It will be very cool if you can help, because I think about the task almost every day and I don’t know how to do it right. And then there are routine tasks that do not allow to concentrate: (
Thank you for trying to help me.

Good day Ivan,

I'm really don't understand why you're trying to use st-tunnels.

If you want to be sure about connectivity throgh your switches, please use bfd.

If your switches involved into ospf, why you need to add tunnels?

Maybe I skipped something meaningful in the beginning and don't understand your topology, but if I were you, I'd keep it simple as I can 😃

If you want to transfer routes from VR (virtual router) to GRT (general/default routing table), please use lt- interfaces.

If you want to connect remote GRT and VR from different routers, please, use different subinterface, st- interfaces or GRE tunnels.

Of couse, you can use security tunnels (st- interfaces) but for local connection (in one physical router) you should create connectivity before build any tunnels.

For example, use physical loop or lt- interfaces.

For R4 you should have ospf configuration like this:

ospf {

area 0.0.0.0 {

 interface lt-0/0/0.0 <-- Connection to local GRT

 interface st.1 <- tunnel to remote side

 lo0.4

  passive

 ge-0/0/5.0 <-- Interface with 17.2.16.9.0/24 

  passive

}

Support languages: Russian, English

It worked, thanks.
But I did not understand why you specified the lt-0/0/0.0 interface to router4.
A little later, I will lay out the configuration in which everything worked for me.
By the way, I did not understand, why should I even use lo0 interfaces? Just go for router ID? But this is already offtopic 🙂

We can chat about it via personal messages 😉

But in some cases you need to do it 😉