TechLibrary

Navigation Back up to About Overview

Examples: Configuring OSPF Routing Policy

Understanding OSPF Routing Policy

Each routing policy is identified by a policy name. The name can contain letters, numbers, and hyphens (-) and can be up to 255 characters long. To include spaces in the name, enclose the entire name in double quotation marks. Each routing policy name must be unique within a configuration. Once a policy is created and named, it must be applied before it is active.

In the import statement, you list the name of the routing policy used to filter OSPF external routes from being installed into the routing tables of OSPF neighbors. You can filter the routes, but not link-state address (LSA) flooding. An external route is a route that is outside the OSPF Autonomous System (AS). The import policy does not impact the OSPF database. This means that the import policy has no impact on the link-state advertisements.

In the export statement, you list the name of the routing policy to be evaluated when routes are being exported from the routing table into OSPF.

By default, if a routing device has multiple OSPF areas, learned routes from other areas are automatically installed into area 0 of the routing table.

To specify more than one policy and create a policy chain, you list the policies using a space as a separator. If multiple policies are specified, the policies are evaluated in the order in which they are specified. As soon as an accept or reject action is executed, the policy chain evaluation ends.

This topic describes the following information:

Routing Policy Terms

Routing policies are made up of one or more terms. A term is a named structure in which match conditions and actions are defined. You can define one or more terms. The name can contain letters, numbers, and hyphens ( - ) and can be up to 255 characters long. To include spaces in the name, enclose the entire name in double quotation marks.

Each term contains a set of match conditions and a set of actions:

  • Match conditions are criteria that a route must match before the actions can be applied. If a route matches all criteria, one or more actions are applied to the route.
  • Actions specify whether to accept or reject the route, control how a series of policies are evaluated, and manipulate the characteristics associated with a route.

Routing Policy Match Conditions

A match condition defines the criteria that a route must match for an action to take place. You can define one or more match conditions for each term. If a route matches all of the match conditions for a particular term, the actions defined for that term are processed.

Each term can include two statements, from and to, that define the match conditions:

  • In the from statement, you define the criteria that an incoming route must match. You can specify one or more match conditions. If you specify more than one, they all must match the route for a match to occur.

    The from statement is optional. If you omit the from and the to statements, all routes are considered to match.

    Note: In export policies, omitting the from statement from a routing policy term might lead to unexpected results. For more information, see Applying Routing Policies and Policy Chains to Routing Protocols in the Junos OS Routing Policy Configuration Guide PDF Document.

  • In the to statement, you define the criteria that an outgoing route must match. You can specify one or more match conditions. If you specify more than one, they all must match the route for a match to occur.

The order of the match conditions in a term is not important because a route must match all match conditions in a term for an action to be taken.

For a complete list of match conditions, see Configuring Match Conditions in Routing Policy Terms in the Junos OS Routing Policy Configuration Guide PDF Document.

Routing Policy Actions

An action defines what the routing device does with the route when the route matches all the match conditions in the from and to statements for a particular term. If a term does not have from and to statements, all routes are considered to match and the actions apply to all routes.

Each term can have one or more of the following types of actions. The actions are configured under the then statement.

  • Flow control actions, which affect whether to accept or reject the route and whether to evaluate the next term or routing policy.
  • Actions that manipulate route characteristics.
  • Trace action, which logs route matches.

The then statement is optional. If you omit it, one of the following occurs:

  • The next term in the routing policy, if one exists, is evaluated.
  • If the routing policy has no more terms, the next routing policy, if one exists, is evaluated.
  • If there are no more terms or routing policies, the accept or reject action specified by the default policy is executed.

For a complete list of routing policy actions, see Configuring Actions in Routing Policy TermsJunos OS Routing Policy Configuration Guide PDF Document

Example: Injecting OSPF Routes into the BGP Routing Table

This example shows how to create a policy that injects OSPF routes into the BGP routing table.

