OSPF among Cisco and Juniper

Question

Below are snippets of ospf configs among Cisco and Juniper devices. However, not all are seeing each other in "show ip ospf", especially the redistributed routes into ospf.

I'm sure the router id(s) are unique and all have overlapping areas to begin with. Not using any proprietary features (nssa, totally nssa, totally stubby, etc) on these devices. Can anyone notice something I'm not seeing? or is ospf in full adjacency and convergence and I'm just being paranoid? Thanks.

[891]

  !
    router ospf 1
     router-id 8.8.8.8
    !
    interface FastEthernet8
     description $ETH-WAN$
     ip address 10.10.10.100 255.255.255.0
     ip ospf 1 area 0
     duplex auto
     speed auto
     no cdp enable
     crypto map SDM_CMAP_1
    !

[2911 - main gw]

interface GigabitEthernet0/1.10
 description $FW_INSIDE$
 encapsulation dot1Q 10
 ip address 10.10.20.10 255.255.255.0
 ip nat inside
 ip virtual-reassembly in
 zone-member security in-zone
 ip ospf 1 area 2
!
interface GigabitEthernet0/1.50
 description $FW_INSIDE$
 encapsulation dot1Q 50
 ip address 10.10.10.5 255.255.255.0
 ip nat inside
 ip virtual-reassembly in
 zone-member security in-zone
 ip ospf 1 area 0
!
!
interface GigabitEthernet0/1.70
 description $FW_INSIDE$
 encapsulation dot1Q 70
 ip address 10.10.70.10 255.255.255.0
 ip nat inside
 ip virtual-reassembly in
 zone-member security in-zone
 ip ospf 1 area 7
!
router ospf 1
 router-id 9.9.9.9
 redistribute static metric 1000 subnets
!

[ASA]

!
router ospf 1
 router-id 5.5.5.5
 network 10.10.10.0 255.255.255.0 area 0
 log-adj-changes
!

[Juniper SRX]

set routing-options static route 0.0.0.0/0 next-hop 10.10.10.5
set routing-options router-id 2.2.2.2
set protocols ospf area 0.0.0.0 interface fe-0/0/0.0

[show ospf(s)]

       sndlt2911#sho ip osp nei

        Neighbor ID     Pri   State           Dead Time   Address         Interface
        2.2.2.2         128   2WAY/DROTHER    00:00:37    10.10.10.101    GigabitEthernet0/1.50
        5.5.5.5           1   FULL/BDR        00:00:36    10.10.10.2      GigabitEthernet0/1.50
        8.8.8.8           1   FULL/DR         00:00:36    10.10.10.100    GigabitEthernet0/1.50

sndlt2911#sho ip rou

    Gateway of last resort is 89.1.1.2 to network 0.0.0.0

    S*    0.0.0.0/0 [1/0] via 89.1.1.2, GigabitEthernet0/0
          10.0.0.0/8 is variably subnetted, 7 subnets, 2 masks
    C        10.10.10.0/24 is directly connected, GigabitEthernet0/1.50
    L        10.10.10.5/32 is directly connected, GigabitEthernet0/1.50
    C        10.10.20.0/24 is directly connected, GigabitEthernet0/1.10
    L        10.10.20.10/32 is directly connected, GigabitEthernet0/1.10
    S        10.10.30.1/32 [0/0], Virtual-Access2
    C        10.10.70.0/24 is directly connected, GigabitEthernet0/1.70
    L        10.10.70.10/32 is directly connected, GigabitEthernet0/1.70
          88.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
    C        89.1.1.2/22 is directly connected, GigabitEthernet0/0
    L        89.1.1.2/32 is directly connected, GigabitEthernet0/0
          172.16.0.0/32 is subnetted, 1 subnets
    S        172.16.0.1 [254/0] via 89.1.1.2, GigabitEthernet0/0
    sndlt2911#show run | i redistribute
     redistribute static metric 1000 subnets
    sndlt2911#

    sndASA# sho osp nei   
    Neighbor ID     Pri   State           Dead Time   Address         Interface
    2.2.2.2         128   FULL/DROTHER    0:00:33     10.10.10.101    outside
    9.9.9.9           1   FULL/DROTHER    0:00:36     10.10.10.5      outside
    8.8.8.8           1   FULL/DR         0:00:36     10.10.10.100    outside
    sndASA# 

    root@srx> show ospf neighbor 
    Address          Interface              State     ID               Pri  Dead
    10.10.10.2       fe-0/0/0.0             Full      5.5.5.5            1    39
    10.10.10.100     fe-0/0/0.0             Full      8.8.8.8            1    35
    10.10.10.5       fe-0/0/0.0             2Way      9.9.9.9            1    35


    SndLt891#sho ip osp nei

    Neighbor ID     Pri   State           Dead Time   Address         Interface
    2.2.2.2         128   FULL/DROTHER    00:00:38    10.10.10.101    FastEthernet8
    5.5.5.5           1   FULL/BDR        00:00:39    10.10.10.2      FastEthernet8
    9.9.9.9           1   FULL/DROTHER    00:00:36    10.10.10.5      FastEthernet8

score 0 · Accepted Answer · answered Jun 12 '15 at 12:09

Your Juniper interfaces need to be defined in the routing-options stanza, but since this is an SRX, you need to permit host-inbound traffic to allow the OSPF protocol to talk.

Example:

    routing-options {
        static {
            route 0.0.0.0/0 next-hop 1.2.3.4;
        }
    }
    protocols {
        ospf {
            apply-groups ospf-bfd;
            traceoptions {
                file ospf-log;
                flag hello detail;
                flag error detail;
                flag database-description detail;
                flag all;
                flag event;
            }
            export export-statics;
            reference-bandwidth 100g;
            area 0.0.0.0 {
                interface lo0.0 {
                    passive;
                }
                interface reth0.0 {
                    priority 0;
                }
                interface st0.30;
                interface st0.31;
            }
        }
        bfd {
            traceoptions {
                file bfd.log size 1m files 10 world-readable;
                flag error;
                flag adjacency;
            }
        }
    }
zones {
       security-zone trust {
            host-inbound-traffic {
                system-services {
                    ssh;
                    ping;
                }
                protocols {
                    ospf;
                }

OSPF among Cisco and Juniper

1 Answers1