Technical Tips and Tricks: juniper ospf export policy

Showing posts with label juniper ospf export policy. Show all posts

Monday, February 16, 2015

Juniper Lab Environment - Part V - OSPF NSSA and Totally NSSA

This post is a continuation of my last post, which consisted of multiple OSPF areas, and specifically stub and totally stubby configuration. The fifth part in this series of blog posts will cover a topology that consists of seven vSRXs in my lab network, and a PA-200 that resides at the perimeter of my home network. The goal of this post is to explore the benefits of making area 56 a NSSA and then totally NSSA area. We will then verify connectivity and reach-ability out to the internet from SRX6.

First, let's make area 56 a NSSA area, which will make area 56 almost like a stub area. The main difference is that NSSA's allow redistribution of external routes from the same area.

SRX6 Configuration:

set routing-options static route 10.66.0.0/24 discard
set routing-options static route 10.66.1.0/24 discard
set routing-options static route 10.66.2.0/24 discard
set routing-options static route 10.66.3.0/24 discard
set policy-options policy-statement static term 1 from protocol static
set policy-options policy-statement static term 1 then accept
set protocols ospf export static
set protocols ospf area 0.0.0.56 nssa
set protocols ospf area 0.0.0.56 interface ge-0/0/0.0
set protocols ospf area 0.0.0.56 interface ge-0/0/1.0

Note that above we are adding some static routes and exporting them from the route table to OSPF so that we can simulate the need for configuring a NSSA.

SRX5 Configuration:

set protocols ospf area 0.0.0.56 nssa default-lsa default-metric 10
set protocols ospf area 0.0.0.56 interface ge-0/0/1.0

Here is how the database looks now:

root@6> show ospf database

OSPF database, Area 0.0.0.56
Type ID Adv Rtr Seq Age Opt Cksum Len
Router 5.5.5.5 5.5.5.5 0x80000004 694 0x20 0x64fe 36
Router *6.6.6.6 6.6.6.6 0x80000004 688 0x20 0x3cd 84
Network *10.10.56.6 6.6.6.6 0x80000001 693 0x20 0x2f76 32
Summary 10.7.0.0 5.5.5.5 0x80000002 274 0x20 0x6aa9 28
Summary 10.7.1.0 5.5.5.5 0x80000002 136 0x20 0x5fb3 28
Summary 10.7.2.0 5.5.5.5 0x80000001 1165 0x20 0x56bc 28
Summary 10.7.3.0 5.5.5.5 0x80000001 1165 0x20 0x4bc6 28
Summary 10.10.23.0 5.5.5.5 0x80000001 1165 0x20 0x36c6 28
Summary 10.10.27.0 5.5.5.5 0x80000001 1165 0x20 0x14e3 28
Summary 10.10.34.0 5.5.5.5 0x80000001 1165 0x20 0xb240 28
Summary 10.10.45.0 5.5.5.5 0x80000001 1165 0x20 0x2fb9 28
NSSA 0.0.0.0 5.5.5.5 0x80000003 413 0x20 0x49c9 36
NSSA *10.66.0.0 6.6.6.6 0x80000003 115 0x28 0x4aa7 36
NSSA *10.66.1.0 6.6.6.6 0x80000002 882 0x28 0x41b0 36
NSSA *10.66.2.0 6.6.6.6 0x80000002 882 0x28 0x36ba 36
NSSA *10.66.3.0 6.6.6.6 0x80000002 882 0x28 0x2bc4 36

Now let's take it one step further to make area 56 a totally NSSA, which will shrink the database even more by blocking external routes from other areas, as well as inter-area routes from other areas.

SRX5 Configuration:

set protocols ospf area 0.0.0.56 nssa no-summaries

Here is how the database looks now:

rroot@6> show ospf database

OSPF database, Area 0.0.0.56
Type ID Adv Rtr Seq Age Opt Cksum Len
Router 5.5.5.5 5.5.5.5 0x80000008 3 0x20 0x5c03 36
Router *6.6.6.6 6.6.6.6 0x8000000a 3 0x20 0xb36e 84
Network *10.10.56.6 6.6.6.6 0x80000007 3 0x20 0x237c 32
Summary 0.0.0.0 5.5.5.5 0x80000001 17 0x20 0x75ab 28
NSSA *10.66.0.0 6.6.6.6 0x80000005 3 0x28 0x46a9 36
NSSA *10.66.1.0 6.6.6.6 0x80000004 3 0x28 0x3db2 36
NSSA *10.66.2.0 6.6.6.6 0x80000004 3 0x28 0x32bc 36
NSSA *10.66.3.0 6.6.6.6 0x80000004 3 0x28 0x27c6 36

