date:20161006

Re: [j-nsp] Leaking OSPF routes into ISIS

2016-10-06 Thread Dragan Jovicic

On a side note, you don't need reject in isis export policy, since default
is a reject (local and learned isis routes are flooded anyway). In fact,
you can do prefix-suppression with a reject in isis export policy (say,
advertise only loopback and suppress all core links) - something you can't
do in ospf. On Junos, that is.


On Thu, Oct 6, 2016 at 5:33 PM, Saku Ytti  wrote:

> On 6 October 2016 at 18:12, Hugo Slabbert  wrote:
>
> > I generally create an explicit 'reject-all' policy and stick that at the
> end
> > of policy lists, rather than nesting the reject within an existing
> policy.
> > It's a bit clearer.
>
> Always terminate as late as sensible policy design allows, as it'll
> make it more extendable, not needing to rewrite those special cases,
> just add new policy. To that effect, also consider default-action
> reject instead of reject, so that you mark route to be rejected,
> unless later otherwise told, this is again useful if you have that one
> special hack, you don't need to rewrite anything, just chain new small
> hack policy to revert that decision.
>
>
> --
>   ++ytti
> ___
> juniper-nsp mailing list juniper-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] Leaking OSPF routes into ISIS

2016-10-06 Thread Saku Ytti

On 6 October 2016 at 18:12, Hugo Slabbert  wrote:

> I generally create an explicit 'reject-all' policy and stick that at the end
> of policy lists, rather than nesting the reject within an existing policy.
> It's a bit clearer.

Always terminate as late as sensible policy design allows, as it'll
make it more extendable, not needing to rewrite those special cases,
just add new policy. To that effect, also consider default-action
reject instead of reject, so that you mark route to be rejected,
unless later otherwise told, this is again useful if you have that one
special hack, you don't need to rewrite anything, just chain new small
hack policy to revert that decision.

-- 
  ++ytti
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] Leaking OSPF routes into ISIS

2016-10-06 Thread Hugo Slabbert



On Thu 2016-Oct-06 14:10:17 +, Matthew Crocker  
wrote:

I found the issue,   export-customer-bgp had a reject clause to the route 
wasn’t getting to the export-ospf policy at all.


I generally create an explicit 'reject-all' policy and stick that at the 
end of policy lists, rather than nesting the reject within an existing 
policy.  It's a bit clearer.




Thanks Peter



--
Hugo Slabbert   | email, xmpp/jabber: h...@slabnet.com
pgp key: B178313E   | also on Signal



On 10/6/16, 9:49 AM, "juniper-nsp on behalf of Matthew Crocker" 
 wrote:


   Hello,

   I in the process of migrating from OSPF to ISIS for my interior routing.
I have one MX240 that needs to run OSPF to some legacy network gear.  I want 
that router to export the OSPF learned routes to its new ISIS neighbors.

   I have a policy-statement to export-ospf

   show policy-options policy-statement export-ospf
   term 1 {
   from {
   protocol ospf;
   }
   then accept;
   }


   I have added that to my isis protocol config

   show isis
   export [ export-direct export-statics export-customer-bgp export-ospf ];
   reference-bandwidth 10g;
   traffic-engineering {
   family inet {
   shortcuts;
   }
   family inet6 {
   shortcuts;
   }
   }
   interface xe-1/1/0.1151;
   interface xe-1/3/0.0;
   interface lo0.0;

   The routes are in OSPF but I don’t see them in the ISIS routes on the other 
routers.

   What am I missing?

   --
   Matthew Crocker
   President – Crocker Communications
   matt...@corp.crocker.com

   ___
   juniper-nsp mailing list juniper-nsp@puck.nether.net
   https://puck.nether.net/mailman/listinfo/juniper-nsp

___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp


signature.asc
Description: Digital signature
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] Leaking OSPF routes into ISIS

2016-10-06 Thread Matthew Crocker



I found the issue,   export-customer-bgp had a reject clause to the route 
wasn’t getting to the export-ospf policy at all.

Thanks Peter


On 10/6/16, 9:49 AM, "juniper-nsp on behalf of Matthew Crocker" 
 
wrote:


Hello,

I in the process of migrating from OSPF to ISIS for my interior routing.
I have one MX240 that needs to run OSPF to some legacy network gear.  I want 
that router to export the OSPF learned routes to its new ISIS neighbors.

I have a policy-statement to export-ospf

show policy-options policy-statement export-ospf
term 1 {
from {
protocol ospf;
}
then accept;
}


I have added that to my isis protocol config

show isis
export [ export-direct export-statics export-customer-bgp export-ospf ];
reference-bandwidth 10g;
traffic-engineering {
family inet {
shortcuts;
}
family inet6 {
shortcuts;
}
}
interface xe-1/1/0.1151;
interface xe-1/3/0.0;
interface lo0.0;

The routes are in OSPF but I don’t see them in the ISIS routes on the other 
routers.

What am I missing?

--
Matthew Crocker
President – Crocker Communications
matt...@corp.crocker.com

___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

[j-nsp] Leaking OSPF routes into ISIS

2016-10-06 Thread Matthew Crocker


Hello,

I in the process of migrating from OSPF to ISIS for my interior routing.I 
have one MX240 that needs to run OSPF to some legacy network gear.  I want that 
router to export the OSPF learned routes to its new ISIS neighbors.

I have a policy-statement to export-ospf

show policy-options policy-statement export-ospf
term 1 {
from {
protocol ospf;
}
then accept;
}


I have added that to my isis protocol config

show isis
export [ export-direct export-statics export-customer-bgp export-ospf ];
reference-bandwidth 10g;
traffic-engineering {
family inet {
shortcuts;
}
family inet6 {
shortcuts;
}
}
interface xe-1/1/0.1151;
interface xe-1/3/0.0;
interface lo0.0;

The routes are in OSPF but I don’t see them in the ISIS routes on the other 
routers.

What am I missing?

--
Matthew Crocker
President – Crocker Communications
matt...@corp.crocker.com

___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] Leaking OSPF routes into ISIS

Re: [j-nsp] Leaking OSPF routes into ISIS

Re: [j-nsp] Leaking OSPF routes into ISIS

Re: [j-nsp] Leaking OSPF routes into ISIS

[j-nsp] Leaking OSPF routes into ISIS

5 matches

Site Navigation

Mail list logo

Footer information