Month: February 2024

IS-IS – Leaking Routes from Level 2

nick Leave a comment

By default, level 2 routes are not distributed into level 1. There may be situations where you need a more specific route rather than the default route provided by the ABR.

https://www.juniper.net/documentation/us/en/software/junos/is-is/topics/concept/is-is-routing-overview.html#:~:text=Level%201%20routers%20share%20intra,with%20other%20Level%202%20routers.

The aim of this lab is to leak a route from level 2 so that level 1 devices have a more specific route to the loopback of vMX3. This is done with a policy on the ABR (vMX4)

Exports_eve-ng_export-20240220-185454Download

vMX1

set interfaces ge-0/0/0 unit 0 family inet address 1.1.1.1/30
set interfaces ge-0/0/0 unit 0 family iso
set interfaces ge-0/0/1 unit 0 family inet address 1.2.2.1/30
set interfaces ge-0/0/1 unit 0 family iso
set interfaces ge-0/0/2 unit 0 family inet address 1.3.3.1/30
set interfaces ge-0/0/2 unit 0 family iso
set interfaces lo0 unit 0 family inet address 5.5.5.5/32
set interfaces lo0 unit 0 family iso address 49.0000.5555.5555.5555.00
set protocols isis interface ge-0/0/0.0 level 1 disable
set protocols isis interface ge-0/0/1.0 level 1 disable
set protocols isis interface ge-0/0/2.0 level 1 disable
set protocols isis interface lo0.0

vMX2

set interfaces ge-0/0/0 unit 0 family inet address 1.1.1.2/30
set interfaces ge-0/0/0 unit 0 family iso
set interfaces ge-0/0/1 unit 0 family inet address 2.2.2.1/30
set interfaces ge-0/0/1 unit 0 family iso
set interfaces lo0 unit 0 family inet address 6.6.6.6/32
set interfaces lo0 unit 0 family iso address 49.0000.6666.6666.6666.00
set protocols isis interface ge-0/0/0.0 level 1 disable
set protocols isis interface ge-0/0/1.0 level 1 disable
set protocols isis interface lo0.0

vMX3

set interfaces ge-0/0/0 unit 0 family inet address 2.2.2.2/30
set interfaces ge-0/0/0 unit 0 family iso
set interfaces ge-0/0/1 unit 0 family inet address 1.2.2.2/30
set interfaces ge-0/0/1 unit 0 family iso
set interfaces ge-0/0/2 unit 0 family inet address 3.3.3.1/30
set interfaces ge-0/0/2 unit 0 family iso
set interfaces lo0 unit 0 family inet address 7.7.7.7/32
set interfaces lo0 unit 0 family iso address 49.0000.7777.7777.7777.00
set protocols isis interface ge-0/0/0.0 level 1 disable
set protocols isis interface ge-0/0/1.0 level 1 disable
set protocols isis interface ge-0/0/2.0 level 1 disable
set protocols isis interface lo0.0

vMX4

set interfaces ge-0/0/0 unit 0 family inet address 1.3.3.2/30
set interfaces ge-0/0/0 unit 0 family iso
set interfaces ge-0/0/1 unit 0 family inet address 3.3.3.2/30
set interfaces ge-0/0/1 unit 0 family iso
set interfaces ge-0/0/2 unit 0 family inet address 4.4.4.1/30
set interfaces ge-0/0/2 unit 0 family iso
set interfaces ge-0/0/3 unit 0 family inet address 6.6.6.2/30
set interfaces ge-0/0/3 unit 0 family iso
set interfaces lo0 unit 0 family inet address 8.8.8.8/32
set interfaces lo0 unit 0 family iso address 49.0001.8888.8888.8888.00
set protocols isis export leak
set protocols isis interface ge-0/0/0.0
set protocols isis interface ge-0/0/1.0 level 1 disable
set protocols isis interface ge-0/0/2.0 level 2 disable
set protocols isis interface ge-0/0/3.0 level 2 disable
set protocols isis interface lo0.0
set policy-options policy-statement leak term 1 from protocol isis
set policy-options policy-statement leak term 1 from level 2
set policy-options policy-statement leak term 1 from route-filter 7.7.7.7/32 exact
set policy-options policy-statement leak term 1 to level 1
set policy-options policy-statement leak term 1 then accept