root@6> ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8): 56 data bytes
64 bytes from 8.8.8.8: icmp_seq=0 ttl=50 time=26.088 ms
64 bytes from 8.8.8.8: icmp_seq=1 ttl=50 time=15.279 ms
64 bytes from 8.8.8.8: icmp_seq=2 ttl=50 time=10.849 ms
64 bytes from 8.8.8.8: icmp_seq=3 ttl=50 time=10.458 ms
64 bytes from 8.8.8.8: icmp_seq=4 ttl=50 time=13.091 ms
^C
--- 8.8.8.8 ping statistics ---
5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max/stddev = 10.458/15.153/26.088/5.734 ms

Saturday, February 14, 2015

Juniper Lab Environment - Part IV - OSPF Stub and Totally Stubby

This post is a continuation of my last post, which consisted of an OSPF virtual link configuration. The fourth part in this series of blog posts will cover a topology that consists of six vSRXs in my lab network, and a PA-200 that resides at the perimeter of my home network. The goal of this post is to explore the benefits of making area 27 a stub area, and then taking it a step further to make it a totally stubby area. We will then verify connectivity and reach-ability out to the internet from SRX7.

Based on the current configuration (see previous posts), we will see all LSA types:

root@7> show ospf database

OSPF database, Area 0.0.0.27
Type ID Adv Rtr Seq Age Opt Cksum Len
Router 2.2.2.2 2.2.2.2 0x80000005 220 0x22 0x8234 36
Router *7.7.7.7 7.7.7.7 0x80000003 1742 0x22 0xc439 84
Network *10.10.27.7 7.7.7.7 0x80000001 1747 0x22 0xb40f 32
Summary 10.10.23.0 2.2.2.2 0x80000004 1257 0x22 0x58ad 28
Summary 10.10.34.0 2.2.2.2 0x80000002 813 0x22 0xec0f 28
Summary 10.10.45.0 2.2.2.2 0x80000003 368 0x22 0x7b73 28
ASBRSum 3.3.3.3 2.2.2.2 0x80000003 516 0x22 0xba6a 28
OSPF AS SCOPE link state database
Type ID Adv Rtr Seq Age Opt Cksum Len
Extern 0.0.0.0 3.3.3.3 0x80000001 497 0x22 0xa6ff 36

Now let's make area 27 a stub area, which will prevent all external routes, as well as local redistribution.

SRX7 Configuration:

set protocols ospf area 0.0.0.27 stub

SRX2 Configuration:

set protocols ospf area 0.0.0.27 stub default-metric 10

Here is how the database looks now:

root@7> show ospf database

OSPF database, Area 0.0.0.27

Type ID Adv Rtr Seq Age Opt Cksum Len

Router 2.2.2.2 2.2.2.2 0x80000006 9 0x20 0x9e19 36

Router *7.7.7.7 7.7.7.7 0x80000005 8 0x20 0x6697 84

Network *10.10.27.7 7.7.7.7 0x80000003 8 0x20 0xcef4 32

Summary 0.0.0.0 2.2.2.2 0x80000001 181 0x20 0xcf5d 28

Summary 10.10.23.0 2.2.2.2 0x80000001 181 0x20 0x7c8e 28

Summary 10.10.34.0 2.2.2.2 0x80000001 181 0x20 0xdf1 28

Summary 10.10.45.0 2.2.2.2 0x80000001 181 0x20 0x9d55 28

Now let's take it one step further to make area 27 a totally stubby area, which will also prevent inter-area routes.

