Saturday, February 7, 2015

Juniper Lab Environment - Part II - Basic OSPF, & Routing Policy

This post is a continuation of my last post, which consisted of a simple BGP configuration that connected my home network to my lab. The second part in this series of blog posts will cover a topology that consists of four vSRXs in my lab network, and a PA-200 that resides at the perimeter of my home network. The goal of this post is to build an OSPF network and then inject routes between protocols so that we can ping out to internet from SRX5.


SRX5 Configuration:

set interfaces ge-0/0/0 unit 0 family inet address 10.10.45.5/24
set interfaces lo0 unit 0 family inet address 5.5.5.5/32
set routing-options router-id 5.5.5.5
set protocols ospf area 0.0.0.0 interface ge-0/0/0.0

SRX4 Configuration:

set interfaces ge-0/0/0 unit 0 family inet address 10.10.34.4/24
set interfaces ge-0/0/1 unit 0 family inet address 10.10.45.4/24
set interfaces lo0 unit 0 family inet address 4.4.4.4/32
set routing-options router-id 4.4.4.4
set protocols ospf area 0.0.0.0 interface ge-0/0/0.0
set protocols ospf area 0.0.0.0 interface ge-0/0/1.0

SRX3 Configuration

set interfaces ge-0/0/1 unit 0 family inet address 10.10.34.3/24
set interfaces lo0 unit 0 family inet address 3.3.3.3/32
set routing-options router-id 3.3.3.3
set protocols ospf area 0.0.0.0 interface ge-0/0/1.0

OSPF Verification:

root@3> show ospf database

    OSPF database, Area 0.0.0.0
 Type       ID               Adv Rtr           Seq      Age  Opt  Cksum  Len
Router  *3.3.3.3          3.3.3.3          0x80000109   227  0x22 0x70e2  48
Router   4.4.4.4          4.4.4.4          0x80000102  2131  0x22 0x49b7  48
Router   5.5.5.5          5.5.5.5          0x800000f8     9  0x22 0x5f24  36
Network  10.10.34.4       4.4.4.4          0x800000f2  2124  0x22 0xc71a  32
Network  10.10.45.5       5.5.5.5          0x800000f1   470  0x22 0x7c4e  32

root@3> show ospf neighbor
Address          Interface              State     ID               Pri  Dead
10.10.34.4       ge-0/0/1.0             Full      4.4.4.4          128    32

root@5> show ospf database

    OSPF database, Area 0.0.0.0
 Type       ID               Adv Rtr           Seq      Age  Opt  Cksum  Len
Router   3.3.3.3          3.3.3.3          0x80000109   422  0x22 0x70e2  48
Router   4.4.4.4          4.4.4.4          0x80000102  2324  0x22 0x49b7  48
Router  *5.5.5.5          5.5.5.5          0x800000f8   200  0x22 0x5f24  36
Network  10.10.34.4       4.4.4.4          0x800000f2  2317  0x22 0xc71a  32
Network *10.10.45.5       5.5.5.5          0x800000f1   661  0x22 0x7c4e  32

root@5> show ospf neighbor
Address          Interface              State     ID               Pri  Dead
10.10.45.4       ge-0/0/0.0             Full      4.4.4.4          128    35

root@5> show route

inet.0: 5 destinations, 5 routes (5 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

5.5.5.5/32         *[Direct/0] 1w1d 21:11:21
                    > via lo0.0
10.10.34.0/24      *[OSPF/10] 3d 14:41:29, metric 2
                    > to 10.10.45.4 via ge-0/0/0.0
10.10.45.0/24      *[Direct/0] 1w1d 21:11:10
                    > via ge-0/0/0.0
10.10.45.5/32      *[Local/0] 1w1d 21:11:10
                      Local via ge-0/0/0.0
224.0.0.5/32       *[OSPF/10] 1w1d 21:11:26, metric 1
                      MultiRecv

Route Injection:

In the previous post, we exported a default route to BGP so that we could ping the internet from SRX3. We now need to export the same default route to OSPF so that we can also ping the internet from any router in area 0 of our OSPF network. As you can see above, SRX5 does not have a default route

SRX3 Configuration:

set policy-options policy-statement bgp term 1 from protocol bgp
set policy-options policy-statement bgp term 1 from route-filter 0.0.0.0/0 exact
set policy-options policy-statement bgp term 1 then accept
set protocols bgp export ospf

