Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Navigation
Guide That Contains This Content
[+] Expand All
[-] Collapse All
     

    Related Documentation

     

    Examples: Configuring OSPF Routing Policy

    Understanding OSPF Routing Policy

    Each routing policy is identified by a policy name. The name can contain letters, numbers, and hyphens (-) and can be up to 255 characters long. To include spaces in the name, enclose the entire name in double quotation marks. Each routing policy name must be unique within a configuration. Once a policy is created and named, it must be applied before it is active.

    In the import statement, you list the name of the routing policy used to filter OSPF external routes from being installed into the routing tables of OSPF neighbors. You can filter the routes, but not link-state address (LSA) flooding. An external route is a route that is outside the OSPF Autonomous System (AS). The import policy does not impact the OSPF database. This means that the import policy has no impact on the link-state advertisements.

    In the export statement, you list the name of the routing policy to be evaluated when routes are being exported from the routing table into OSPF.

    By default, if a routing device has multiple OSPF areas, learned routes from other areas are automatically installed into area 0 of the routing table.

    To specify more than one policy and create a policy chain, you list the policies using a space as a separator. If multiple policies are specified, the policies are evaluated in the order in which they are specified. As soon as an accept or reject action is executed, the policy chain evaluation ends.

    This topic describes the following information:

    Routing Policy Terms

    Routing policies are made up of one or more terms. A term is a named structure in which match conditions and actions are defined. You can define one or more terms. The name can contain letters, numbers, and hyphens ( - ) and can be up to 255 characters long. To include spaces in the name, enclose the entire name in double quotation marks.

    Each term contains a set of match conditions and a set of actions:

    • Match conditions are criteria that a route must match before the actions can be applied. If a route matches all criteria, one or more actions are applied to the route.
    • Actions specify whether to accept or reject the route, control how a series of policies are evaluated, and manipulate the characteristics associated with a route.

    Routing Policy Match Conditions

    A match condition defines the criteria that a route must match for an action to take place. You can define one or more match conditions for each term. If a route matches all of the match conditions for a particular term, the actions defined for that term are processed.

    Each term can include two statements, from and to, that define the match conditions:

    • In the from statement, you define the criteria that an incoming route must match. You can specify one or more match conditions. If you specify more than one, they all must match the route for a match to occur.

      The from statement is optional. If you omit the from and the to statements, all routes are considered to match.

      Note: In export policies, omitting the from statement from a routing policy term might lead to unexpected results.

    • In the to statement, you define the criteria that an outgoing route must match. You can specify one or more match conditions. If you specify more than one, they all must match the route for a match to occur.

    The order of the match conditions in a term is not important because a route must match all match conditions in a term for an action to be taken.

    For a complete list of match conditions, see Configuring Match Conditions in Routing Policy Terms.

    Routing Policy Actions

    An action defines what the routing device does with the route when the route matches all the match conditions in the from and to statements for a particular term. If a term does not have from and to statements, all routes are considered to match and the actions apply to all routes.

    Each term can have one or more of the following types of actions. The actions are configured under the then statement.

    • Flow control actions, which affect whether to accept or reject the route and whether to evaluate the next term or routing policy.
    • Actions that manipulate route characteristics.
    • Trace action, which logs route matches.

    The then statement is optional. If you omit it, one of the following occurs:

    • The next term in the routing policy, if one exists, is evaluated.
    • If the routing policy has no more terms, the next routing policy, if one exists, is evaluated.
    • If there are no more terms or routing policies, the accept or reject action specified by the default policy is executed.

    For a complete list of routing policy actions, see Configuring Actions in Routing Policy Terms.

    Example: Injecting OSPF Routes into the BGP Routing Table

    This example shows how to create a policy that injects OSPF routes into the BGP routing table.

    Requirements

    Before you begin:

    Overview

    In this example, you create a routing policy called injectpolicy1 and a routing term called injectterm1. The policy injects OSPF routes into the BGP routing table.