SRX2 Configuration:

set protocols ospf area 0.0.0.27 stub default-metric 10 no-summaries

Here is how the database looks now:

root@7> show ospf database

OSPF database, Area 0.0.0.27

Type ID Adv Rtr Seq Age Opt Cksum Len

Router 2.2.2.2 2.2.2.2 0x8000000a 4 0x20 0x961d 36

Router *7.7.7.7 7.7.7.7 0x8000000a 3 0x20 0x5c9c 84

Network *10.10.27.7 7.7.7.7 0x80000007 3 0x20 0xc6f8 32

Summary 0.0.0.0 2.2.2.2 0x80000001 19 0x20 0xcf5d 28

root@7> ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8): 56 data bytes
64 bytes from 8.8.8.8: icmp_seq=0 ttl=51 time=21.304 ms
64 bytes from 8.8.8.8: icmp_seq=1 ttl=51 time=11.713 ms
64 bytes from 8.8.8.8: icmp_seq=2 ttl=51 time=10.351 ms
64 bytes from 8.8.8.8: icmp_seq=3 ttl=51 time=10.280 ms
64 bytes from 8.8.8.8: icmp_seq=4 ttl=51 time=12.657 ms
^C
--- 8.8.8.8 ping statistics ---
5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max/stddev = 10.280/13.261/21.304/4.118 ms

Saturday, February 7, 2015

Juniper Lab Environment - Part III - OSPF Virtual Link

This post is a continuation of my last post, which consisted of a BGP and OSPF configuration that connected my home network to my lab. The third part in this series of blog posts will cover a topology that consists of six vSRXs in my lab network, and a PA-200 that resides at the perimeter of my home network. The goal of this post is to add on to the existing OSPF network and focus specifically on the virtual link configuration, and then verify that we can ping out to the internet from SRX7.

SRX3 Configuration:

set interfaces ge-0/0/0 unit 0 family inet address 10.10.23.3/24
set protocols ospf area 0.0.0.23 interface ge-0/0/0.0
set protocols ospf area 0.0.0.0 virtual-link neighbor-id 2.2.2.2 transit-area 0.0.0.23

SRX2 Configuration:

set interfaces ge-0/0/1 unit 0 family inet address 10.10.23.2/24
set interfaces ge-0/0/2 unit 0 family inet address 10.10.27.2/24
set interfaces lo0 unit 0 family inet address 2.2.2.2/32
set routing-options router-id 2.2.2.2
set protocols ospf area 0.0.0.23 interface ge-0/0/1.0
set protocols ospf area 0.0.0.27 interface ge-0/0/2.0
set protocols ospf area 0.0.0.0 virtual-link neighbor-id 3.3.3.3 transit-area 0.0.0.23

SRX7 Configuration:

set interfaces ge-0/0/0 unit 0 family inet address 10.10.27.7/24
set interfaces ge-0/0/1 unit 0 family inet address 10.7.0.7/24
set interfaces ge-0/0/1 unit 0 family inet address 10.7.1.7/24
set interfaces ge-0/0/1 unit 0 family inet address 10.7.2.7/24
set interfaces ge-0/0/1 unit 0 family inet address 10.7.3.7/24
set interfaces lo0 unit 0 family inet address 7.7.7.7/32
set routing-options router-id 7.7.7.7
set protocols ospf area 0.0.0.27 interface ge-0/0/0.0
set protocols ospf area 0.0.0.27 interface ge-0/0/1.0

OSPF requires all areas to be directly connected to area 0. In certain cases, it may be required to add an OSPF area that resides on the other side of a non-area 0 area. As shown above, Juniper requires that the virtual link configuration resides on ABRs that connect areas 27<->23 and 23<->0.

Verification:

root@1> show route receive-protocol bgp 10.10.13.3

inet.0: 15 destinations, 16 routes (15 active, 0 holddown, 0 hidden)
Prefix Nexthop MED Lclpref AS path
* 3.3.3.3/32 10.10.13.3 65003 I
* 10.7.0.0/24 10.10.13.3 3 65003 I
* 10.7.1.0/24 10.10.13.3 3 65003 I
* 10.7.2.0/24 10.10.13.3 3 65003 I
* 10.7.3.0/24 10.10.13.3 3 65003 I
10.10.13.0/24 10.10.13.3 65003 I
* 10.10.23.0/24 10.10.13.3 65003 I
* 10.10.27.0/24 10.10.13.3 2 65003 I
* 10.10.34.0/24 10.10.13.3 65003 I
* 10.10.45.0/24 10.10.13.3 2 65003 I