Requirements

Before you begin:

Overview

In this example, you create a routing policy called injectpolicy1 and a routing term called injectterm1. The policy injects OSPF routes into the BGP routing table.

Configuration

Configuring the Routing Policy

CLI Quick Configuration

To quickly configure this example, copy the following commands, paste them into a text file, remove any line breaks, change any details necessary to match your network configuration, and then copy and paste the commands into the CLI at the [edit] hierarchy level.

set policy-options policy-statement injectpolicy1 term injectterm1 from protocol ospfset policy-options policy-statement injectpolicy1 term injectterm1 from area 0.0.0.1set policy-options policy-statement injectpolicy1 term injectterm1 then acceptset protocols bgp export injectpolicy1

Step-by-Step Procedure

The following example requires you to navigate various levels in the configuration hierarchy. For information about navigating the CLI, see Using the CLI Editor in Configuration Mode in the Junos OS CLI User Guide PDF Document.

To inject OSPF routes into a BGP routing table:

  1. Create the policy term.

    [edit policy-options policy-statement injectpolicy1]user@host# set term injectterm1
  2. Specify OSPF as a match condition.

    [edit policy-options policy-statement injectpolicy1 term injectterm1]user@host# set from protocol ospf
  3. Specify the routes from an OSPF area as a match condition.

    [edit policy-options policy-statement injectpolicy1 term injectterm1]user@host# set from area 0.0.0.1
  4. Specify that the route is to be accepted if the previous conditions are matched.

    [edit policy-options policy-statement injectpolicy1 term injectterm1]user@host# set then accept
  5. Apply the routing policy to BGP.

    [edit]user@host# set protocols bgp export injectpolicy1

Results

Confirm your configuration by entering the show policy-options and show protocols bgp commands from configuration mode. If the output does not display the intended configuration, repeat the instructions in this example to correct the configuration.

user@host# show policy-optionspolicy-statement injectpolicy1 {term injectterm1 {from {protocol ospf;area 0.0.0.1;}then accept;}}
user@host# show protocols bgpexport injectpolicy1;

If you are done configuring the device, enter commit from configuration mode.

Configuring Tracing for the Routing Policy

CLI Quick Configuration

To quickly configure this example, copy the following commands, paste them into a text file, remove any line breaks, change any details necessary to match your network configuration, and then copy and paste the commands into the CLI at the [edit] hierarchy level.

set policy-options policy-statement injectpolicy1 term injectterm1 then trace set routing-options traceoptions file ospf-bgp-policy-log set routing-options traceoptions file size 5m set routing-options traceoptions file files 5 set routing-options traceoptions flag policy

Step-by-Step Procedure

The following example requires you to navigate various levels in the configuration hierarchy. For information about navigating the CLI, see Using the CLI Editor in Configuration Mode in the Junos OS CLI User Guide PDF Document.

  1. Include a trace action in the policy.

    [edit policy-options policy-statement injectpolicy1 term injectterm1]user@host# then trace
  2. Configure the tracing file for the output.

    [edit routing-options traceoptions]user@host# set file ospf-bgp-policy-loguser@host# set file size 5muser@host# set file files 5user@host# set flag policy

Results

Confirm your configuration by entering the show policy-options and show routing-options commands from configuration mode. If the output does not display the intended configuration, repeat the instructions in this example to correct the configuration.

user@host# show policy-optionspolicy-statement injectpolicy1 {term injectterm1 {then {trace;}}}
user@host# show routing-optionstraceoptions {file ospf-bgp-policy-log size 5m files 5;flag policy;}

If you are done configuring the device, enter commit from configuration mode.

Verification

Confirm that the configuration is working properly.

Verifying That the Expected BGP Routes Are Present

Purpose

Verify the effect of the export policy.

Action

From operational mode, enter the show route command.

Troubleshooting

Using the show log Command to Examine the Actions of the Routing Policy

Problem

The routing table contains unexpected routes, or routes are missing from the routing table.

