Routing
Highlighted
Routing

Can't announce redistributed routes from main instance

‎01-19-2017 01:14 AM

Hello Colleagues.

I'm stuсked in configuring OSPF in virtual router ,i'll discribe the situation:

 I have configured Virtual router and ipsec tunnel in it successfuly,but when i'm trying to announce routes which i'have redistributed from main instance with rib groups ,but i can't see some routes on annother router.Some time later i figured that in routing table of my routing instance these routes are come to my routing table from the interface which i use to announce routes ,and because of this they will never be anounced to other ospf member ,but how can it be ?May be it possibly a bug ?

Here is my configuration

Main Router

Spoiler
set routing-options rib-groups Secondary import-rib inet.0
set routing-options rib-groups Secondary import-rib vrflite_rosfon.inet.0
set routing-options rib-groups Secondary import-policy static-input
set protocols ospf rib-group Secondary
set protocols ospf export ospf-export
set protocols ospf import ospf-import
set protocols ospf area 0.0.0.0 interface st0.0 metric 30
set protocols ospf area 0.0.0.0 interface reth1.0 metric 1
set protocols ospf area 0.0.0.0 interface st0.3 metric 100
set protocols ospf area 0.0.0.0 interface st0.4 metric 50
set protocols ospf area 0.0.0.0 interface st0.2 metric 50
set protocols ospf area 0.0.0.0 interface st0.1 metric 50
set protocols ospf area 0.0.0.0 interface st0.5 metric 30
set policy-options policy-statement ospf-export term private from route-filter 172.16.0.0/12 orlonger
set policy-options policy-statement ospf-export term private from route-filter 10.0.0.0/8 orlonger
set policy-options policy-statement ospf-export term private from route-filter 192.168.0.0/16 orlonger
set policy-options policy-statement ospf-export term private then accept
set policy-options policy-statement ospf-export term static from protocol static
set policy-options policy-statement ospf-export term static then accept
set policy-options policy-statement ospf-export then reject
set policy-options policy-statement ospf-import term private from route-filter 10.0.0.0/8 orlonger
set policy-options policy-statement ospf-import term private from route-filter 172.16.0.0/12 orlonger
set policy-options policy-statement ospf-import term private from route-filter 192.168.0.0/16 orlonger
set policy-options policy-statement ospf-import term private then accept
set policy-options policy-statement ospf-import then reject
set policy-options policy-statement static-input term filter-default-routes from route-filter 0.0.0.0/0 exact
set policy-options policy-statement static-input term filter-default-routes then reject
set policy-options policy-statement static-input then accept
set routing-instances vrflite_rosfon instance-type virtual-router
set routing-instances vrflite_rosfon interface lo0.0
set routing-instances vrflite_rosfon interface reth3.0
set routing-instances vrflite_rosfon interface reth5.0
set routing-instances vrflite_rosfon interface st0.6
set routing-instances vrflite_rosfon routing-options interface-routes rib-group inet Global
set routing-instances vrflite_rosfon protocols ospf traceoptions file ospf-log
set routing-instances vrflite_rosfon protocols ospf traceoptions file size 10k
set routing-instances vrflite_rosfon protocols ospf traceoptions file files 5
set routing-instances vrflite_rosfon protocols ospf traceoptions flag lsa-ack
set routing-instances vrflite_rosfon protocols ospf traceoptions flag database-description
set routing-instances vrflite_rosfon protocols ospf traceoptions flag hello
set routing-instances vrflite_rosfon protocols ospf traceoptions flag lsa-update
set routing-instances vrflite_rosfon protocols ospf traceoptions flag lsa-request
set routing-instances vrflite_rosfon protocols ospf export ospf-export
set routing-instances vrflite_rosfon protocols ospf import ospf-import
set routing-instances vrflite_rosfon protocols ospf area 0.0.0.0 interface st0.6 metric 50

Example of records in virtual router routing table

Spoiler
10.27.71.0/24       [OSPF/150] 00:40:45, metric 0, tag 0
                    > via st0.6
                    [OSPF/150] 00:40:45, metric 0, tag 0
                    > via st0.5
10.27.192.0/24      [OSPF/150] 00:40:45, metric 0, tag 0
                    > via st0.6
                    [OSPF/150] 00:40:45, metric 0, tag 0
                    > via st0.5

Branch Office Router Configuration ( in this case st0.1 is the other end of the tunnel with routing instance in Main router)