    Configuration

    Configuring the Routing Policy

    CLI Quick Configuration

    To quickly configure this example, copy the following commands, paste them into a text file, remove any line breaks, change any details necessary to match your network configuration, copy and paste the commands into the CLI at the [edit] hierarchy level, and then enter commit from configuration mode.

    set policy-options policy-statement injectpolicy1 term injectterm1 from protocol ospfset policy-options policy-statement injectpolicy1 term injectterm1 from area 0.0.0.1set policy-options policy-statement injectpolicy1 term injectterm1 then acceptset protocols bgp export injectpolicy1

    Step-by-Step Procedure

    The following example requires you to navigate various levels in the configuration hierarchy. For information about navigating the CLI, see Using the CLI Editor in Configuration Mode in the CLI User Guide.

    To inject OSPF routes into a BGP routing table:

    1. Create the policy term.

      [edit policy-options policy-statement injectpolicy1]user@host# set term injectterm1
    2. Specify OSPF as a match condition.

      [edit policy-options policy-statement injectpolicy1 term injectterm1]user@host# set from protocol ospf
    3. Specify the routes from an OSPF area as a match condition.

      [edit policy-options policy-statement injectpolicy1 term injectterm1]user@host# set from area 0.0.0.1
    4. Specify that the route is to be accepted if the previous conditions are matched.

      [edit policy-options policy-statement injectpolicy1 term injectterm1]user@host# set then accept
    5. Apply the routing policy to BGP.

      [edit]user@host# set protocols bgp export injectpolicy1

    Results

    Confirm your configuration by entering the show policy-options and show protocols bgp commands from configuration mode. If the output does not display the intended configuration, repeat the instructions in this example to correct the configuration.

    user@host# show policy-options
    policy-statement injectpolicy1 {term injectterm1 {from {protocol ospf;area 0.0.0.1;}then accept;}}
    user@host# show protocols bgpexport injectpolicy1;

    If you are done configuring the device, enter commit from configuration mode.

    Configuring Tracing for the Routing Policy

    CLI Quick Configuration

    To quickly configure this example, copy the following commands, paste them into a text file, remove any line breaks, change any details necessary to match your network configuration, copy and paste the commands into the CLI at the [edit] hierarchy level, and then enter commit from configuration mode.

    set policy-options policy-statement injectpolicy1 term injectterm1 then trace set routing-options traceoptions file ospf-bgp-policy-log set routing-options traceoptions file size 5m set routing-options traceoptions file files 5 set routing-options traceoptions flag policy

    Step-by-Step Procedure

    The following example requires you to navigate various levels in the configuration hierarchy. For information about navigating the CLI, see Using the CLI Editor in Configuration Mode in the CLI User Guide.

    1. Include a trace action in the policy.

      [edit policy-options policy-statement injectpolicy1 term injectterm1]user@host# then trace
    2. Configure the tracing file for the output.

      [edit routing-options traceoptions]user@host# set file ospf-bgp-policy-loguser@host# set file size 5muser@host# set file files 5user@host# set flag policy

    Results

    Confirm your configuration by entering the show policy-options and show routing-options commands from configuration mode. If the output does not display the intended configuration, repeat the instructions in this example to correct the configuration.

    user@host# show policy-options
    policy-statement injectpolicy1 {term injectterm1 {then {trace;}}}
    user@host# show routing-options
    traceoptions {file ospf-bgp-policy-log size 5m files 5;flag policy;}

    If you are done configuring the device, enter commit from configuration mode.

    Verification

    Confirm that the configuration is working properly.

    Verifying That the Expected BGP Routes Are Present

    Purpose

    Verify the effect of the export policy.

    Action

    From operational mode, enter the show route command.

    Troubleshooting

    Using the show log Command to Examine the Actions of the Routing Policy

    Problem

    The routing table contains unexpected routes, or routes are missing from the routing table.

    Solution

    If you configure policy tracing as shown in this example, you can run the show log ospf-bgp-policy-log command to diagnose problems with the routing policy. The show log ospf-bgp-policy-log command displays information about the routes that the injectpolicy1 policy term analyzes and acts upon.