Solution

If you configure policy tracing as shown in this example, you can run the show log ospf-bgp-policy-log command to diagnose problems with the routing policy. The show log ospf-bgp-policy-log command displays information about the routes that the injectpolicy1 policy term analyzes and acts upon.

Example: Redistributing Static Routes into OSPF

This example shows how to create a policy that redistributes static routes into OSPF.

Requirements

Before you begin:

Overview

In this example, you create a routing policy called exportstatic1 and a routing term called exportstatic1. The policy injects static routes into OSPF. This example includes the following settings:

  • policy-statement—Defines the routing policy. You specify the name of the policy and further define the elements of the policy. The policy name must be unique and can contain letters, numbers, and hyphens ( - ) and be up to 255 characters long.
  • term—Defines the match condition and applicable actions for the routing policy. The term name can contain letters, numbers, and hyphens ( - ) and be up to 255 characters long. You specify the name of the term and define the criteria that an incoming route must match by including the from statement and the action to take if the route matches the conditions by including the then statement. In this example you specify the static protocol match condition and the accept action.
  • export—Applies the export policy you created to be evaluated when routes are being exported from the routing table into OSPF.

Configuration

CLI Quick Configuration

To quickly create a policy that injects static routes into OSPF, copy the following commands and paste them into the CLI.

[edit]set policy-options policy-statement exportstatic1 term exportstatic1 from protocol staticset policy-options policy-statement exportstatic1 term exportstatic1 then acceptset protocols ospf export exportstatic1

Step-by-Step Procedure

The following example requires you to navigate various levels in the configuration hierarchy. For information about navigating the CLI, see Modifying the Junos OS Configuration in Junos OS CLI, Release 11.4.

To inject static routes into OSPF:

  1. Create the routing policy.
    [edit]user@host# edit policy-options policy-statement exportstatic1
  2. Create the policy term.
    [edit policy-options policy-statement exportstatic1]user@host# set term exportstatic1
  3. Specify static as a match condition.
    [edit policy-options policy-statement exportstatic1 term exportstatic1]user@host# set from protocol static
  4. Specify that the route is to be accepted if the previous condition is matched.
    [edit policy-options policy-statement exportstatic1 term exportstatic1]user@host# set then accept
  5. Apply the routing policy to OSPF.

    Note: For OSPFv3, include the ospf3 statement at the [edit protocols] hierarchy level.

    [edit]user@host# set protocols ospf export exportstatic1
  6. If you are done configuring the device, commit the configuration.
    [edit]user@host# commit

Results

Confirm your configuration by entering the show policy-options and show protocols ospf commands. If the output does not display the intended configuration, repeat the instructions in this example to correct the configuration.

user@host# show policy-optionspolicy-statement exportstatic1 {term exportstatic1 {from protocol static;then accept;}}
user@host# show protocols ospfexport exportstatic1;

To confirm your OSPFv3 configuration, enter the show policy-options and the show protocols ospf3 commands.

Verification

Confirm that the configuration is working properly.

Verifying That the Expected Static Routes Are Present

Purpose

Verify the effect of the export policy.

Action

From operational mode, enter the show route command.

Verifying That AS External LSAs Are Added to the Routing Table

Purpose

On the routing device where you configured the export policy, verify that the routing device originates an AS external LSA for the static routes that are added to the routing table.

Action

From operational mode, enter the show ospf database command for OSPFv2, and enter the show ospf3 database command for OSPFv3.

Example: Configuring an OSPF Import Policy

This example shows how to create an OSPF import policy. OSPF import policies apply to external routes only. An external route is a route that is outside the OSPF autonomous system (AS).

Requirements

Before you begin:

Overview

External routes are learned by AS boundary routers. External routes can be advertised throughout the OSPF domain if you configure the AS boundary router to redistribute the route into OSPF. An external route might be learned by the AS boundary router from a routing protocol other than OSPF, or the external route might be a static route that you configure on the AS boundary router.

