Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[ScreenOS] OSPF choosing higher-cost path for external route.

0

0

Article ID: KB9918 KB Last Updated: 09 Sep 2019Version: 4.0
Summary:

The Juniper Firewall is learning two default routes. Both are external E1 type, but the firewall is using the higher-cost path as the preferred route.

Symptoms:

The Firewall device is using the higher-cost OSPF path as preferred, which is not the one preferred by the network administrators.

Solution:

The customer-preferred (lower cost), route was from a different area. The firewall device is acting correctly (as per RFC2328) in choosing the route via the higher-cost, intra-area ASBR over the lower-cost inter-area ASBR. (See extract below).

The RFC also stipulates that this behavior only applies if RFC1583-compatibility is NOT enabled.  With the compatibility enabled, only the path-cost is considered in determining the preferred route.

Enabling RFC1583 compatibility in the OSPF configuration on the Juniper Firewall resolved this issue for the customer. To enable RFC1583 compatibility, use the following CLI command:

set vr trust protocol ospf rfc-1583

 

RFC 2328 extract:

16.4.1. External path preferences

When multiple intra-AS paths are available to ASBRs/forwarding addresses, the following rules indicate which paths are preferred. These rules apply when the same ASBR is reachable through multiple areas, or when trying to decide which of several AS-external-LSAs should be preferred. In the former case the paths all terminate at the same ASBR, while in the latter the paths terminate at separate ASBRs/forwarding addresses. In either case, each path is represented by a separate routing table entry as defined in Section 11. This section only applies when RFC1583 Compatibility is set to "disabled".

The path preference rules, stated from highest to lowest preference, are as follows. Note that as a result of these rules, there may still be multiple paths of the highest preference. In this case, the path to use must be determined based on cost, as described in Section 16.4.
 
  • Intra-area paths using non-backbone areas are always the most preferred.
  • The other paths, intra-area backbone paths and inter-area paths, are of equal preference.
Modification History:
2019-08-27: Article reviewed for accuracy.

Related Links

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search