    Example: Redistributing Static Routes into OSPF

    This example shows how to create a policy that redistributes static routes into OSPF.

    Requirements

    Before you begin:

    Overview

    In this example, you create a routing policy called exportstatic1 and a routing term called exportstatic1. The policy injects static routes into OSPF. This example includes the following settings:

    • policy-statement—Defines the routing policy. You specify the name of the policy and further define the elements of the policy. The policy name must be unique and can contain letters, numbers, and hyphens ( - ) and be up to 255 characters long.
    • term—Defines the match condition and applicable actions for the routing policy. The term name can contain letters, numbers, and hyphens ( - ) and be up to 255 characters long. You specify the name of the term and define the criteria that an incoming route must match by including the from statement and the action to take if the route matches the conditions by including the then statement. In this example you specify the static protocol match condition and the accept action.
    • export—Applies the export policy you created to be evaluated when routes are being exported from the routing table into OSPF.

    Configuration

    CLI Quick Configuration

    To quickly create a policy that injects static routes into OSPF, copy the following commands and paste them into the CLI.

    [edit]set policy-options policy-statement exportstatic1 term exportstatic1 from protocol staticset policy-options policy-statement exportstatic1 term exportstatic1 then acceptset protocols ospf export exportstatic1

    Step-by-Step Procedure

    The following example requires you to navigate various levels in the configuration hierarchy. For information about navigating the CLI, see Modifying the Junos OS Configuration in the CLI User Guide.

    To inject static routes into OSPF:

    1. Create the routing policy.
      [edit]user@host# edit policy-options policy-statement exportstatic1
    2. Create the policy term.
      [edit policy-options policy-statement exportstatic1]user@host# set term exportstatic1
    3. Specify static as a match condition.
      [edit policy-options policy-statement exportstatic1 term exportstatic1]user@host# set from protocol static
    4. Specify that the route is to be accepted if the previous condition is matched.
      [edit policy-options policy-statement exportstatic1 term exportstatic1]user@host# set then accept
    5. Apply the routing policy to OSPF.

      Note: For OSPFv3, include the ospf3 statement at the [edit protocols] hierarchy level.

      [edit]user@host# set protocols ospf export exportstatic1
    6. If you are done configuring the device, commit the configuration.
      [edit]user@host# commit

    Results

    Confirm your configuration by entering the show policy-options and show protocols ospf commands. If the output does not display the intended configuration, repeat the instructions in this example to correct the configuration.

    user@host# show policy-options
    policy-statement exportstatic1 {term exportstatic1 {from protocol static;then accept;}}
    user@host# show protocols ospfexport exportstatic1;

    To confirm your OSPFv3 configuration, enter the show policy-options and the show protocols ospf3 commands.

    Verification

    Confirm that the configuration is working properly.

    Verifying That the Expected Static Routes Are Present

    Purpose

    Verify the effect of the export policy.

    Action

    From operational mode, enter the show route command.

    Verifying That AS External LSAs Are Added to the Routing Table

    Purpose

    On the routing device where you configured the export policy, verify that the routing device originates an AS external LSA for the static routes that are added to the routing table.

    Action

    From operational mode, enter the show ospf database command for OSPFv2, and enter the show ospf3 database command for OSPFv3.

    Example: Configuring an OSPF Import Policy

    This example shows how to create an OSPF import policy. OSPF import policies apply to external routes only. An external route is a route that is outside the OSPF autonomous system (AS).

    Requirements

    Before you begin:

    Overview

    External routes are learned by AS boundary routers. External routes can be advertised throughout the OSPF domain if you configure the AS boundary router to redistribute the route into OSPF. An external route might be learned by the AS boundary router from a routing protocol other than OSPF, or the external route might be a static route that you configure on the AS boundary router.

    For OSPFv3, the link-state advertisement (LSA) is referred to as the interarea prefix LSA and performs the same function as a network-summary LSA performs for OSPFv2. An area border router (ABR) originates an interarea prefix LSA for each IPv6 prefix that must be advertised into an area.

