Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[ScreenOS] How to advertise OSPF routes between VSYSs

0

0

Article ID: KB26387 KB Last Updated: 08 Sep 2020Version: 2.0
Summary:

This article provides information about advertising OSPF routes from one VSYS to another VSYS in a firewall.

 

Symptoms:

Is it possible to advertise OSPF/BGP routes from one VSYS to another VSYS in a firewall?

Topology:

[3.3.3.0/24]-----<eth0/1>[FW1]<eth1/1>----<VSYS A>[FW2]<VSYS B>---<eth1/1>[FW3]
  • OSPF is enabled on Fw1, FW2, and FW3 and their respective VRs.

  •  Fw1, FW2, and FW3 are in OSPF area 0.

  • The objective is to advertise the 3.3.3.0/24 prefix to FW3 via OSPF and from VSYS A to VSYS B of FW2.

 

Solution:

Configuration

FW1:

FW1-> set vr trust-vr protocol ospf
FW1-> set vr trust-vr protocol ospf enable
FW1-> set interface ethernet0/1 protocol ospf area 0.0.0.0
FW1-> set interface ethernet0/1 protocol ospf enable
FW1-> set interface ethernet1/1 protocol ospf area 0.0.0.0
FW1-> set interface ethernet1/1 protocol ospf enable

FW2:

VSYS A:

FW2(A)-> set vr A-vr protocol ospf
FW2(A)-> set vr A-vr protocol ospf enable
FW2(A)-> set interface ethernet1/1 protocol ospf area 0.0.0.0
FW2(A)-> set interface ethernet1/1 protocol ospf enable
FW2(A)-> set vr A-vr access-list 1
FW2(A)-> set vr A-vr access-list 1 permit ip 3.3.3.0/24 1
FW2(A)-> set vr A-vr route-map name "export_to_trust-vr" permit 1
FW2(A)-> set vr A-vr route-map "export_to_trust-vr" 1 match ip 1
FW2(A)-> set vr A-vr export-to vrouter "trust-vr" route-map "export_to_trust-vr" protocol ospf

Root VSYS:

FW2-> set vr trust-vr access-list 1
FW2-> set vr trust-vr access-list 1 permit ip 3.3.3.0/24 1
FW2-> set vr trust-vr route-map name "export_to_B-vr" permit 1
FW2-> set vr trust-vr route-map "export_to_B-vr" 1 match ip 1
FW2-> set vr trust-vr export-to vrouter "B-vr" route-map "export_to_B-vr" protocol imported

VSYS B:

FW2(B)-> set vr B-vr protocol ospf
FW2(B)-> set vr B-vr protocol ospf enable
FW2(B)-> set interface ethernet1/2 protocol ospf area 0.0.0.0
FW2(B)-> set interface ethernet1/2 protocol ospf enable
FW2(B)-> set vr B-vr access-list 1
FW2(B)-> set vr B-vr access-list 1 permit ip 3.3.3.0/24 1
FW2(B)-> set vr B-vr route-map name "redistribute_to_FW3" permit 1
FW2(B)-> set vr B-vr route-map "redistribute_to_FW3" 1 match ip 1
FW2(B)-> set vr B-vr protocol ospf redistribute route-map "redistribute_to_FW3" protocol imported

FW3:

FW3-> set vr trust-vr protocol ospf
FW3-> set vr trust-vr protocol ospf enable
FW3-> set interface ethernet1/1 protocol ospf area 0.0.0.0
FW3-> set interface ethernet1/1 protocol ospf enable

Result:

FW2(A)-> get route protocol ospf
H: Host C: Connected S: Static A: Auto-Exported
I: Imported R: RIP/RIPng P: Permanent D: Auto-Discovered
N: NHRP
iB: IBGP eB: EBGP O: OSPF/OSPFv3 E1: OSPF external type 1
E2: OSPF/OSPFv3 external type 2 trailing B: backup route


IPv4 Dest-Routes for <A-vr> (5 entries)
--------------------------------------------
ID IP-Prefix Interface Gateway P Pref Mtr
--------------------------------------------

* 4 3.3.3.0/24 eth1/1 1.1.1.1 O 60 2


FW2-> get route protocol imported
H: Host C: Connected S: Static A: Auto-Exported
I: Imported R: RIP/RIPng P: Permanent D: Auto-Discovered
N: NHRP
iB: IBGP eB: EBGP O: OSPF/OSPFv3 E1: OSPF external type 1
E2: OSPF/OSPFv3 external type 2 trailing B: backup route


IPv4 Dest-Routes for <trust-vr> (16 entries)
-----------------------------------------------
Vsys ID IP-Prefix Interface Gateway P Pref Mtr
-----------------------------------------------

* A 23 3.3.3.0/24 n/a A-vr OI 140 2


FW2(B)-> get route protocol imported
H: Host C: Connected S: Static A: Auto-Exported
I: Imported R: RIP/RIPng P: Permanent D: Auto-Discovered
N: NHRP
iB: IBGP eB: EBGP O: OSPF/OSPFv3 E1: OSPF external type 1
E2: OSPF/OSPFv3 external type 2 trailing B: backup route


IPv4 Dest-Routes for <B-vr> (2 entries)
--------------------------------------------------
ID IP-Prefix Interface Gateway P Pref Mtr
--------------------------------------------------

* 2 3.3.3.0/24 n/a A-vr OI 140 2


FW3-> get route protocol ospf
H: Host C: Connected S: Static A: Auto-Exported
I: Imported R: RIP P: Permanent D: Auto-Discovered
N: NHRP
iB: IBGP eB: EBGP O: OSPF E1: OSPF external type 1
E2: OSPF external type 2 trailing B: backup route


IPv4 Dest-Routes for <trust-vr> (11 entries)
--------------------------------------------------
Vsys ID IP-Prefix Interface Gateway P Pref Mtr
--------------------------------------------------

* Root 16 3.3.3.0/24 eth1/1 2.2.2.1 E1 60 3

 

Modification History:

2020-09-08: Removed EOL devices; checked article for accuracy; article valid, no changes required

 

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search