Routing
Highlighted
Routing

routing-options { static { route 0.0.0.0/0 next-hop 111.11.11.1; route 172.16.8.0/21 next-hop 172.16.2.25; route 172.16.34

‎01-03-2017 02:52 AM

Trying to redistribute static routes from SRX to the attached OSPF neighbor ex-4200 . Here is an extract of my config below.

Bottom line is that it's not working.

 

routing-options {
static {
route 0.0.0.0/0 next-hop 111.11.11.1;
route 10.0.0.0/24 next-hop [ st0.1 st0.4 ];
route 172.16.51.0/26 next-hop st0.3;
route 172.31.254.0/24 next-hop st0.2;
}
router-id 172.16.2.29;
}
protocols {
ospf {
area 0.0.0.0 {
network-summary-export [ "OSPF Accept" "OSPF Reject" ];
interface ge-0/0/4.0;
}
}
stp;
}
policy-options {
prefix-list "Internet Address Range 2" {
111.11.11.0/23;
}
prefix-list "Internet Address Range 2" {
111.11.12.0/23;
}
policy-statement "OSPF Accept" {
term "Static Route Accept" {
from protocol static;
then accept;
}
}
policy-statement "OSPF Reject" {
term "Internet Address Ranges" {
from {
prefix-list "KCC Internet Address Range";
prefix-list "Laban Internet Address Range";
}
then reject;
}
}
}
security {
---(more 21%)---

 

Is there a command I can use on the SRX to make sure static addresses are being shared with OSPF neighbor.

There are no policies applied on OSPF neighbor and static routes do not appear in routing table. so I'm unsure as to why this wouldn't work.

 

SRX is receiving routes from OSPF on EX-4200.

 

Regards,

Aaron

3 REPLIES 3
Highlighted
Routing

Re: routing-options { static { route 0.0.0.0/0 next-hop 111.11.11.1; route 172.16.8.0/21 next-hop 172.16.2.25; route 172.1

‎01-03-2017 02:58 AM

You should just use "set protocols ospf export "OSPF Accept" " - not the network-summary-export option.

 

The OSPF Accept policy should then be changed to include both the prefixes you don't want to export before the accept from protocol static.


--
Best regards,

Jonas Hauge Klingenberg
Juniper Ambassador & Technology Architect, SEC DATACOM A/S (Denmark)
Highlighted
Routing

Re: routing-options { static { route 0.0.0.0/0 next-hop 111.11.11.1; route 172.16.8.0/21 next-hop 172.16.2.25; route 172.1

[ Edited ]
‎01-04-2017 01:44 AM

enable ospf traceoptions on both devices. Do you see the static routes in LSD on the SRX? Are there any hidden routes on either systems? Are there any filters on the 4200 that could be reecting the external routes? Can you share the polices on both the devices and the ospf configuration on both decvices? do you have any options configure with restrict?

[KUDOS PLEASE! If you think I earned it!
If this solution worked for you please flag my post as an "Accepted Solution" so others can benefit..]
Highlighted
Routing

Re: routing-options { static { route 0.0.0.0/0 next-hop 111.11.11.1; route 172.16.8.0/21 next-hop 172.16.2.25; route 172.1

‎01-04-2017 06:20 AM

Thanks for that worked a treat, changed my policy slightly after doing a bit more reading on route filters and is working like a charm.

 

policy-statement OSPF-Static {
term Internet-Addresses {
from {
route-filter 111.11.10.0/23 orlonger;
route-filter 111.11.12.0/23 orlonger;
}
then reject;
}
term Static-Routes {
from protocol static;
then accept;
}
}

 

Regards,

Aaron

Feedback