    OSPF import policy allows you to prevent external routes from being added to the routing tables of OSPF neighbors. The import policy does not impact the OSPF database. This means that the import policy has no impact on the link-state advertisements. The filtering is done only on external routes in OSPF. The intra-area and interarea routes are not considered for filtering. The default action is to accept the route when the route does not match the policy.

    This example includes the following OSPF policy settings:

    • policy-statement—Defines the routing policy. You specify the name of the policy and further define the elements of the policy. The policy name must be unique and can contain letters, numbers, and hyphens ( - ) and be up to 255 characters long.
    • export—Applies the export policy you created to be evaluated when network summary LSAs are flooded into an area. In this example, the export policy is named export_static.
    • import—Applies the import policy you created to prevent external routes from being added to the routing table. In this example, the import policy is named filter_routes.

    The devices you configure in this example represent the following functions:

    • R1—Device R1 is in area 0.0.0.0 and has a direct connection to device R2. R1 has an OSPF export policy configured. The export policy redistributes static routes from R1’s routing table into R1’s OSPF database. Because the static route is in R1’s OSPF database, the route is advertised in an LSA to R1’s OSPF neighbor. R1’s OSPF neighbor is device R2.
    • R2—Device R2 is in area 0.0.0.0 and has a direct connection to device R1. R2 has an OSPF import policy configured that matches the static route to the 10.0.16.0/30 network and prevents the static route from being installed in R2’s routing table. R2’s OSPF neighbor is device R1.

    Configuration

    CLI Quick Configuration

    To quickly configure an OSPF import policy, paste them into a text file, remove any line breaks, change any details necessary to match your network configuration, copy and paste the commands into the CLI at the [edit] hierarchy level, and then enter commit from configuration mode.

    Configuration on Device R1:

    [edit]set interfaces so-0/2/0 unit 0 family inet address 10.0.2.1/30set protocols ospf export export_staticset protocols ospf area 0.0.0.0 interface so-0/2/0set policy-options policy-statement export_static from protocol staticset policy-options policy-statement export_static then accept

    Configuration on Device R2:

    [edit]set interfaces so-0/2/0 unit 0 family inet address 10.0.2.2/30set protocols ospf import filter_routesset protocols ospf area 0.0.0.0 interface so-0/2/0set policy-options policy-statement filter_routes from route-filter 10.0.16.0/30 exactset policy-options policy-statement filter_routes then reject

    Step-by-Step Procedure

    The following example requires you to navigate various levels in the configuration hierarchy. For information about navigating the CLI, see Modifying the Junos OS Configuration in theCLI User Guide.

    To configure an OSPF import policy:

    1. Configure the interfaces.
      [edit]user@R1# set interfaces so-0/2/0 unit 0 family inet address 10.0.2.1/30
      [edit]user@R2# set interfaces so-0/2/0 unit 0 family inet address 10.0.2.2/30
    2. Enable OSPF on the interfaces.

      Note: For OSPFv3, include the ospf3 statement at the [edit protocols] hierarchy level.

      [edit]user@R1# set protocols ospf area 0.0.0.0 interface so-0/2/0
      [edit]user@R2# set protocols ospf area 0.0.0.0 interface so-0/2/0
    3. On R1, redistribute the static route into OSPF.
      [edit]user@R1# set protocols ospf export export_staticuser@R1# set policy-options policy-statement export_static from protocol staticuser@R1# set policy-options policy-statement export_static then accept
    4. On R2, configure the OSPF import policy.
      [edit]user@R2# set protocols ospf import filter_routesuser@R2# set policy-options policy-statement filter_routes from route-filter 10.0.16.0/30 exactuser@R2# set policy-options policy-statement filter_routes then reject
    5. If you are done configuring the devices, commit the configuration.
      [edit]user@host# commit

    Results

    Confirm your configuration by entering the show interfaces, show policy-options, and show protocols ospf commands on the appropriate device. If the output does not display the intended configuration, repeat the instructions in this example to correct the configuration.

