Junos OS

Hi everyone.

Is it possible in JunOS to restrict routes to be installed in RIB regardless of source protocol (direct, static, dynamic)?

Hi

One solution will be to add route to martian route list. Junos will hide it regardless of the protocol it came from, for example:

[edit]
lab@vMX-1# show interfaces 
ge-0/0/0 {
    unit 0 {
        family inet {
            address 10.0.0.1/24;
        }

[edit]
lab@vMX-1# set routing-options martians 10.0.0.0/24 exact 

[edit]
lab@vMX-1# commit 
commit complete

[edit]
lab@vMX-1# run show route 10/24 exact hidden 

inet.0: 4 destinations, 4 routes (3 active, 0 holddown, 1 hidden)
+ = Active Route, - = Last Active, * = Both

10.0.0.0/24        -[Direct/0] 08:24:52
                    > via ge-0/0/0.0

One more question - how to deny all routes to be installed, but allow only several?

One way to prevent the RIB installation, create a routing policy for the protocol in question and apply it per protocol.

The bellow is for PFE installation:

[edit routing-options]
   forwarding-table {
       export select-pfe;
   }
[edit policy-options]
  policy-statement select-pfe {
      term allow {
          from {
              route-filter 1.1.1.0/24 exact;
          }
          then accept;
      }

  term deny {
    then reject;
  }

}

Great!

How about filterting forwarding-table of other routing-instance, not global (inet.0)?

try
# set policy-options policy-statement select-pfe term allow from rib test.inet.0

thanks a lot