qelso Опубликовано 31 января, 2018 · Жалоба Привет всем! Столкнулся с проблемой, не работает policy-options на import маршрутов в ospf. Juniper MX80, JUNOS 12.3R4.6 routing-instances { NextOne { instance-type vrf; interface xe-0/0/0.4015; interface xe-0/0/0.4019; protocols { ospf { export ospf-vrf-NextOne-export; import ospf-vrf-NextOne-import; area 0.0.0.0 { interface xe-0/0/0.4015 { metric 150; authentication { md5 19 key "***"; ## SECRET-DATA } } interface xe-0/0/0.4019 { metric 150; authentication { md5 20 key "***"; ## SECRET-DATA } } } } } } } policy-options { policy-statement ospf-vrf-NextOne-import { term 1 { from { protocol ospf2; route-filter 83.167.66.225/32 exact; route-filter 83.167.66.226/32 exact; route-filter 10.100.101.118/32 exact; route-filter 83.167.66.1/32 exact; route-filter 83.167.66.5/32 exact; route-filter 83.167.66.9/32 exact; route-filter 83.167.66.10/32 exact; route-filter 83.167.66.16/32 exact; route-filter 83.167.66.19/32 exact; route-filter 83.167.72.1/32 exact; route-filter 83.167.81.1/32 exact; route-filter 83.167.88.1/32 exact; route-filter 10.100.101.44/30 orlonger; route-filter 83.167.65.0/24 orlonger; route-filter 83.167.66.160/29 orlonger; route-filter 83.167.66.164/30 orlonger; } then accept; } term 2 { then reject; } } } Но в NextOne.inet.0 попадают маршруты, которые не должны туда попадать Скрытый текст > show route table NextOne.inet.0 protocol ospf NextOne.inet.0: 3440 destinations, 3475 routes (3440 active, 0 holddown, 0 hidden) + = Active Route, - = Last Active, * = Both 10.100.101.44/30 *[OSPF/150] 01:20:10, metric 120, tag 0 > to 83.167.66.250 via xe-0/0/0.4019 to 83.167.66.238 via xe-0/0/0.4015 10.100.101.118/32 *[OSPF/150] 01:20:10, metric 120, tag 0 > to 83.167.66.238 via xe-0/0/0.4015 10.222.255.52/30 *[OSPF/10] 6d 03:16:52, metric 161 to 83.167.66.250 via xe-0/0/0.4019 > to 83.167.66.238 via xe-0/0/0.4015 10.222.255.56/30 *[OSPF/10] 6d 03:16:52, metric 162 to 83.167.66.250 via xe-0/0/0.4019 > to 83.167.66.238 via xe-0/0/0.4015 83.167.65.0/24 *[OSPF/150] 01:20:10, metric 120, tag 0 to 83.167.66.250 via xe-0/0/0.4019 > to 83.167.66.238 via xe-0/0/0.4015 83.167.65.40/29 *[OSPF/150] 01:20:10, metric 120, tag 0 > to 83.167.66.250 via xe-0/0/0.4019 to 83.167.66.238 via xe-0/0/0.4015 83.167.65.52/30 *[OSPF/150] 01:20:10, metric 120, tag 0 to 83.167.66.250 via xe-0/0/0.4019 > to 83.167.66.238 via xe-0/0/0.4015 83.167.65.56/30 *[OSPF/150] 01:20:10, metric 120, tag 0 to 83.167.66.250 via xe-0/0/0.4019 > to 83.167.66.238 via xe-0/0/0.4015 83.167.65.60/30 *[OSPF/150] 01:20:10, metric 20, tag 0 > to 83.167.66.250 via xe-0/0/0.4019 to 83.167.66.238 via xe-0/0/0.4015 83.167.66.1/32 *[OSPF/150] 01:20:10, metric 120, tag 0 > to 83.167.66.250 via xe-0/0/0.4019 to 83.167.66.238 via xe-0/0/0.4015 83.167.66.5/32 *[OSPF/150] 01:20:10, metric 120, tag 0 > to 83.167.66.238 via xe-0/0/0.4015 83.167.66.8/32 *[OSPF/10] 6d 03:16:52, metric 161 to 83.167.66.250 via xe-0/0/0.4019 > to 83.167.66.238 via xe-0/0/0.4015 83.167.66.9/32 *[OSPF/150] 01:20:10, metric 120, tag 0 to 83.167.66.250 via xe-0/0/0.4019 > to 83.167.66.238 via xe-0/0/0.4015 83.167.66.10/32 *[OSPF/150] 01:20:10, metric 120, tag 0 > to 83.167.66.250 via xe-0/0/0.4019 to 83.167.66.238 via xe-0/0/0.4015 83.167.66.11/32 *[OSPF/10] 6d 03:16:52, metric 162 > to 83.167.66.250 via xe-0/0/0.4019 to 83.167.66.238 via xe-0/0/0.4015 83.167.66.12/32 *[OSPF/10] 6d 03:16:52, metric 161 > to 83.167.66.250 via xe-0/0/0.4019 to 83.167.66.238 via xe-0/0/0.4015 83.167.66.13/32 *[OSPF/10] 6d 03:16:52, metric 162 to 83.167.66.250 via xe-0/0/0.4019 > to 83.167.66.238 via xe-0/0/0.4015 83.167.66.16/32 *[OSPF/150] 01:20:10, metric 120, tag 0 > to 83.167.66.238 via xe-0/0/0.4015 83.167.66.22/32 *[OSPF/10] 6d 03:16:52, metric 163 > to 83.167.66.250 via xe-0/0/0.4019 to 83.167.66.238 via xe-0/0/0.4015 83.167.66.32/30 *[OSPF/10] 6d 03:33:04, metric 160 > to 83.167.66.238 via xe-0/0/0.4015 83.167.66.36/30 *[OSPF/10] 6d 03:16:52, metric 161 to 83.167.66.250 via xe-0/0/0.4019 > to 83.167.66.238 via xe-0/0/0.4015 83.167.66.40/30 *[OSPF/10] 6d 03:16:52, metric 161 > to 83.167.66.250 via xe-0/0/0.4019 to 83.167.66.238 via xe-0/0/0.4015 83.167.66.44/30 *[OSPF/10] 2d 00:26:41, metric 162 > to 83.167.66.250 via xe-0/0/0.4019 to 83.167.66.238 via xe-0/0/0.4015 83.167.66.52/30 *[OSPF/10] 6d 03:16:52, metric 161 > to 83.167.66.250 via xe-0/0/0.4019 to 83.167.66.238 via xe-0/0/0.4015 83.167.66.64/30 *[OSPF/10] 6d 03:16:52, metric 161 > to 83.167.66.250 via xe-0/0/0.4019 to 83.167.66.238 via xe-0/0/0.4015 83.167.66.68/30 *[OSPF/10] 6d 03:33:04, metric 200 > to 83.167.66.238 via xe-0/0/0.4015 83.167.66.72/30 *[OSPF/10] 6d 03:16:52, metric 161 to 83.167.66.250 via xe-0/0/0.4019 > to 83.167.66.238 via xe-0/0/0.4015 83.167.66.80/30 *[OSPF/10] 6d 03:16:52, metric 161 > to 83.167.66.250 via xe-0/0/0.4019 to 83.167.66.238 via xe-0/0/0.4015 83.167.66.84/30 *[OSPF/10] 6d 03:16:52, metric 162 > to 83.167.66.250 via xe-0/0/0.4019 to 83.167.66.238 via xe-0/0/0.4015 83.167.66.96/30 *[OSPF/10] 6d 03:33:04, metric 200 > to 83.167.66.238 via xe-0/0/0.4015 83.167.66.100/30 *[OSPF/10] 6d 03:16:52, metric 200 > to 83.167.66.250 via