    Output for R1:

    user@R1# show interfaces
    so-0/2/0 {unit 0 {family inet {address 10.0.2.1/30;}}}
    user@R1# show policy-options
    policy-statement export_static {from protocol static;then accept;}
    user@R1# show protocols ospfexport export_static;
    area 0.0.0.0 {interface so-0/2/0.0;}

    Output for R2:

    user@R2# show interfaces
    so-0/2/0 {unit 0 {family inet {address 10.0.2.2/30;}}}
    user@R2# show policy-options
    policy-statement filter_routes {from {route-filter 10.0.16.0/30 exact;}then reject;}
    user@R2# show protocols ospfimport filter_routes;
    area 0.0.0.0 {interface so-0/2/0.0;}

    To confirm your OSPFv3 configuration, enter the show interfaces, show policy-options, show routing-options, and show protocols ospf3 commands on the appropriate device.

    Verification

    Confirm that the configuration is working properly.

    Verifying the OSPF Database

    Purpose

    Verify that OSPF is advertising the static route in the OSPF database.

    Action

    From operational mode, enter the show ospf database for OSPFv2, and enter the show ospf3 database command for OSPFv3.

    Verifying the Routing Table

    Purpose

    Verify the entries in the routing table.

    Action

    From operational mode, enter the show route command.

    Example: Configuring a Route Filter Policy to Specify Priority for Prefixes Learned Through OSPF

    This example shows how to create an OSPF import policy that prioritizes specific prefixes learned through OSPF.

    Requirements

    Before you begin:

    Overview

    In a network with a large number of OSPF routes, it can be useful to control the order in which routes are updated in response to a network topology change. In Junos OS Release 9.3 and later, you can specify a priority of high, medium, or low for prefixes included in an OSPF import policy. In the event of an OSPF topology change, high priority prefixes are updated in the routing table first, followed by medium and then low priority prefixes.

    OSPF import policy can only be used to set priority or to filter OSPF external routes. If an OSPF import policy is applied that results in a reject terminating action for a nonexternal route, then the reject action is ignored and the route is accepted anyway. By default, such a route is now installed in the routing table with a priority of low. This behavior prevents traffic black holes, that is, silently discarded traffic, by ensuring consistent routing within the OSPF domain.

    In general, OSPF routes that are not explicitly assigned a priority are treated as priority medium, except for the following:

    • Summary discard routes have a default priority of low.
    • Local routes that are not added to the routing table are assigned a priority of low.
    • External routes that are rejected by import policy and thus not added to the routing table are assigned a priority of low.

    Any available match criteria applicable to OSPF routes can be used to determine the priority. Two of the most commonly used match criteria for OSPF are the route-filter and tag statements.

    In this example, the routing device is in area 0.0.0.0, with interfaces fe-0/1/0 and fe-1/1/0 connecting to neighboring devices. You configure an import routing policy named ospf-import to specify a priority for prefixes learned through OSPF. Routes associated with these prefixes are installed in the routing table in the order of the prefixes’ specified priority. Routes matching 192.0.2.0/24 orlonger are installed first because they have a priority of high. Routes matching 198.51.100.0/24 orlonger are installed next because they have a priority of medium. Routes matching 203.0.113.0/24 orlonger are installed last because they have a priority of low. You then apply the import policy to OSPF.

    Note: The priority value takes effect when a new route is installed, or when there is a change to an existing route.

    Configuration

    CLI Quick Configuration

    To quickly configure an OSPF import policy that prioritizes specific prefixes learned through OSPF, copy the following commands, paste them into a text file, remove any line breaks, change any details necessary to match your network configuration, copy and paste the commands into the CLI at the [edit] hierarchy level, and then enter commit from configuration mode.

