Knowledge Search


×
 

[ScreenOS] OSPF choosing higher-cost path for external route.

  [KB9918] Show Article Properties


Summary:

The Juniper Firewall is learning two default routes. Both are external E1 type, but the firewall is using the higher-cost path as the preferred route.

Symptoms:

The Firewall device is using the higher-cost OSPF path as preferred, which is not the one preferred by the network administrators.

Solution:

The customer-preferred (lower cost), route was from a different area. The firewall device is acting correctly (as per RFC2328) in choosing the route via the higher-cost, intra-area ASBR over the lower-cost inter-area ASBR. (See extract below).

The RFC also stipulates that this behavior only applies if RFC1583-compatibility is NOT enabled.  With the compatibility enabled, only the path-cost is considered in determining the preferred route.

Enabling RFC1583 compatibility in the OSPF configuration on the Juniper Firewall resolved this issue for the customer. To enable RFC1583 compatibility, use the following CLI command:

set vr trust protocol ospf rfc-1583

 

RFC 2328 extract:

16.4.1. External path preferences

When multiple intra-AS paths are available to ASBRs/forwarding addresses, the following rules indicate which paths are preferred. These rules apply when the same ASBR is reachable through multiple areas, or when trying to decide which of several AS-external-LSAs should be preferred. In the former case the paths all terminate at the same ASBR, while in the latter the paths terminate at separate ASBRs/forwarding addresses. In either case, each path is represented by a separate routing table entry as defined in Section 11. This section only applies when RFC1583 Compatibility is set to "disabled".

The path preference rules, stated from highest to lowest preference, are as follows. Note that as a result of these rules, there may still be multiple paths of the highest preference. In this case, the path to use must be determined based on cost, as described in Section 16.4.
 
  • Intra-area paths using non-backbone areas are always the most preferred.
  • The other paths, intra-area backbone paths and inter-area paths, are of equal preference.
Modification History:
2019-08-27: Article reviewed for accuracy.
Related Links: