Juniper routing policy configuration example helps us better understand what we discussed in theory in the previous section.
We will configure a simple routing policy scenario to advertise the default route over OSPF routing protocol with both prefix-list and route-filter.
Juniper Routing Policy Configuration Example
Juniper Routing Policy Topology review
This is the topology that we used in the previous sections to configure OSPF. What we will add in this section is to configure an export routing policy example to advertise the default route over the OSPF routing protocol.
just to review, vSRX1 and vSRX2 are connected to each other via two interfaces, ge-0/0/0 and ge-0/0/1 with IP address ranges 10.10.10.0/24 and 20.20.20.0/24.
The OSPF routing protocol is already configured between these two devices, and the address of the loopback interfaces 172.16.1.1/24 and 172.16.2.1/24 can reach each other since it is advertised through the OSPF routing protocol.
Now let’s assume that vSRX1 is connected to the internet, so we add a default static route with the next hop pointing to the internet. But since vSRX1 is not actually connected to the internet, we use “discard” as the next hop just to add a default route to the routing table.
Then we write an export routing policy to export the default route from the routing table to the OSPF routing protocol. In this way, the other routers on the network learn how to reach the Internet.
Juniper Routing Policy Configuration review
And just to review the configuration, we write a routing policy with the name of for example “DEFAULT-ORIGINATE”.
This policy contains only one rule or term that matches static routes, and the route that exactly matches 0.0.0.0/0 to be accepted. Then we apply the policy to OSPF so that routes that match the policy can be exported to the OSPF routing protocol.
The route that matches exactly 0.0.0.0/0 can be configured using both the prefix-list and the route-filter. The differences between these two tools are explained in the previous section.
Juniper routing policy configuration
Before starting configuration, let’s make sure that the OSPF is already configured between these two devices, vSRX1 and vSRX2.
rayka@vSRX1# run show ospf neighbor
Address Interface State ID Pri Dead
10.10.10.2 ge-0/0/0.0 Full 172.16.2.1 128 39
20.20.20.2 ge-0/0/1.0 Full 172.16.2.1 128 38In the next step we configure a default route but with “discard” as the next-hop, since the real internet is not connected to vSRX1.
!!! vSRX1
set routing-options static route 0.0.0.0/0 discard
!
rayka@vSRX1# run show route
inet.0: 12 destinations, 12 routes (12 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
0.0.0.0/0 *[Static/5] 00:00:04
Discard
...Then we make sure that default route is created in the routing table with the command “show route”.
Now we create a routing policy with the name of “DEFAULT-ORIGINATE” which includes one term, matching static route and exact default route.There are two options to match with exact default route.
set policy-options policy-statement DEFAULT-ORIGINATE term 10 from protocol static
rayka@vSRX1# set policy-options policy-statement DEFAULT-ORIGINATE term 10 from route-filter 0.0.0.0/0 ?
Possible completions:
address-mask Mask applied to prefix address
exact Exactly match the prefix length
longer Mask is greater than the prefix length
orlonger Mask is greater than or equal to the prefix length
prefix-length-range Mask falls between two prefix lengths
through Route falls between two prefixes
upto Mask falls between two prefix lengths
set policy-options policy-statement DEFAULT-ORIGINATE term 10 from route-filter 0.0.0.0/0 exact
set policy-options policy-statement DEFAULT-ORIGINATE term 10 then acceptThe first option is to use “route-filter” which has many other parameters other than “exact” to match the subnet mask like “orlonger”, “prefix-length-range” and “upto”. However we do not need these parameters in this example.
Before checking the second option to match the default route with prefix-list, let’s apply the current policy to the OSPF and make sure that the default route is advertised to vSRX2.
!!! vSRX1
set protocols ospf export DEFAULT-ORIGINATE
!!! vSRX2
rayka@vSRX2# run show route
inet.0: 12 destinations, 12 routes (12 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
0.0.0.0/0 *[OSPF/150] 00:00:15, metric 0, tag 0
> to 10.10.10.1 via ge-0/0/0.0
to 20.20.20.1 via ge-0/0/1.0as you can see the default route is learned in vSRX2 through two routes, since ther are two path between vSRX1 and vSRX2.
Now that we are sure that it works, let’s delete the route-filter and replace it with prefix-list with has no option other than default exact option or prefix-list-filter which has the options of “exact”, “longer” and “orlonger”. But there is no options “prefix-length-range” and “upto” like route-filter.
!!! vSRX1
delete policy-options policy-statement DEFAULT-ORIGINATE term 10
!
set policy-options prefix-list DEFAULT 0.0.0.0/0
!
set policy-options policy-statement DEFAULT-ORIGINATE term 10 from protocol static
rayka@vSRX1# set policy-options policy-statement DEFAULT-ORIGINATE term 5 from prefix-list ?
Possible completions:
<prefix-list-name> Name of prefix-list of routes to match
DEFAULT Name of prefix-list of routes to match
[edit]
rayka@vSRX1# set policy-options policy-statement DEFAULT-ORIGINATE term 10 from prefix-list-filter ?
Possible completions:
<list_name> Name of prefix-list of routes to match
exact Exactly match the prefix length
longer Mask is greater than the prefix length
orlonger Mask is greater than or equal to the prefix length
set policy-options policy-statement DEFAULT-ORIGINATE term 10 from prefix-list DEFAULT
set policy-options policy-statement DEFAULT-ORIGINATE term 10 then acceptWith check the result again with “show route” command in VSRX2 to make sure that default route is correctly advertise.
!!! vSRX2
rayka@vSRX2# run show route
inet.0: 12 destinations, 12 routes (12 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
0.0.0.0/0 *[OSPF/150] 00:00:15, metric 0, tag 0
> to 10.10.10.1 via ge-0/0/0.0
to 20.20.20.1 via ge-0/0/1.0