There are multiple IP addresses configured on an interface. The goal is to advertise only one or more of those subnets via OSPF and not the other.

This article will describe a method on how to advertise selective addresses from the same interface via OSPF.

If one interface is configured under "protocol ospf area" stanza, then both IP addresses are advertised, which is not the requirement.

In this setup, two SRX devices have established OSPF neighbor relationship over VPN:

 HQ# run show ospf neighbor 50.50.50.1
Address          Interface              State     ID               Pri  Dead
50.50.50.1       st0.0                  Full      50.50.50.1       128    34

 Branch1# run show ospf neighbor
Address          Interface              State     ID               Pri  Dead
50.50.50.10      st0.0                  Full      50.50.50.10      128    31

Interface configuration on the Branch:

 Branch1# show interfaces lo0
unit 0 {
  family inet {
   address 192.168.1.1/24;
   address 192.168.6.1/24;   <-- This address should NOT be advertised via OSPF.
   address 172.16.10.5/16;
  }
}

The goal is to block 192.168.6.1/24 from being advertised via OSPF from the Branch to the HQ.

If the lo0 interface is defined under OSPF at the Branch location, then all the IP addresses will be advertised, and we cannot do that. Here is an example of what should NOT be done;

 [edit]
root@D10_31-SRX650-Branch1# show protocols ospf | display set
set protocols ospf area 0.0.0.0 interface st0.0 neighbor 50.50.50.10
set protocols ospf area 0.0.0.0 interface lo0.0 passive  <-- Notice the interface lo0 is defined under ospf.

Notice at the HQ site that all three IP addresses defined on the lo0 are being advertised. 

 HQ# run show route protocol ospf 192.168.6.0    

 inet.0: 38 destinations, 42 routes (38 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

 192.168.6.0/24     *[OSPF/10] 00:00:03, metric 1  <-- The address is being advertised.
      > to 50.50.50.1 via st0.0

 HQ# run show route protocol ospf 192.168.1.0    

 inet.0: 38 destinations, 42 routes (38 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

 192.168.1.0/24      [OSPF/10] 00:00:08, metric 1
       > to 50.50.50.1 via st0.0

 HQ# run show route protocol ospf 172.16         

 inet.0: 38 destinations, 42 routes (38 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

 172.16.0.0/16      *[OSPF/10] 00:00:17, metric 1
      > to 50.50.50.1 via st0.0

Workaround:

1. Delete the interface lo0 configuration from the ospf. This will stop all three ip addresses from being advertised.

   Branch1# show protocols ospf | display set
   set protocols ospf area 0.0.0.0 interface st0.0 neighbor 50.50.50.10

   1. Check the HQ site to see if any route is receiving via OSPF from that specific neighbor.

       HQ# run show route protocol ospf 192.168.6                    
       inet.0: 33 destinations, 35 routes (33 active, 0 holddown, 0 hidden)
       HQ# run show route protocol ospf 192.168.1    
       inet.0: 33 destinations, 35 routes (33 active, 0 holddown, 0 hidden)
       HQ# run show route protocol ospf 172.16                       
       inet.0: 33 destinations, 35 routes (33 active, 0 holddown, 0 hidden)

2. Create a policy to allow the selective IP addresses that are supposed to be advertised.

   Branch1# show policy-options policy-statement export-ospf | display set
   set policy-options policy-statement export-ospf term allow from protocol direct
   set policy-options policy-statement export-ospf term allow from route-filter 192.168.1.0/24 exact
   set policy-options policy-statement export-ospf term allow from route-filter 172.16.0.0/16 orlonger
   set policy-options policy-statement export-ospf term allow then accept

    Notice that the "default" term is "reject". So only the IP addresses matching the "from" criteria will be accepted.

   1. Now "export" this policy in the OSPF as follows

      set protocols ospf export export-ospf

   2. The final OSPF configuration on the "Branch" looks like this;

      Branch1# show protocols ospf | display set
set protocols ospf export export-ospf
set protocols ospf area 0.0.0.0 interface st0.0 neighbor 50.50.50.10

Verification:

Verify the routes on the HQ site:

 HQ# run show route protocol ospf 192.168.1    

 inet.0: 34 destinations, 37 routes (34 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

 192.168.1.0/24      [OSPF/150] 00:03:52, metric 0, tag 0
      > to 50.50.50.1 via st0.0

 HQ# run show route protocol ospf 172.16       

 inet.0: 34 destinations, 37 routes (34 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

 172.16.0.0/16      *[OSPF/150] 00:04:00, metric 0, tag 0
      > to 50.50.50.1 via st0.0

 {primary:node0}[edit]
HQ# run show route protocol ospf 192.168.6    

 inet.0: 34 destinations, 37 routes (34 active, 0 holddown, 0 hidden)   <-- Notice the route for "192.168.6" is successfully excluded.

2020-09-26: Article verified for accuracy. Article is valid and accurate.