Mailing List Archive: nsp: juniper

OSPF Forwarding Address

Index | Next | Previous | View Threaded

benny+usenet at amorsen

Aug 2, 2012, 4:59 AM

Post #1 of 6 (698 views)
Permalink

OSPF Forwarding Address

I have a weird problem where I can get IOS to set the Forwarding Address
for an external type 2 route (LSA type 5) in OSPF, but I cannot get
Junos to do the same.

The test network has 3 devices. Two of them are VRF's in an MX80
(router1 10.10.200.10 and router2 10.10.200.11), the last one is a
firewall (fw 10.10.200.1). All connected to the same switch, and
the network is a /27.

The MX80-VRF's are talking OSPF, again completely plainly configured
simply by putting the interface in area 0.0.0.0.

router1 has a static route to 192.168.200.0/24 via fw 10.10.200.1. It
redistributes this route into OSPF, again a completely plain policy just
saying "from static" "then accept".

router2 receives the route through OSPF but Forwarding Address is not
set. Therefore it sends traffic destined for 192.168.200.0/24 to
router1 -- which is sort-of correct, but it would be much better if
the traffic was passed directly to the firewall.

If I replace router1 with a VRF on a Cisco 7600, Forwarding Address
is set to 10.10.200.1 and everything works as I expected. This is
obviously not my preferred solution :)

/Benny

_______________________________________________
juniper-nsp mailing list juniper-nsp [at] puck
https://puck.nether.net/mailman/listinfo/juniper-nsp

sfouant at shortestpathfirst

Aug 2, 2012, 5:55 AM

Post #2 of 6 (678 views)
Permalink

Re: OSPF Forwarding Address [In reply to]

In this case, router 1 is originating external the LSA through redistribution of the static, hence the other routers will see R1 as the next hop.

Although i have never done this myself, I think you should be able to manipulate your OSPF export policy to include a 'then next-hop 10.10.200.1' to manipulate the forwarding-address.

Stefan Fouant
JNCIE-SEC, JNCIE-SP, JNCIE-ENT, JNCI
Technical Trainer, Juniper Networks

Follow us on Twitter @JuniperEducate

Sent from my iPad

On Aug 2, 2012, at 7:59 AM, Benny Amorsen <benny+usenet [at] amorsen> wrote:

> I have a weird problem where I can get IOS to set the Forwarding Address
> for an external type 2 route (LSA type 5) in OSPF, but I cannot get
> Junos to do the same.
>
> The test network has 3 devices. Two of them are VRF's in an MX80
> (router1 10.10.200.10 and router2 10.10.200.11), the last one is a
> firewall (fw 10.10.200.1). All connected to the same switch, and
> the network is a /27.
>
> The MX80-VRF's are talking OSPF, again completely plainly configured
> simply by putting the interface in area 0.0.0.0.
>
> router1 has a static route to 192.168.200.0/24 via fw 10.10.200.1. It
> redistributes this route into OSPF, again a completely plain policy just
> saying "from static" "then accept".
>
> router2 receives the route through OSPF but Forwarding Address is not
> set. Therefore it sends traffic destined for 192.168.200.0/24 to
> router1 -- which is sort-of correct, but it would be much better if
> the traffic was passed directly to the firewall.
>
> If I replace router1 with a VRF on a Cisco 7600, Forwarding Address
> is set to 10.10.200.1 and everything works as I expected. This is
> obviously not my preferred solution :)
>
>
> /Benny
>
>
>
> _______________________________________________
> juniper-nsp mailing list juniper-nsp [at] puck
> https://puck.nether.net/mailman/listinfo/juniper-nsp

_______________________________________________
juniper-nsp mailing list juniper-nsp [at] puck
https://puck.nether.net/mailman/listinfo/juniper-nsp

benny+usenet at amorsen

Aug 2, 2012, 7:27 AM

Post #3 of 6 (681 views)
Permalink

Re: OSPF Forwarding Address [In reply to]

Stefan Fouant <sfouant [at] shortestpathfirst> writes:

> In this case, router 1 is originating external the LSA through
> redistribution of the static, hence the other routers will see R1 as
> the next hop.

I take it that this is expected behaviour in Junos?

> Although i have never done this myself, I think you should be able to
> manipulate your OSPF export policy to include a 'then next-hop
> 10.10.200.1' to manipulate the forwarding-address.

I will have to try that. I already tried "then next-hop peer-address"
which did not change anything (not even for the same scenario
redistributed from BGP instead of static).

Thank you for the suggestion!

/Benny

_______________________________________________
juniper-nsp mailing list juniper-nsp [at] puck
https://puck.nether.net/mailman/listinfo/juniper-nsp

jsw at inconcepts

Aug 2, 2012, 2:08 PM

Post #4 of 6 (685 views)
Permalink

Re: OSPF Forwarding Address [In reply to]

On Thu, Aug 2, 2012 at 7:59 AM, Benny Amorsen <benny+usenet [at] amorsen> wrote:
> If I replace router1 with a VRF on a Cisco 7600, Forwarding Address
> is set to 10.10.200.1 and everything works as I expected. This is
> obviously not my preferred solution :)

Do router2 and router1 have an OSPF adjacency on the /27? This is
required for forwarding-address to be set.

--
Jeff S Wheeler <jsw [at] inconcepts>
Sr Network Operator / Innovative Network Concepts
_______________________________________________
juniper-nsp mailing list juniper-nsp [at] puck
https://puck.nether.net/mailman/listinfo/juniper-nsp

benny+usenet at amorsen

Aug 2, 2012, 3:48 PM

Post #5 of 6 (675 views)
Permalink

Re: OSPF Forwarding Address [In reply to]

Jeff Wheeler <jsw [at] inconcepts> writes:

> Do router2 and router1 have an OSPF adjacency on the /27? This is
> required for forwarding-address to be set.

Yes, right now that is their only OSPF adjacency. Right now the VRF's
only have that single interface.

/Benny

_______________________________________________
juniper-nsp mailing list juniper-nsp [at] puck
https://puck.nether.net/mailman/listinfo/juniper-nsp

benny+usenet at amorsen

Aug 2, 2012, 3:51 PM

Post #6 of 6 (678 views)
Permalink

Re: OSPF Forwarding Address [In reply to]

Stefan Fouant <sfouant [at] shortestpathfirst> writes:

> Although i have never done this myself, I think you should be able to
> manipulate your OSPF export policy to include a 'then next-hop
> 10.10.200.1' to manipulate the forwarding-address.

Alas, no luck with 'then next-hop 10.10.200.1'. It seems to only work
for BGP.

/Benny

_______________________________________________
juniper-nsp mailing list juniper-nsp [at] puck
https://puck.nether.net/mailman/listinfo/juniper-nsp

Index | Next | Previous | View Threaded

Interested in having your list archived? Contact Gossamer Threads