vMX5

set interfaces ge-0/0/0 unit 0 family inet address 4.4.4.2/30
set interfaces ge-0/0/0 unit 0 family iso
set interfaces ge-0/0/1 unit 0 family inet address 5.5.5.1/30
set interfaces ge-0/0/1 unit 0 family iso
set interfaces lo0 unit 0 family inet address 9.9.9.9/32
set interfaces lo0 unit 0 family iso address 49.0001.9999.9999.9999.00
set protocols isis interface ge-0/0/0.0 level 2 disable
set protocols isis interface ge-0/0/1.0 level 2 disable
set protocols isis interface lo0.0

vMX6

set interfaces ge-0/0/0 unit 0 family inet address 5.5.5.2/30
set interfaces ge-0/0/0 unit 0 family iso
set interfaces ge-0/0/1 unit 0 family inet address 6.6.6.1/30
set interfaces ge-0/0/1 unit 0 family iso
set interfaces lo0 unit 0 family inet address 10.10.10.10/32
set interfaces lo0 unit 0 family iso address 49.0001.1010.1010.1010.00
set protocols isis interface ge-0/0/0.0 level 2 disable
set protocols isis interface ge-0/0/1.0 level 2 disable

You will now have leaked route 7.7.7.7 into the level 1 route table so run ‘show route‘ on vMX5 or vMX6 to confirm.

OSPF Virtual Link

nick Leave a comment

The backbone area is a critical component of the OSPF routing domain. It’s designated as Area 0 and serves as the core area through which all other OSPF areas must connect. The backbone area interconnects all other OSPF areas, facilitating the exchange of routing information between them. There can be situations where it is not possible to connect an area to the backbone and this is where a virtual link comes in. An example topology is below where we need to connect area 67 to the backbone and the configuration us pretty straightforward.

https://www.juniper.net/documentation/us/en/software/junos/cli-reference/topics/ref/statement/virtual-link-edit-protocols-ospf.html

Exports_eve-ng_export-20240219-191848Download

vMX1

set interfaces ge-0/0/0 unit 0 family inet address 1.1.1.1/30
set interfaces lo0 unit 0 family inet address 8.8.8.8/32
set protocols ospf area 0.0.0.0 interface ge-0/0/0.0
set protocols ospf area 0.0.0.0 interface lo0.0 passive

vMX2

set interfaces ge-0/0/0 unit 0 family inet address 1.1.1.2/30
set interfaces ge-0/0/1 unit 0 family inet address 2.2.2.1/30
set interfaces lo0 unit 0 family inet address 9.9.9.9/32
set protocols ospf area 0.0.0.0 virtual-link neighbor-id 11.11.11.11 transit-area 0.0.0.52
set protocols ospf area 0.0.0.0 interface ge-0/0/0.0
set protocols ospf area 0.0.0.0 interface lo0.0 passive
set protocols ospf area 0.0.0.52 interface ge-0/0/1.0

vMX3

set interfaces ge-0/0/0 unit 0 family inet address 2.2.2.2/30
set interfaces ge-0/0/1 unit 0 family inet address 3.3.3.1/30
set interfaces lo0 unit 0 family inet address 10.10.10.10/32
set protocols ospf area 0.0.0.52 interface ge-0/0/0.0
set protocols ospf area 0.0.0.52 interface lo0.0 passive
set protocols ospf area 0.0.0.52 interface ge-0/0/1.0

vMX4

set interfaces ge-0/0/0 unit 0 family inet address 3.3.3.2/30
set interfaces ge-0/0/1 unit 0 family inet address 4.4.4.1/30
set interfaces lo0 unit 0 family inet address 11.11.11.11/32
set protocols ospf area 0.0.0.52 interface ge-0/0/0.0
set protocols ospf area 0.0.0.52 interface lo0.0 passive
set protocols ospf area 0.0.0.67 interface ge-0/0/1.0
set protocols ospf area 0.0.0.0 virtual-link neighbor-id 9.9.9.9 transit-area 0.0.0.52

vMX5

set interfaces ge-0/0/0 unit 0 family inet address 4.4.4.2/30
set interfaces lo0 unit 0 family inet address 12.12.12.12/32
set protocols ospf area 0.0.0.67 interface ge-0/0/0.0
set protocols ospf area 0.0.0.67 interface lo0.0 passive

The virtual link will now be up and area 67 will now have routes to the backbone.