Routing

last person joined: 3 days ago 

Ask questions and share experiences about ACX Series, CTP Series, MX Series, PTX Series, SSR Series, JRR Series, and all things routing, including portfolios and protocols.

  • 1.  Can't announce redistributed routes from main instance

    Posted 01-19-2017 01:14

    Hello Colleagues.

    I'm stuсked in configuring OSPF in virtual router ,i'll discribe the situation:

     I have configured Virtual router and ipsec tunnel in it successfuly,but when i'm trying to announce routes which i'have redistributed from main instance with rib groups ,but i can't see some routes on annother router.Some time later i figured that in routing table of my routing instance these routes are come to my routing table from the interface which i use to announce routes ,and because of this they will never be anounced to other ospf member ,but how can it be ?May be it possibly a bug ?

    Here is my configuration

    Main Router

    Spoiler
    set routing-options rib-groups Secondary import-rib inet.0
set routing-options rib-groups Secondary import-rib vrflite_rosfon.inet.0
set routing-options rib-groups Secondary import-policy static-input
set protocols ospf rib-group Secondary
set protocols ospf export ospf-export
set protocols ospf import ospf-import
set protocols ospf area 0.0.0.0 interface st0.0 metric 30
set protocols ospf area 0.0.0.0 interface reth1.0 metric 1
set protocols ospf area 0.0.0.0 interface st0.3 metric 100
set protocols ospf area 0.0.0.0 interface st0.4 metric 50
set protocols ospf area 0.0.0.0 interface st0.2 metric 50
set protocols ospf area 0.0.0.0 interface st0.1 metric 50
set protocols ospf area 0.0.0.0 interface st0.5 metric 30
set policy-options policy-statement ospf-export term private from route-filter 172.16.0.0/12 orlonger
set policy-options policy-statement ospf-export term private from route-filter 10.0.0.0/8 orlonger
set policy-options policy-statement ospf-export term private from route-filter 192.168.0.0/16 orlonger
set policy-options policy-statement ospf-export term private then accept
set policy-options policy-statement ospf-export term static from protocol static
set policy-options policy-statement ospf-export term static then accept
set policy-options policy-statement ospf-export then reject
set policy-options policy-statement ospf-import term private from route-filter 10.0.0.0/8 orlonger
set policy-options policy-statement ospf-import term private from route-filter 172.16.0.0/12 orlonger
set policy-options policy-statement ospf-import term private from route-filter 192.168.0.0/16 orlonger
set policy-options policy-statement ospf-import term private then accept
set policy-options policy-statement ospf-import then reject
set policy-options policy-statement static-input term filter-default-routes from route-filter 0.0.0.0/0 exact
set policy-options policy-statement static-input term filter-default-routes then reject
set policy-options policy-statement static-input then accept
set routing-instances vrflite_rosfon instance-type virtual-router
set routing-instances vrflite_rosfon interface lo0.0
set routing-instances vrflite_rosfon interface reth3.0
set routing-instances vrflite_rosfon interface reth5.0
set routing-instances vrflite_rosfon interface st0.6
set routing-instances vrflite_rosfon routing-options interface-routes rib-group inet Global
set routing-instances vrflite_rosfon protocols ospf traceoptions file ospf-log
set routing-instances vrflite_rosfon protocols ospf traceoptions file size 10k
set routing-instances vrflite_rosfon protocols ospf traceoptions file files 5
set routing-instances vrflite_rosfon protocols ospf traceoptions flag lsa-ack
set routing-instances vrflite_rosfon protocols ospf traceoptions flag database-description
set routing-instances vrflite_rosfon protocols ospf traceoptions flag hello
set routing-instances vrflite_rosfon protocols ospf traceoptions flag lsa-update
set routing-instances vrflite_rosfon protocols ospf traceoptions flag lsa-request
set routing-instances vrflite_rosfon protocols ospf export ospf-export
set routing-instances vrflite_rosfon protocols ospf import ospf-import
set routing-instances vrflite_rosfon protocols ospf area 0.0.0.0 interface st0.6 metric 50

    Example of records in virtual router routing table

    Spoiler
    10.27.71.0/24       [OSPF/150] 00:40:45, metric 0, tag 0
                    > via st0.6
                    [OSPF/150] 00:40:45, metric 0, tag 0
                    > via st0.5
10.27.192.0/24      [OSPF/150] 00:40:45, metric 0, tag 0
                    > via st0.6
                    [OSPF/150] 00:40:45, metric 0, tag 0
                    > via st0.5