root@3> show ospf database

OSPF database, Area 0.0.0.0
Type ID Adv Rtr Seq Age Opt Cksum Len
Router 2.2.2.2 2.2.2.2 0x80000002 675 0x22 0x8dd 36
Router *3.3.3.3 3.3.3.3 0x8000017d 1691 0x22 0x8757 48
Router 4.4.4.4 4.4.4.4 0x8000016b 1924 0x22 0x7621 48
Router 5.5.5.5 5.5.5.5 0x8000015a 81 0x22 0x9093 36
Network 10.10.34.4 4.4.4.4 0x80000158 1924 0x22 0xf981 32
Network 10.10.45.5 5.5.5.5 0x80000152 81 0x22 0xb8b0 32
Summary 10.7.0.0 2.2.2.2 0x80000001 877 0x22 0x8a97 28
Summary 10.7.1.0 2.2.2.2 0x80000001 877 0x22 0x7fa1 28
Summary 10.7.2.0 2.2.2.2 0x80000001 877 0x22 0x74ab 28
Summary 10.7.3.0 2.2.2.2 0x80000001 877 0x22 0x69b5 28
Summary 10.10.23.0 2.2.2.2 0x80000005 378 0x22 0x56ae 28
Summary *10.10.23.0 3.3.3.3 0x80000004 1699 0x22 0x3ac7 28
Summary 10.10.27.0 2.2.2.2 0x80000005 877 0x22 0x2ad6 28
ASBRSum 3.3.3.3 2.2.2.2 0x80000003 853 0x22 0xba6a 28

OSPF database, Area 0.0.0.23
Type ID Adv Rtr Seq Age Opt Cksum Len
Router 2.2.2.2 2.2.2.2 0x80000004 527 0x22 0x10af 36
Router *3.3.3.3 3.3.3.3 0x80000006 1691 0x22 0xd3de 36
Network *10.10.23.3 3.3.3.3 0x80000001 1699 0x22 0xf8f2 32
Summary 10.7.0.0 2.2.2.2 0x80000001 877 0x22 0x8a97 28
Summary 10.7.1.0 2.2.2.2 0x80000001 877 0x22 0x7fa1 28
Summary 10.7.2.0 2.2.2.2 0x80000001 877 0x22 0x74ab 28
Summary 10.7.3.0 2.2.2.2 0x80000001 877 0x22 0x69b5 28
Summary 10.10.27.0 2.2.2.2 0x80000005 877 0x22 0x2ad6 28
Summary *10.10.34.0 3.3.3.3 0x80000003 1162 0x22 0xc235 28
Summary *10.10.45.0 3.3.3.3 0x80000003 751 0x22 0x5398 28
OSPF AS SCOPE link state database
Type ID Adv Rtr Seq Age Opt Cksum Len
Extern *0.0.0.0 3.3.3.3 0x8000004b 339 0x22 0x124a 36

root@3> show ospf neighbor
Address Interface State ID Pri Dead
10.10.34.4 ge-0/0/1.0 Full 4.4.4.4 128 36
10.10.23.2 vl-2.2.2.2 Full 2.2.2.2 0 30
10.10.23.2 ge-0/0/0.0 Full 2.2.2.2 128 35

root@2> show ospf database

OSPF database, Area 0.0.0.0
Type ID Adv Rtr Seq Age Opt Cksum Len
Router *2.2.2.2 2.2.2.2 0x80000002 595 0x22 0x8dd 36
Router 3.3.3.3 3.3.3.3 0x8000017d 1614 0x22 0x8757 48
Router 4.4.4.4 4.4.4.4 0x8000016b 1847 0x22 0x7621 48
Router 5.5.5.5 5.5.5.5 0x80000159 3004 0x22 0x9292 36
Network 10.10.34.4 4.4.4.4 0x80000158 1847 0x22 0xf981 32
Network 10.10.45.5 5.5.5.5 0x80000151 3004 0x22 0xbaaf 32
Summary *10.7.0.0 2.2.2.2 0x80000001 797 0x22 0x8a97 28
Summary *10.7.1.0 2.2.2.2 0x80000001 797 0x22 0x7fa1 28
Summary *10.7.2.0 2.2.2.2 0x80000001 797 0x22 0x74ab 28
Summary *10.7.3.0 2.2.2.2 0x80000001 797 0x22 0x69b5 28
Summary *10.10.23.0 2.2.2.2 0x80000005 298 0x22 0x56ae 28
Summary 10.10.23.0 3.3.3.3 0x80000004 1622 0x22 0x3ac7 28
Summary *10.10.27.0 2.2.2.2 0x80000005 797 0x22 0x2ad6 28
ASBRSum *3.3.3.3 2.2.2.2 0x80000003 773 0x22 0xba6a 28

