Professional Documents
Culture Documents
4-1
Copyright 2005 Juniper Networks, Inc.
www.juniper.net
Policy Overview
Controls routing information transferred into and out
of the routing table
Can ignore or change incoming routing information
Can suppress or change outgoing routing information
Neighbors
Import
Routes
Routing
Table
Protocol
Export
Routes
Protocol
PFE
Forwarding
Table
Policy 1
Policy 2
Term A
Term A
Accept
or Reject
Term B
Accept
or Reject
Term A
Accept
or Reject
Default
Policy
Accept
or Reject
Accept
Accept
or Reject
Term B
Accept
or Reject
Term C
2008 Juniper Networks, Inc. All rights reserved.
Policy n
Reject
Term C
Accept
or Reject
A policy
can have
multiple
terms
Match Conditions
Policies typically contain some form of match criterion
Possibilities include:
Neighbor address
Protocol (source of information)
BGP, direct, DVMRP, IS-IS, local, MPLS, OSPF,
PIM, RIP, static, aggregate
Match Actions
The action associated with a given term/policy is
performed for matching routes:
Terminating actions
Accept route
Reject (or suppress) route
Default Policies
Every protocol has a default policy
RIP
BGP
A Policy Example
Write a policy statement at the [edit policyoptions] hierarchy:
[edit policy-options]
user@host# show policy-statement advertise-ospf
term pick-ospf {
from protocol ospf;
then accept;
}
10
To
[edit]
user@host# show policy-options
policy-statement isis-level2 {
term find-level2-routes {
from {
protocol isis;
Logical AND Function
level 2;
}
then accept;
}
}
accomplish
a logical OR, use separate terms
11
Applying Policy
You must apply policies before they can take effect
Link-state protocols (IS-IS and OSPF) have only export
filtering points
BGP and RIP support both import and export policies
[edit protocols]
user@host# show
bgp {
import bgp-import;
export bgp-export;
}
ospf {
export ospf-export;
}
2008 Juniper Networks, Inc. All rights reserved.
12
13
14
Route Filters
Use route filters to match an individual route
(or groups of routes)
exact
orlonger
longer
upto
through
prefix-length-range
15
orlonger
longer
16
through
prefix-length-range
Match only routes that start with the same prefix and
have a mask between the two values specified
(inclusive match)
from route-filter 192.168/16 prefix-length-range /20-/24;
17
192.168/16
exact
192.168/16
upto
192.168/16
192.168/16
/x
prefix-length-range /x-/y
/y
through
18
LongestMatch
Lookup
If specific actions are not defined, the then portion of the term is
executed for matching prefixes
19
20
21
Route
Filters
Import
Policy
Export
Policy
Routing
Table
Neighbors
Routes
Protocol
Protocol
22