xe-0/0/0.4019 83.167.66.104/30 *[OSPF/10] 6d 03:16:52, metric 161 to 83.167.66.250 via xe-0/0/0.4019 > to 83.167.66.238 via xe-0/0/0.4015 83.167.66.108/30 *[OSPF/10] 6d 03:16:52, metric 161 to 83.167.66.250 via xe-0/0/0.4019 > to 83.167.66.238 via xe-0/0/0.4015 83.167.66.120/30 *[OSPF/10] 6d 03:33:04, metric 200 > to 83.167.66.238 via xe-0/0/0.4015 83.167.66.140/30 *[OSPF/10] 6d 03:16:52, metric 160 > to 83.167.66.250 via xe-0/0/0.4019 to 83.167.66.238 via xe-0/0/0.4015 83.167.66.144/29 *[OSPF/10] 6d 03:16:52, metric 162 > to 83.167.66.250 via xe-0/0/0.4019 to 83.167.66.238 via xe-0/0/0.4015 83.167.66.152/30 *[OSPF/10] 6d 03:16:52, metric 200 > to 83.167.66.250 via xe-0/0/0.4019 83.167.66.156/30 *[OSPF/10] 6d 03:16:52, metric 200 > to 83.167.66.250 via xe-0/0/0.4019 83.167.66.160/30 *[OSPF/10] 6d 03:16:52, metric 162 > to 83.167.66.250 via xe-0/0/0.4019 to 83.167.66.238 via xe-0/0/0.4015 83.167.66.188/30 *[OSPF/10] 6d 03:16:52, metric 161 > to 83.167.66.250 via xe-0/0/0.4019 to 83.167.66.238 via xe-0/0/0.4015 83.167.66.225/32 *[OSPF/150] 01:20:10, metric 120, tag 0 > to 83.167.66.250 via xe-0/0/0.4019 83.167.66.226/32 *[OSPF/150] 01:20:10, metric 120, tag 0 > to 83.167.66.250 via xe-0/0/0.4019 83.167.66.236/31 *[OSPF/10] 6d 03:33:04, metric 180 > to 83.167.66.238 via xe-0/0/0.4015 83.167.66.244/31 *[OSPF/10] 6d 03:07:28, metric 300 > to 83.167.66.238 via xe-0/0/0.4015 83.167.66.246/31 *[OSPF/10] 6d 01:28:25, metric 300 > to 83.167.66.238 via xe-0/0/0.4015 83.167.66.248/31 *[OSPF/10] 6d 03:16:52, metric 180 > to 83.167.66.250 via xe-0/0/0.4019 83.167.66.252/31 *[OSPF/10] 6d 03:03:38, metric 300 > to 83.167.66.250 via xe-0/0/0.4019 83.167.66.254/31 *[OSPF/10] 6d 02:58:33, metric 300 > to 83.167.66.250 via xe-0/0/0.4019 83.167.67.4/30 *[OSPF/10] 6d 03:16:52, metric 160 > to 83.167.66.250 via xe-0/0/0.4019 83.167.72.1/32 *[OSPF/150] 01:20:10, metric 120, tag 0 > to 83.167.66.250 via xe-0/0/0.4019 to 83.167.66.238 via xe-0/0/0.4015 83.167.88.1/32 *[OSPF/150] 01:20:10, metric 120, tag 0 > to 83.167.66.250 via xe-0/0/0.4019 to 83.167.66.238 via xe-0/0/0.4015 172.16.0.160/30 *[OSPF/10] 6d 03:16:52, metric 161 > to 83.167.66.250 via xe-0/0/0.4019 to 83.167.66.238 via xe-0/0/0.4015 172.16.0.164/30 *[OSPF/10] 6d 03:16:52, metric 161 to 83.167.66.250 via xe-0/0/0.4019 > to 83.167.66.238 via xe-0/0/0.4015 172.16.0.172/30 *[OSPF/10] 6d 03:16:52, metric 161 > to 83.167.66.250 via xe-0/0/0.4019 to 83.167.66.238 via xe-0/0/0.4015 172.16.0.180/30 *[OSPF/10] 6d 03:16:52, metric 161 > to 83.167.66.250 via xe-0/0/0.4019 to 83.167.66.238 via xe-0/0/0.4015 