Default Route Verification:

root@5> show route

inet.0: 8 destinations, 8 routes (8 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

0.0.0.0/0          *[OSPF/150] 00:01:24, metric 0, tag 0
                    > to 10.10.45.4 via ge-0/0/0.0
5.5.5.5/32         *[Direct/0] 1w1d 21:11:21
                    > via lo0.0
10.10.34.0/24      *[OSPF/10] 3d 14:41:29, metric 2
                    > to 10.10.45.4 via ge-0/0/0.0
10.10.45.0/24      *[Direct/0] 1w1d 21:11:10
                    > via ge-0/0/0.0
10.10.45.5/32      *[Local/0] 1w1d 21:11:10
                      Local via ge-0/0/0.0
10.10.56.0/24      *[Direct/0] 10:06:18
                    > via ge-0/0/1.0
10.10.56.5/32      *[Local/0] 10:06:18
                      Local via ge-0/0/1.0
224.0.0.5/32       *[OSPF/10] 1w1d 21:11:26, metric 1
                      MultiRecv

 root@5> ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8): 56 data bytes
^C
--- 8.8.8.8 ping statistics ---
0 packets transmitted, 0 packets received, 100% packet loss

Even though the default route is there now, we have to remember that SRX1 does not know about the OSPF network that we just created.

root@1> show route

inet.0: 6 destinations, 6 routes (6 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

0.0.0.0/0          *[Static/5] 00:04:13
                    > to 10.234.234.1 via ge-0/0/0.0
1.1.1.1/32         *[Direct/0] 00:04:25
                    > via lo0.0
10.10.13.0/24      *[Direct/0] 00:04:13
                    > via ge-0/0/1.0
10.10.13.1/32      *[Local/0] 00:04:14
                      Local via ge-0/0/1.0
10.234.234.0/24    *[Direct/0] 00:04:13
                    > via ge-0/0/0.0
10.234.234.20/32   *[Local/0] 00:04:14
                      Local via ge-0/0/0.0

Another policy that exports our OSPF networks to BGP should do it.

SRX3 Configuration:

set policy-options policy-statement ospf term 1 from protocol ospf
set policy-options policy-statement ospf term 1 from protocol direct
set policy-options policy-statement ospf term 1 then accept
set protocols bgp export ospf

OSPF Networks Verification:

root@1> show route

inet.0: 9 destinations, 10 routes (9 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

0.0.0.0/0          *[Static/5] 04:31:35
                    > to 10.234.234.1 via ge-0/0/0.0
1.1.1.1/32         *[Direct/0] 04:31:47
                    > via lo0.0
3.3.3.3/32         *[BGP/170] 04:22:18, localpref 100
                      AS path: 65003 I
                    > to 10.10.13.3 via ge-0/0/1.0
10.10.13.0/24      *[Direct/0] 04:31:35
                    > via ge-0/0/1.0
                    [BGP/170] 04:22:18, localpref 100
                      AS path: 65003 I
                    > to 10.10.13.3 via ge-0/0/1.0
10.10.13.1/32      *[Local/0] 04:31:36
                      Local via ge-0/0/1.0
10.10.34.0/24      *[BGP/170] 04:22:18, localpref 100
                      AS path: 65003 I
                    > to 10.10.13.3 via ge-0/0/1.0
10.10.45.0/24      *[BGP/170] 04:22:18, MED 2, localpref 100
                      AS path: 65003 I
                    > to 10.10.13.3 via ge-0/0/1.0
10.234.234.0/24    *[Direct/0] 04:31:35
                    > via ge-0/0/0.0
10.234.234.20/32   *[Local/0] 04:31:36
                      Local via ge-0/0/0.0

Now let's try to ping the internet from SRX5.

root@5> ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8): 56 data bytes
64 bytes from 8.8.8.8: icmp_seq=0 ttl=51 time=12.184 ms
64 bytes from 8.8.8.8: icmp_seq=1 ttl=51 time=8.414 ms
64 bytes from 8.8.8.8: icmp_seq=2 ttl=51 time=12.200 ms
64 bytes from 8.8.8.8: icmp_seq=3 ttl=51 time=10.210 ms
^C
--- 8.8.8.8 ping statistics ---
4 packets transmitted, 4 packets received, 0% packet loss
round-trip min/avg/max/stddev = 8.414/10.752/12.200/1.574 ms

No comments:

Post a Comment