    [edit]set interfaces fe-0/1/0 unit 0 family inet address 192.168.8.4/30set interfaces fe-0/1/0 unit 0 family inet address 192.168.8.5/30set policy-options policy-statement ospf-import term t1 from route-filter 203.0.113.0/24 orlongerset policy-options policy-statement ospf-import term t1 then priority lowset policy-options policy-statement ospf-import term t1 then acceptset policy-options policy-statement ospf-import term t2 from route-filter 198.51.100.0/24 orlongerset policy-options policy-statement ospf-import term t2 then priority mediumset policy-options policy-statement ospf-import term t2 then acceptset policy-options policy-statement ospf-import term t3 from route-filter 192.0.2.0/24 orlongerset policy-options policy-statement ospf-import term t3 then priority highset policy-options policy-statement ospf-import term t3 then acceptset protocols ospf import ospf-importset protocols ospf area 0.0.0.0 interface fe-0/1/0set protocols ospf area 0.0.0.0 interface fe-1/1/0

    Step-by-Step Procedure

    The following example requires you to navigate various levels in the configuration hierarchy. For information about navigating the CLI, see Modifying the Junos OS Configuration in theCLI User Guide.

    To configure an OSPF import policy that prioritizes specific prefixes:

    1. Configure the interfaces.
      [edit]user@host# set interfaces fe-0/1/0 unit 0 family inet address 192.168.8.4/30user@host# set interfaces fe-0/2/0 unit 0 family inet address 192.168.8.5/30
    2. Enable OSPF on the interfaces.

      Note: For OSPFv3, include the ospf3 statement at the [edit protocols] hierarchy level.

      [edit]user@host# set protocols ospf area 0.0.0.0 interface fe-0/1/0user@host# set protocols ospf area 0.0.0.0 interface fe-0/2/0
    3. Configure the policy to specify the priority for prefixes learned through OSPF.
      [edit ]user@host# set policy-options policy-statement ospf-import term t1 from route-filter 203.0.113.0/24 orlongeruser@host# set policy-options policy-statement ospf-import term t1 then priority lowuser@host# set policy-options policy-statement ospf-import term t1 then acceptuser@host# set policy-options policy-statement ospf-import term t2 from route-filter 198.51.100.0/24 orlongeruser@host# set policy-options policy-statement ospf-import term t2 then priority mediumuser@host# set policy-options policy-statement ospf-import term t2 then acceptuser@host# set policy-options policy-statement ospf-import term t3 from route-filter 192.0.2.0/24 orlongeruser@host# set policy-options policy-statement ospf-import term t3 then priority highuser@host# set policy-options policy-statement ospf-import term t3 then accept
    4. Apply the policy to OSPF.
      [edit]user@host# set protocols ospf import ospf-import
    5. If you are done configuring the device, commit the configuration.
      [edit]user@host# commit

    Results

    Confirm your configuration by entering the show interfaces, show policy-options, and the show protocols ospf commands. If the output does not display the intended configuration, repeat the instructions in this example to correct the configuration.

    user@host# show interfaces
    fe-0/1/0 {unit 0 {family inet {address 192.168.8.4/30;}}}fe-0/2/0 {unit 0 {family inet {address 192.168.8.5/30;}}}
    user@host# show protocols ospfimport ospf-import;
    area 0.0.0.0 {interface fe-0/1/0.0;interface fe-0/2/0.0;}
    user@host# show policy-options
    policy-statement ospf-import {term t1 {from {route-filter 203.0.113.0/24 orlonger;}then {priority low;accept;}}term t2 {from {route-filter 198.51.100.0/24 orlonger;}then {priority medium;accept;}}term t3 {from {route-filter 192.0.2.0/24 orlonger;}then {priority high;accept;}}}
    user@host# show protocols ospfimport ospf-import;
    area 0.0.0.0 {interface fe-0/1/0.0;interface fe-0/2/0.0;}

    To confirm your OSPFv3 configuration, enter the show interfaces, show policy-options, and show protocols ospf3 commands.

    Verification

    Confirm that the configuration is working properly.

    Verifying the Prefix Priority in the OSPF Routing Table

    Purpose

    Verify the priority assigned to the prefix in the OSPF routing table.

    Action

    From operational mode, enter the show ospf route detail for OSPFv2, and enter the show ospf3 route detail command for OSPFv3.

     

    Related Documentation

     

    Modified: 2017-01-11