Spoiler
set protocols ospf export ospf-export
set protocols ospf import ospf-import
set protocols ospf area 0.0.0.0 interface st0.0 metric 30
set protocols ospf area 0.0.0.0 interface st0.1 metric 50
set protocols ospf area 0.0.0.0 interface ge-0/0/0.50 metric 10
set policy-options policy-statement ospf-export term private from route-filter 10.30.0.0/16 orlonger
set policy-options policy-statement ospf-export term private from route-filter 10.26.0.0/16 orlonger
set policy-options policy-statement ospf-export term private then accept
set policy-options policy-statement ospf-export term static from protocol static
set policy-options policy-statement ospf-export term static then accept
set policy-options policy-statement ospf-export then reject
set policy-options policy-statement ospf-import term private from route-filter 10.0.0.0/8 orlonger
set policy-options policy-statement ospf-import term private from route-filter 172.16.0.0/12 orlonger
set policy-options policy-statement ospf-import term private from route-filter 192.168.0.0/16 orlonger
set policy-options policy-statement ospf-import term private then accept
set policy-options policy-statement ospf-import then reject

 

 

 

6 REPLIES 6
Highlighted
Routing

Re: Can't announce redistributed routes from main instance

‎01-19-2017 05:31 AM

Hello,

AFAIK, this is correct behaviour because JUNOS can only set 0.0.0.0 (meaning self) as "forwarding-address" in Type-5 LSA.

In layman's terms, this is the imaginary OSPF dialog between Branch and Main routers:

- Hey, Main

- Hey, Branch

- Listen, Main, I have a static route pointing to You and I want to let You know that You will receive it with sticker attached that points to me (equivalent of OSPF forwarding-address 0.0.0.0)

- Branch, are You out of Your mind? If I send traffic along Your route with sticker, You then will send it to me! I am not in a mood to play ping-pong today so I don't want Your route!

BTW, it won't be much different if Branch sets OSPF FA not to 0.0.0.0 but to one of Main router addresses.The Main route would not install it anyway.

HTH

Thx

Alex

_____________________________________________________________________

Please ask Your Juniper account team about Juniper Professional Services offerings.
Juniper PS can design, test & build the network/part of the network as per Your requirements

+++++++++++++++++++++++++++++++++++++++++++++

Accept as Solution = cool !
Accept as Solution+Kudo = You are a Star !
Highlighted
Routing

Re: Can't announce redistributed routes from main instance

‎01-19-2017 07:35 AM

But how can it be ?In my case on a branch i have export policy ,and in this policy said that this routes cannot be exported to main router  !Why can i see them in my Main router (virtual router) routing table ?

Highlighted
Routing

Re: Can't announce redistributed routes from main instance

‎01-19-2017 07:42 AM

I'll shortly describe my problem again ,i cannot receive routes on a branch router ,ospf routes that i exported using rib-groups from main router routing table to main router virtual router !

Highlighted
Routing

Re: Can't announce redistributed routes from main instance

‎01-19-2017 06:04 PM

As I understand it, the rib groups only allow the route distribution within the SRX.

 

In your case, you should remove the rib groups and instead create a logical tunnel interface between the virtual router and the main router.  Here you can then setup a standard OSPF neighbor relationship between the two routers and distribute the routes across the devices normally.

 

https://kb.juniper.net/InfoCenter/index?page=content&id=KB21260

Steve Puluka BSEET - Juniper Ambassador
IP Architect - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP)
http://puluka.com/home
Highlighted
Routing

Re: Can't announce redistributed routes from main instance

‎01-20-2017 03:29 AM

Well ,thank's for a reply ,your suggestion is great  but when I tried to configure lt interfaces they are does not work  Smiley Sad,but i have discovered problem ,i have cluster of 2 SRX240(12.3X48-D35.7) ,and here is the problem
https://kb.juniper.net/InfoCenter/index?page=content&id=KB28204&actp=search&smlogin=true

 

Is there any other methods that i can use to distribute the routes across the devices ?

Alex

Highlighted
Routing

Re: Can't announce redistributed routes from main instance

‎01-21-2017 05:03 AM

This is unfortunate that the lt are not supported in branch clusters.

 

Obviously you can use physical interfaces or sub interfaces on the device to connect the two virutal routers via cabling and have the same effect.  The disadvantage is that you need to use two ports on the SRX to accomplish this.

 

The other two options of route leaking,  rib groups and instance import, don't really allow full bi-directional access that I think you are looking for.  They are methods that allow some local connectivity but not really to treat the VR as a truely independent network node.

Steve Puluka BSEET - Juniper Ambassador
IP Architect - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP)
http://puluka.com/home