For OSPFv3, the link-state advertisement (LSA) is referred to as the interarea prefix LSA and performs the same function as a network-summary LSA performs for OSPFv2. An area border router (ABR) originates an interarea prefix LSA for each IPv6 prefix that must be advertised into an area.

OSPF import policy allows you to prevent external routes from being added to the routing tables of OSPF neighbors. The import policy does not impact the OSPF database. This means that the import policy has no impact on the link-state advertisements. The filtering is done only on external routes in OSPF. The intra-area and interarea routes are not considered for filtering. The default action is to accept the route when the route does not match the policy.

This example includes the following OSPF policy settings:

  • policy-statement—Defines the routing policy. You specify the name of the policy and further define the elements of the policy. The policy name must be unique and can contain letters, numbers, and hyphens ( - ) and be up to 255 characters long.
  • export—Applies the export policy you created to be evaluated when network summary LSAs are flooded into an area. In this example, the export policy is named export_static.
  • import—Applies the import policy you created to prevent external routes from being added to the routing table. In this example, the import policy is named filter_routes.

The devices you configure in this example represent the following functions:

  • R1—Device R1 is in area 0.0.0.0 and has a direct connection to device R2. R1 has an OSPF export policy configured. The export policy redistributes static routes from R1’s routing table into R1’s OSPF database. Because the static route is in R1’s OSPF database, the route is advertised in an LSA to R1’s OSPF neighbor. R1’s OSPF neighbor is device R2.
  • R2—Device R2 is in area 0.0.0.0 and has a direct connection to device R1. R2 has an OSPF import policy configured that matches the static route to the 10.0.16.0/30 network and prevents the static route from being installed in R2’s routing table. R2’s OSPF neighbor is device R1.

Configuration

CLI Quick Configuration

To quickly configure an OSPF import policy, copy the following commands, removing any line breaks, and then paste the commands into the CLI.

Configuration on Device R1:

[edit]set interfaces so-0/2/0 unit 0 family inet address 10.0.2.1/30set protocols ospf export export_staticset protocols ospf area 0.0.0.0 interface so-0/2/0set policy-options policy-statement export_static from protocol staticset policy-options policy-statement export_static then accept

Configuration on Device R2:

[edit]set interfaces so-0/2/0 unit 0 family inet address 10.0.2.2/30set protocols ospf import filter_routesset protocols ospf area 0.0.0.0 interface so-0/2/0set policy-options policy-statement filter_routes from route-filter 10.0.16.0/30 exactset policy-options policy-statement filter_routes then reject

Step-by-Step Procedure

The following example requires you to navigate various levels in the configuration hierarchy. For information about navigating the CLI, see Modifying the Junos OS Configuration in Junos OS CLI, Release 11.4.

To configure an OSPF import policy:

  1. Configure the interfaces.
    [edit]user@R1# set interfaces so-0/2/0 unit 0 family inet address 10.0.2.1/30
    [edit]user@R2# set interfaces so-0/2/0 unit 0 family inet address 10.0.2.2/30
  2. Enable OSPF on the interfaces.

    Note: For OSPFv3, include the ospf3 statement at the [edit protocols] hierarchy level.

    [edit]user@R1# set protocols ospf area 0.0.0.0 interface so-0/2/0
    [edit]user@R2# set protocols ospf area 0.0.0.0 interface so-0/2/0
  3. On R1, redistribute the static route into OSPF.
    [edit]user@R1# set protocols ospf export export_staticuser@R1# set policy-options policy-statement export_static from protocol staticuser@R1# set policy-options policy-statement export_static then accept
  4. On R2, configure the OSPF import policy.
    [edit]user@R2# set protocols ospf import filter_routesuser@R2# set policy-options policy-statement filter_routes from route-filter 10.0.16.0/30 exactuser@R2# set policy-options policy-statement filter_routes then reject
  5. If you are done configuring the devices, commit the configuration.
    [edit]user@host# commit

Results

Confirm your configuration by entering the show interfaces, show policy-options, and show protocols ospf commands on the appropriate device. If the output does not display the intended configuration, repeat the instructions in this example to correct the configuration.

