Junos OS

Hi Guys,

   Quick question about Junos policy AND/OR setup.  The official Junos Enterprise routing book has the following excerp:

[edit policy-options]
lab@PBR# show
policy-statement test {
    term 1 {
        from {
            protocol [ bgp rip ]; ##logical OR within brackets
            interface fe-0/0/0.0; ## logical AND with other match criteria
        }
        then next term;
    }
}

In this case, a match will occur when a route is learned over the fe-0/0/0 interface and is learned from BGP or RIP.

My Question is when does it perform and OR within a term and when is it an AND.

I thought it was if its in the [ ] it means or but I have the following setup which seems to work fine.

policy-statement TO-ISP {
    term one {
        from {
            route-filter 10.10.100.0/24 exact;
            route-filter 10.10.101.0/24 exact;
            route-filter 10.10.102.0/24 exact;
        }
        then {
            accept;

 This policy lets my router send any of those three routes over to the ISP.  If one of them does not exist then they other two still get sent so inst this also an OR within the from.

My final goal here is I want to know if the following would be an OR or and AND.  Essentially I want to accept the route if it either has a tag of 5 or has the community of ACCEPT.  I dont want it to look for routes that have both

policy-statement ACCEPTED {
    term one {
        from {
             tag 50
             community ACCEPT
        }
        then {

            accept;

Thanks!

Hi Magraw

I believe with the routing policy example anything contained in the same stanza, so from your example...everything in the from route-filter,  would be the "OR", in your example

TO-ISP

it is an "AND" because there are two variables that have to be confirmed in the from statement, and they include from tag 50 and community "ACCEPT".

So the rule of thumb, if you create a term and there are multiple variables in the same stanza, meaning an example of route-filter with a single or a few IP or Subnets, then this is an or, the moment you add an additional stanza variable into the same term, that makes it an "AND".

An example contrasting would be the following....

"OR" example - this example is saying this policy will accept anything from 1.0, 2.0, or 3.0.

policy-statement test1 {
    from {
        route-filter 192.168.1.0/24 exact;
        route-filter 192.168.2.0/24 exact;
        route-filter 192.168.3.0/24 exact;
    }
    then accept;
}

"AND" example - here i am saying, match ospf and match either 1.0, 2.0, or 3.0. 

from {
    protocol ospf; <--------AND match one of the below
    route-filter 192.168.1.0/24 exact;  <----OR
    route-filter 192.168.2.0/24 exact; <-----OR
    route-filter 192.168.3.0/24 exact; <-----OR
}
then accept

I hope this helps!

These are called match-conditions.  When you list the same match-condition, it becomes a logical OR operation.  Only one has to match in order for it to evaluate as true.

If you would like to test your routes against tag and community . Then you have to create two separate terms separating tag and community . 

Hello All,

This from 2011 and know 2014!!

so logical OR with different conditions

this an example

policy-statement first-check
    term compare-community-first
        from
            community ACCEPT
        then
            accept
    term compare-tag-second
        then
            policy second-check

policy-statement second-check
    term compare-tag
        from
            tag 50
        then
            accept
    term reject
        then 
            reject

or you can use: then term term-name 

I did not try it.. but I hope its right 🙂

thank you