    Branch Office Router Configuration ( in this case st0.1 is the other end of the tunnel with routing instance in Main router)

    Spoiler
    set protocols ospf export ospf-export
set protocols ospf import ospf-import
set protocols ospf area 0.0.0.0 interface st0.0 metric 30
set protocols ospf area 0.0.0.0 interface st0.1 metric 50
set protocols ospf area 0.0.0.0 interface ge-0/0/0.50 metric 10
set policy-options policy-statement ospf-export term private from route-filter 10.30.0.0/16 orlonger
set policy-options policy-statement ospf-export term private from route-filter 10.26.0.0/16 orlonger
set policy-options policy-statement ospf-export term private then accept
set policy-options policy-statement ospf-export term static from protocol static
set policy-options policy-statement ospf-export term static then accept
set policy-options policy-statement ospf-export then reject
set policy-options policy-statement ospf-import term private from route-filter 10.0.0.0/8 orlonger
set policy-options policy-statement ospf-import term private from route-filter 172.16.0.0/12 orlonger
set policy-options policy-statement ospf-import term private from route-filter 192.168.0.0/16 orlonger
set policy-options policy-statement ospf-import term private then accept
set policy-options policy-statement ospf-import then reject

     

     

     



  • 2.  RE: Can't announce redistributed routes from main instance

    Posted 01-19-2017 05:32

    Hello,

    AFAIK, this is correct behaviour because JUNOS can only set 0.0.0.0 (meaning self) as "forwarding-address" in Type-5 LSA.

    In layman's terms, this is the imaginary OSPF dialog between Branch and Main routers:

    - Hey, Main

    - Hey, Branch

    - Listen, Main, I have a static route pointing to You and I want to let You know that You will receive it with sticker attached that points to me (equivalent of OSPF forwarding-address 0.0.0.0)

    - Branch, are You out of Your mind? If I send traffic along Your route with sticker, You then will send it to me! I am not in a mood to play ping-pong today so I don't want Your route!

    BTW, it won't be much different if Branch sets OSPF FA not to 0.0.0.0 but to one of Main router addresses.The Main route would not install it anyway.

    HTH

    Thx

    Alex



  • 3.  RE: Can't announce redistributed routes from main instance

    Posted 01-19-2017 07:36

    But how can it be ?In my case on a branch i have export policy ,and in this policy said that this routes cannot be exported to main router  !Why can i see them in my Main router (virtual router) routing table ?



  • 4.  RE: Can't announce redistributed routes from main instance

    Posted 01-19-2017 07:42

    I'll shortly describe my problem again ,i cannot receive routes on a branch router ,ospf routes that i exported using rib-groups from main router routing table to main router virtual router !



  • 5.  RE: Can't announce redistributed routes from main instance

    Posted 01-19-2017 18:05

    As I understand it, the rib groups only allow the route distribution within the SRX.

     

    In your case, you should remove the rib groups and instead create a logical tunnel interface between the virtual router and the main router.  Here you can then setup a standard OSPF neighbor relationship between the two routers and distribute the routes across the devices normally.

     

    https://kb.juniper.net/InfoCenter/index?page=content&id=KB21260



  • 6.  RE: Can't announce redistributed routes from main instance

    Posted 01-20-2017 03:29

    Well ,thank's for a reply ,your suggestion is great  but when I tried to configure lt interfaces they are does not work  Smiley Sad,but i have discovered problem ,i have cluster of 2 SRX240(12.3X48-D35.7) ,and here is the problem
    https://kb.juniper.net/InfoCenter/index?page=content&id=KB28204&actp=search&smlogin=true

     

    Is there any other methods that i can use to distribute the routes across the devices ?

    Alex



  • 7.  RE: Can't announce redistributed routes from main instance

    Posted 01-21-2017 05:03

    This is unfortunate that the lt are not supported in branch clusters.

     

    Obviously you can use physical interfaces or sub interfaces on the device to connect the two virutal routers via cabling and have the same effect.  The disadvantage is that you need to use two ports on the SRX to accomplish this.

     

    The other two options of route leaking,  rib groups and instance import, don't really allow full bi-directional access that I think you are looking for.  They are methods that allow some local connectivity but not really to treat the VR as a truely independent network node.