Output for R1:

user@R1# show interfacesso-0/2/0 {unit 0 {family inet {address 10.0.2.1/30;}}}
user@R1# show policy-optionspolicy-statement export_static {from protocol static;then accept;}
user@R1# show protocols ospfexport export_static;area 0.0.0.0 {interface so-0/2/0.0;}

Output for R2:

user@R2# show interfacesso-0/2/0 {unit 0 {family inet {address 10.0.2.2/30;}}}
user@R2# show policy-optionspolicy-statement filter_routes {from {route-filter 10.0.16.0/30 exact;}then reject;}
user@R2# show protocols ospfimport filter_routes;area 0.0.0.0 {interface so-0/2/0.0;}

To confirm your OSPFv3 configuration, enter the show interfaces, show policy-options, show routing-options, and show protocols ospf3 commands on the appropriate device.

Verification

Confirm that the configuration is working properly.

Verifying the OSPF Database

Purpose

Verify that OSPF is advertising the static route in the OSPF database.

Action

From operational mode, enter the show ospf database for OSPFv2, and enter the show ospf3 database command for OSPFv3.

Verifying the Routing Table

Purpose

Verify the entries in the routing table.

Action

From operational mode, enter the show route command.

Example: Configuring a Route Filter Policy to Specify Priority for Prefixes Learned Through OSPF

This example shows how to create an OSPF import policy that prioritizes specific prefixes learned through OSPF.

Requirements

Before you begin:

Overview

In a network with a large number of OSPF routes, it can be useful to control the order in which routes are updated in response to a network topology change. In Junos OS Release 9.3 and later, you can specify a priority of high, medium, or low for prefixes included in an OSPF import policy. In the event of an OSPF topology change, high priority prefixes are updated in the routing table first, followed by medium and then low priority prefixes.

OSPF import policy can only be used to set priority or to filter OSPF external routes. If an OSPF import policy is applied that results in a reject terminating action for a nonexternal route, then the reject action is ignored and the route is accepted anyway. By default, such a route is now installed in the routing table with a priority of low. This behavior prevents traffic black holes, that is, silently discarded traffic, by ensuring consistent routing within the OSPF domain.

In general, OSPF routes that are not explicitly assigned a priority are treated as priority medium, except for the following:

  • Summary discard routes have a default priority of low.
  • Local routes that are not added to the routing table are assigned a priority of low.
  • External routes that are rejected by import policy and thus not added to the routing table are assigned a priority of low.

Any available match criteria applicable to OSPF routes can be used to determine the priority. Two of the most commonly used match criteria for OSPF are the route-filter and tag statements.

In this example, the routing device is in area 0.0.0.0, with interfaces fe-0/1/0 and fe-1/1/0 connecting to neighboring devices. You configure an import routing policy named ospf-import to specify a priority for prefixes learned through OSPF. Routes associated with these prefixes are installed in the routing table in the order of the prefixes’ specified priority. Routes matching 200.3.0.0/16 orlonger are installed first because they have a priority of high. Routes matching 200.2.0.0/16 orlonger are installed next because they have a priority of medium. Routes matching 200.1.0.0/16 orlonger are installed last because they have a priority of low. You then apply the import policy to OSPF.

Note: The priority value takes effect when a new route is installed, or when there is a change to an existing route.

Configuration

CLI Quick Configuration

To quickly configure an OSPF import policy that prioritizes specific prefixes learned through OSPF, copy the following commands, removing any line breaks, and then paste the commands into the CLI.