172.16.1.32/30 *[OSPF/10] 6d 03:16:52, metric 161 to 83.167.66.250 via xe-0/0/0.4019 > to 83.167.66.238 via xe-0/0/0.4015 172.16.6.4/30 *[OSPF/10] 6d 03:16:52, metric 162 > to 83.167.66.250 via xe-0/0/0.4019 to 83.167.66.238 via xe-0/0/0.4015 172.16.6.16/30 *[OSPF/10] 6d 03:16:52, metric 162 > to 83.167.66.250 via xe-0/0/0.4019 to 83.167.66.238 via xe-0/0/0.4015 172.16.6.248/29 *[OSPF/10] 6d 03:16:52, metric 161 > to 83.167.66.250 via xe-0/0/0.4019 to 83.167.66.238 via xe-0/0/0.4015 172.20.49.64/27 *[OSPF/10] 6d 03:16:52, metric 161 > to 83.167.66.250 via xe-0/0/0.4019 to 83.167.66.238 via xe-0/0/0.4015 224.0.0.5/32 *[OSPF/10] 6d 03:43:55, metric 1 MultiRecv Пробовал менять policy: policy-options { policy-statement ospf-vrf-NextOne-import { term 2 { then reject; } } Однако, в NextOne.inet.0 попадают все те же маршруты. Ребята-джуноводы, помогите, пожалуйста, советом. Как отфильтровать import ospf маршруты? Вставить ник Цитата Ответить с цитированием Поделиться сообщением Ссылка на сообщение Поделиться на других сайтах More sharing options...
vvertexx Опубликовано 31 января, 2018 · Жалоба Ну так, какие проходят мимо? external надеюсь фильтруешь? Хотя бы пару примеров приведи. Вставить ник Цитата Ответить с цитированием Поделиться сообщением Ссылка на сообщение Поделиться на других сайтах More sharing options...
orlik Опубликовано 31 января, 2018 · Жалоба 2 hours ago, qelso said: Привет всем! Столкнулся с проблемой, не работает policy-options на import маршрутов в ospf. Juniper MX80, JUNOS 12.3R4.6 routing-instances { NextOne { instance-type vrf; interface xe-0/0/0.4015; interface xe-0/0/0.4019; protocols { ospf { export ospf-vrf-NextOne-export; import ospf-vrf-NextOne-import; area 0.0.0.0 { interface xe-0/0/0.4015 { metric 150; authentication { md5 19 key "***"; ## SECRET-DATA } } interface xe-0/0/0.4019 { metric 150; authentication { md5 20 key "***"; ## SECRET-DATA } } } } } } } policy-options { policy-statement ospf-vrf-NextOne-import { term 1 { from { protocol ospf2; route-filter 83.167.66.225/32 exact; route-filter 83.167.66.226/32 exact; route-filter 10.100.101.118/32 exact; route-filter 83.167.66.1/32 exact; route-filter 83.167.66.5/32 exact; route-filter 83.167.66.9/32 exact; route-filter 83.167.66.10/32 exact; route-filter 83.167.66.16/32 exact; route-filter 83.167.66.19/32 exact; route-filter 83.167.72.1/32 exact; route-filter 83.167.81.1/32 exact; route-filter 83.167.88.1/32 exact; route-filter 10.100.101.44/30 orlonger; route-filter 83.167.65.0/24 orlonger; route-filter 83.167.66.160/29 orlonger; route-filter 83.167.66.164/30 