OSPF database, Area 0.0.0.23
Type ID Adv Rtr Seq Age Opt Cksum Len
Router *2.2.2.2 2.2.2.2 0x80000004 447 0x22 0x10af 36
Router 3.3.3.3 3.3.3.3 0x80000006 1614 0x22 0xd3de 36
Network 10.10.23.3 3.3.3.3 0x80000001 1621 0x22 0xf8f2 32
Summary *10.7.0.0 2.2.2.2 0x80000001 797 0x22 0x8a97 28
Summary *10.7.1.0 2.2.2.2 0x80000001 797 0x22 0x7fa1 28
Summary *10.7.2.0 2.2.2.2 0x80000001 797 0x22 0x74ab 28
Summary *10.7.3.0 2.2.2.2 0x80000001 797 0x22 0x69b5 28
Summary *10.10.27.0 2.2.2.2 0x80000005 797 0x22 0x2ad6 28
Summary 10.10.34.0 3.3.3.3 0x80000003 1084 0x22 0xc235 28
Summary 10.10.45.0 3.3.3.3 0x80000003 673 0x22 0x5398 28

OSPF database, Area 0.0.0.27
Type ID Adv Rtr Seq Age Opt Cksum Len
Router *2.2.2.2 2.2.2.2 0x80000004 797 0x22 0x526a 36
Router 7.7.7.7 7.7.7.7 0x80000003 758 0x22 0x1ae8 84
Network *10.10.27.2 2.2.2.2 0x80000001 797 0x22 0xcd0f 32
Summary *10.10.23.0 2.2.2.2 0x80000001 1061 0x22 0x5eaa 28
Summary *10.10.34.0 2.2.2.2 0x80000002 150 0x22 0xec0f 28
Summary *10.10.45.0 2.2.2.2 0x80000002 1 0x22 0x7d72 28
ASBRSum *3.3.3.3 2.2.2.2 0x80000001 1061 0x22 0xbe68 28
OSPF AS SCOPE link state database
Type ID Adv Rtr Seq Age Opt Cksum Len
Extern 0.0.0.0 3.3.3.3 0x8000004b 261 0x22 0x124a 36

root@2> show ospf neighbor
Address Interface State ID Pri Dead
10.10.23.3 vl-3.3.3.3 Full 3.3.3.3 0 35
10.10.23.3 ge-0/0/1.0 Full 3.3.3.3 128 33
10.10.27.7 ge-0/0/2.0 Full 7.7.7.7 128 38

root@7> show ospf database

OSPF database, Area 0.0.0.27
Type ID Adv Rtr Seq Age Opt Cksum Len
Router 2.2.2.2 2.2.2.2 0x80000004 692 0x22 0x526a 36
Router *7.7.7.7 7.7.7.7 0x80000003 651 0x22 0x1ae8 84
Network 10.10.27.2 2.2.2.2 0x80000001 692 0x22 0xcd0f 32
Summary 10.10.23.0 2.2.2.2 0x80000001 956 0x22 0x5eaa 28
Summary 10.10.34.0 2.2.2.2 0x80000002 45 0x22 0xec0f 28
Summary 10.10.45.0 2.2.2.2 0x80000001 956 0x22 0x7f71 28
ASBRSum 3.3.3.3 2.2.2.2 0x80000001 956 0x22 0xbe68 28
OSPF AS SCOPE link state database
Type ID Adv Rtr Seq Age Opt Cksum Len
Extern 0.0.0.0 3.3.3.3 0x8000004b 156 0x22 0x124a 36

root@7> show ospf neighbor
Address Interface State ID Pri Dead
10.10.27.2 ge-0/0/0.0 Full 2.2.2.2 128 36

root@7> ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8): 56 data bytes
64 bytes from 8.8.8.8: icmp_seq=0 ttl=51 time=14.689 ms
64 bytes from 8.8.8.8: icmp_seq=1 ttl=51 time=10.233 ms
64 bytes from 8.8.8.8: icmp_seq=2 ttl=51 time=14.090 ms
64 bytes from 8.8.8.8: icmp_seq=3 ttl=51 time=15.701 ms
^C
--- 8.8.8.8 ping statistics ---
4 packets transmitted, 4 packets received, 0% packet loss
round-trip min/avg/max/stddev = 10.233/13.678/15.701/2.071 ms