[edit]set interfaces fe-0/1/0 unit 0 family inet address 192.168.8.4/30set interfaces fe-0/1/0 unit 0 family inet address 192.168.8.5/30set policy-options policy-statement ospf-import term t1 from route-filter 200.1.0.0/16 orlongerset policy-options policy-statement ospf-import term t1 then priority lowset policy-options policy-statement ospf-import term t1 then acceptset policy-options policy-statement ospf-import term t2 from route-filter 200.2.0.0/16 orlongerset policy-options policy-statement ospf-import term t2 then priority mediumset policy-options policy-statement ospf-import term t2 then acceptset policy-options policy-statement ospf-import term t3 from route-filter 200.3.0.0/16 orlongerset policy-options policy-statement ospf-import term t3 then priority highset policy-options policy-statement ospf-import term t3 then acceptset protocols ospf import ospf-importset protocols ospf area 0.0.0.0 interface fe-0/1/0set protocols ospf area 0.0.0.0 interface fe-1/1/0

Step-by-Step Procedure

The following example requires you to navigate various levels in the configuration hierarchy. For information about navigating the CLI, see Modifying the Junos OS Configuration in Junos OS CLI, Release 11.4.

To configure an OSPF import policy that prioritizes specific prefixes:

  1. Configure the interfaces.
    [edit]user@host# set interfaces fe-0/1/0 unit 0 family inet address 192.168.8.4/30user@host# set interfaces fe-0/2/0 unit 0 family inet address 192.168.8.5/30
  2. Enable OSPF on the interfaces.

    Note: For OSPFv3, include the ospf3 statement at the [edit protocols] hierarchy level.

    [edit]user@host# set protocols ospf area 0.0.0.0 interface fe-0/1/0user@host# set protocols ospf area 0.0.0.0 interface fe-0/2/0
  3. Configure the policy to specify the priority for prefixes learned through OSPF.
    [edit ]user@host# set policy-options policy-statement ospf-import term t1 from route-filter 200.1.0.0/16 orlongeruser@host# set policy-options policy-statement ospf-import term t1 then priority lowuser@host# set policy-options policy-statement ospf-import term t1 then acceptuser@host# set policy-options policy-statement ospf-import term t2 from route-filter 200.2.0.0/16 orlongeruser@host# set policy-options policy-statement ospf-import term t2 then priority mediumuser@host# set policy-options policy-statement ospf-import term t2 then acceptuser@host# set policy-options policy-statement ospf-import term t3 from route-filter 200.3.0.0/16 orlongeruser@host# set policy-options policy-statement ospf-import term t3 then priority highuser@host# set policy-options policy-statement ospf-import term t3 then accept
  4. Apply the policy to OSPF.
    [edit]user@host# set protocols ospf import ospf-import
  5. If you are done configuring the device, commit the configuration.
    [edit]user@host# commit

Results

Confirm your configuration by entering the show interfaces, show policy-options, and the show protocols ospf commands. If the output does not display the intended configuration, repeat the instructions in this example to correct the configuration.

user@host# show interfacesfe-0/1/0 {unit 0 {family inet {address 192.168.8.4/30;}}}fe-0/2/0 {unit 0 {family inet {address 192.168.8.5/30;}}}
user@host# show policy-optionspolicy-statement ospf-import {term t1 {from {route-filter 200.1.0.0/16 orlonger;}then {priority low;accept;}}term t2 {from {route-filter 200.2.0.0/16 orlonger;}then {priority medium;accept;}}term t3 {from {route-filter 200.3.0.0/16 orlonger;}then {priority high;accept;}}}
user@host# show protocols ospfimport ospf-import;area 0.0.0.0 {interface fe-0/1/0.0;interface fe-0/2/0.0;}

To confirm your OSPFv3 configuration, enter the show interfaces, show policy-options, and show protocols ospf3 commands.

Verification

Confirm that the configuration is working properly.

Verifying the Prefix Priority in the OSPF Routing Table

Purpose

Verify the priority assigned to the prefix in the OSPF routing table.

Action

From operational mode, enter the show ospf route detail for OSPFv2, and enter the show ospf3 route detail command for OSPFv3.

Published: 2011-10-25