orlonger; } then accept; } term 2 { then reject; } } } Но в NextOne.inet.0 попадают маршруты, которые не должны туда попадать Reveal hidden contents > show route table NextOne.inet.0 protocol ospf NextOne.inet.0: 3440 destinations, 3475 routes (3440 active, 0 holddown, 0 hidden) + = Active Route, - = Last Active, * = Both 10.100.101.44/30 *[OSPF/150] 01:20:10, metric 120, tag 0 > to 83.167.66.250 via xe-0/0/0.4019 to 83.167.66.238 via xe-0/0/0.4015 10.100.101.118/32 *[OSPF/150] 01:20:10, metric 120, tag 0 > to 83.167.66.238 via xe-0/0/0.4015 10.222.255.52/30 *[OSPF/10] 6d 03:16:52, metric 161 to 83.167.66.250 via xe-0/0/0.4019 > to 83.167.66.238 via xe-0/0/0.4015 10.222.255.56/30 *[OSPF/10] 6d 03:16:52, metric 162 to 83.167.66.250 via xe-0/0/0.4019 > to 83.167.66.238 via xe-0/0/0.4015 83.167.65.0/24 *[OSPF/150] 01:20:10, metric 120, tag 0 to 83.167.66.250 via xe-0/0/0.4019 > to 83.167.66.238 via xe-0/0/0.4015 83.167.65.40/29 *[OSPF/150] 01:20:10, metric 120, tag 0 > to 83.167.66.250 via xe-0/0/0.4019 to 83.167.66.238 via xe-0/0/0.4015 83.167.65.52/30 *[OSPF/150] 01:20:10, metric 120, tag 0 to 83.167.66.250 via xe-0/0/0.4019 > to 83.167.66.238 via xe-0/0/0.4015 83.167.65.56/30 *[OSPF/150] 01:20:10, metric 120, tag 0 to 83.167.66.250 via xe-0/0/0.4019 > to 83.167.66.238 via xe-0/0/0.4015 83.167.65.60/30 *[OSPF/150] 01:20:10, metric 20, tag 0 > to 83.167.66.250 via xe-0/0/0.4019 to 83.167.66.238 via xe-0/0/0.4015 83.167.66.1/32 *[OSPF/150] 01:20:10, metric 120, tag 0 > to 83.167.66.250 via xe-0/0/0.4019 to 83.167.66.238 via xe-0/0/0.4015 83.167.66.5/32 *[OSPF/150] 01:20:10, metric 120, tag 0 > to 83.167.66.238 via xe-0/0/0.4015 83.167.66.8/32 *[OSPF/10] 6d 03:16:52, metric 161 to 83.167.66.250 via xe-0/0/0.4019 > to 83.167.66.238 via xe-0/0/0.4015 83.167.66.9/32 *[OSPF/150] 01:20:10, metric 120, tag 0 to 83.167.66.250 via xe-0/0/0.4019 > to 83.167.66.238 via xe-0/0/0.4015 83.167.66.10/32 *[OSPF/150] 01:20:10, metric 120, tag 0 > to 83.167.66.250 via xe-0/0/0.4019 to 83.167.66.238 via xe-0/0/0.4015 83.167.66.11/32 *[OSPF/10] 6d 03:16:52, metric 162 > to 83.167.66.250 via xe-0/0/0.4019 to 83.167.66.238 via xe-0/0/0.4015 83.167.66.12/32 *[OSPF/10] 6d 03:16:52, metric 161 > to 83.167.66.250 via xe-0/0/0.4019 to 83.167.66.238 via xe-0/0/0.4015 83.167.66.13/32 *[OSPF/10] 6d 03:16:52, metric 162 to 83.167.66.250 via xe-0/0/0.4019 > to 83.167.66.238 via xe-0/0/0.4015 83.167.66.16/32 *[OSPF/150] 01:20:10, metric 120, tag 0 > to 83.167.66.238 via xe-0/0/0.4015 83.167.66.22/32 *[OSPF/10] 6d 03:16:52, metric 163 > to 83.167.66.250 via xe-0/0/0.4019 to 83.167.66.238 via xe-0/0/0.4015 83.167.66.32/30 *[OSPF/10] 6d 03:33:04, metric 160 > to 83.167.66.238 via xe-0/0/0.4015 83.167.66.36/30 *[OSPF/10] 6d 03:16:52, metric 161 to 83.167.66.250 via xe-0/0/0.4019 > to 83.167.66.238 via xe-0/0/0.4015 83.167.66.40/30 *[OSPF/10] 6d 03:16:52, metric 161 > to 83.167.66.250 via xe-0/0/0.4019 to 83.167.66.238 via xe-0/0/0.4015 83.167.66.44/30 *[OSPF/10] 2d 00:26:41, metric 162 > to 83.167.66.250 via xe-0/0/0.4019 to 83.167.66.238 via xe-0/0/0.4015 83.167.66.52/30 *[OSPF/10] 6d 03:16:52, metric 161 > to 83.167.66.250 via xe-0/0/0.4019 to 83.167.66.238 via xe-0/0/0.4015 83.167.66.64/30 *[OSPF/10] 6d 03:16:52, metric 161 > to 83.167.66.250 via xe-0/0/0.4019 to 83.167.66.238 via xe-0/0/0.4015 83.167.66.68/30 *[OSPF/10] 6d 03:33:04, metric 200 > to 83.167.66.238 via xe-0/0/0.4015 83.167.66.72/30 *[OSPF/10] 6d 03:16:52, metric 161 to 83.167.66.250 via xe-0/0/0.4019 > to 83.167.66.238 via xe-0/0/0.4015 83.167.66.80/30 *[OSPF/10] 6d 03:16:52, metric 161 > to 83.167.66.250 via xe-0/0/0.4019 to 83.167.66.238 via xe-0/0/0.4015 83.167.66.84/30 *[OSPF/10] 6d 03:16:52, metric 162 > to 83.167.66.250 via xe-0/0/0.4019 to 83.167.66.238 via xe-0/0/0.4015 83.167.66.96/30 *[OSPF/10] 6d 03:33:04, metric 200 > to 83.167.66.238 via xe-0/0/0.4015 83.167.66.100/30 *[OSPF/10] 6d 03:16:52, metric 200 > to 83.167.66.250 via xe-0/0/0.4019 83.167.66.104/30 *[OSPF/10] 6d 03:16:52, metric 161 to 83.167.66.250 via xe-0/0/0.4019 > to 83.167.66.238 via xe-0/0/0.4015 83.167.66.108/30 *[OSPF/10] 6d 03:16:52, metric 161 to 83.167.66.250 via xe-0/0/0.4019 > to 83.167.66.238 via xe-0/0/0.4015 83.167.66.120/30 *[OSPF/10] 6d 03:33:04, metric 200 > to 83.167.66.238 via xe-0/0/0.4015 83.167.66.140/30 *[OSPF/10] 6d 03:16:52, metric 160 > to 83.167.66.250 via xe-0/0/0.4019 to 83.167.66.238 via xe-0/0/0.4015 83.167.66.144/29 *[OSPF/10] 6d 03:16:52, metric 162 > to 83.167.66.250 via xe-0/0/0.4019 to 83.167.66.238 via xe-0/0/0.4015 83.167.66.152/30 *[OSPF/10] 6d 03:16:52, metric 200 > to 83.167.66.250 via xe-0/0/0.4019 83.167.66.156/30 *[OSPF/10] 6d 03:16:52, metric 200 > to 83.167.66.250 via xe-0/0/0.4019 83.167.66.160/30 *[OSPF/10] 6d 03:16:52, metric 162 > to 83.167.66.250 via xe-0/0/0.4019 to 83.167.66.238 via xe-0/0/0.4015 83.167.66.188/30 *[OSPF/10] 6d 03:16:52, metric 161 > to 83.167.66.250 via xe-0/0/0.4019 to 83.167.66.238 via xe-0/0/0.4015 83.167.66.225/32 *[OSPF/150] 01:20:10, metric 120, tag 0 > to 83.167.66.250 via xe-0/0/0.4019 83.167.66.226/32 *[OSPF/150] 01:20:10, metric 120, tag 0 > to 83.167.66.250 via xe-0/0/0.4019 83.167.66.236/31 *[OSPF/10] 6d 03:33:04, metric 180 > to 83.167.66.238 via xe-0/0/0.4015 83.167.66.244/31 *[OSPF/10] 6d 03:07:28, metric 300 > to 83.167.66.238 via xe-0/0/0.4015 83.167.66.246/31 *[OSPF/10] 6d 01:28:25, metric 300 > to 83.167.66.238 via xe-0/0/0.4015 83.167.66.248/31 *[OSPF/10] 6d 03:16:52, metric 180 > to 83.167.66.250 via xe-0/0/0.4019 83.167.66.252/31 *[OSPF/10] 6d 03:03:38, metric 300 > to 83.167.66.250 via xe-0/0/0.4019 83.167.66.254/31 *[OSPF/10] 6d 02:58:33, metric 300 > to 83.167.66.250 via xe-0/0/0.4019 83.167.67.4/30 *[OSPF/10] 6d 03:16:52, metric 160 > to 83.167.66.250 via xe-0/0/0.4019 83.167.72.1/32 *[OSPF/150] 01:20:10, metric 120, tag 0 > to 83.167.66.250 via xe-0/0/0.4019 to 83.167.66.238 via xe-0/0/0.4015 83.167.88.1/32 *[OSPF/150] 01:20:10, metric 120, tag 0 > to 83.167.66.250 via xe-0/0/0.4019 to 83.167.66.238 via xe-0/0/0.4015 172.16.0.160/30 *[OSPF/10] 6d 03:16:52, metric 161 > to 83.167.66.250 via xe-0/0/0.4019 to 83.167.66.238 via xe-0/0/0.4015 172.16.0.164/30 *[OSPF/10] 6d 03:16:52, metric 161 to 83.167.66.250 via xe-0/0/0.4019 > to 83.167.66.238 via xe-0/0/0.4015 172.16.0.172/30 *[OSPF/10] 6d 03:16:52, metric 161 > to 83.167.66.250 via xe-0/0/0.4019 to 83.167.66.238 via xe-0/0/0.4015 172.16.0.180/30 *[OSPF/10] 6d 03:16:52, metric 161 > to 83.167.66.250 via xe-0/0/0.4019 to 83.167.66.238 via xe-0/0/0.4015 172.16.1.32/30 *[OSPF/10] 6d 03:16:52, metric 161 to 83.167.66.250 via xe-0/0/0.4019 > to 83.167.66.238 via xe-0/0/0.4015 172.16.6.4/30 *[OSPF/10] 6d 03:16:52, metric 162 > to 83.167.66.250 via xe-0/0/0.4019 to 83.167.66.238 via xe-0/0/0.4015 172.16.6.16/30 *[OSPF/10] 6d 03:16:52, metric 162 > to 83.167.66.250 via xe-0/0/0.4019 to 83.167.66.238 via xe-0/0/0.4015 172.16.6.248/29 *[OSPF/10] 6d 03:16:52, metric 161 > to 83.167.66.250 via xe-0/0/0.4019 to 83.167.66.238 via xe-0/0/0.4015 172.20.49.64/27 *[OSPF/10] 6d 03:16:52, metric 161 > to 83.167.66.250 via xe-0/0/0.4019 to 83.167.66.238 via xe-0/0/0.4015 224.0.0.5/32 *[OSPF/10] 6d 03:43:55, metric 1 MultiRecv Пробовал менять policy: policy-options { policy-statement ospf-vrf-NextOne-import { term 2 { then reject; } } Однако, в NextOne.inet.0 попадают все те же маршруты. Ребята-джуноводы, помогите, пожалуйста, советом. Как отфильтровать import ospf маршруты? А что вы фильтруете ? Вы учли что The filtering is done only on external routes in OSPF. The intra-area and interarea routes are not considered for filtering. Вставить ник Цитата Ответить с цитированием Поделиться сообщением Ссылка на сообщение Поделиться на других сайтах More sharing options...
qelso Опубликовано 31 января, 2018 · Жалоба @vvertexx , верное замечание. Сразу не обратил внимание, LSA5 фильтруются. Помимо разрешенных в policy-options маршрутов, прилетают LSA 3, которые согласно policy-options, не должны попадать в таблицу. Видимо, @orlik прав: The filtering is done only on external routes in OSPF. The intra-area and interarea routes are not considered for filtering. Коллеги подсказывают: "you are correct in that you cannot filter intra-area routes with the ospf import statement. However, you could configure the routes as martians under routing-options to prevent them from being installed in the routing table." Но что-то не хочется городить. Есть идеи, помимо the routes as martians? Или смириться? Вставить ник Цитата Ответить с цитированием Поделиться сообщением Ссылка на сообщение Поделиться на других сайтах More sharing options...
v_r Опубликовано 31 января, 2018 · Жалоба Inter-area можно фильтровать на границах area, но делается это не через import-policy а через area-range в соответствующей area. Вставить ник Цитата Ответить с цитированием Поделиться сообщением Ссылка на сообщение Поделиться на других сайтах More sharing options...
qelso Опубликовано 31 января, 2018 · Жалоба @v_r , спасибо. Но мне это не подходит, данный джун не ABR. Не смотря на это попробовал заюзать area-range вместе с network-summary-import - не помогло. Вставить ник Цитата Ответить с цитированием Поделиться сообщением Ссылка на сообщение Поделиться на других сайтах More sharing options...
Mystray Опубликовано 31 января, 2018 · Жалоба На крайний случай можно через routing-options forwarding-table export <policy> предотвратить установку конкретных роутов в pfe. Но зачем? Вставить ник Цитата Ответить с цитированием Поделиться сообщением Ссылка на сообщение Поделиться на других сайтах More sharing options...
orlik Опубликовано 1 февраля, 2018 · Жалоба 11 hours ago, Mystray said: На крайний случай можно через routing-options forwarding-table export <policy> предотвратить установку конкретных роутов в pfe. Но зачем? +1 полностью поддерживаю , если очень мешают можно не инставить в фиб Вставить ник Цитата Ответить с цитированием Поделиться сообщением Ссылка на сообщение Поделиться на других сайтах More sharing options...
qelso Опубликовано 1 февраля, 2018 · Жалоба @Mystray, @orlik, чтобы клиенты из этого vrf могли ходить только на разрешенные хосты. Решили пока забить, т.к. ничего страшного не должно произойти. Но за наводку спасибо, буду иметь ввиду. Вставить ник Цитата Ответить с цитированием Поделиться сообщением Ссылка на сообщение Поделиться на других сайтах More sharing options...
v_r Опубликовано 1 февраля, 2018 · Жалоба ACL на интерфейсе не решит задачу? Вставить ник Цитата Ответить с цитированием Поделиться сообщением Ссылка на сообщение Поделиться на других сайтах More sharing options...
qelso Опубликовано 2 февраля, 2018 · Жалоба @v_r, не знаю, пока нет времени продумывать это. Пусть пока так работает. Но за совет, спасибо. Тему можно считать закрытой. Вставить ник Цитата Ответить с цитированием Поделиться сообщением Ссылка на сообщение Поделиться на других сайтах More sharing options...
