Day One Tips
Day One Tips

Tip - "test policy" command to check if the policy is working fine or not

‎12-25-2016 10:45 PM

Hi all,

 

When we create policies, for example, which includes lot of match conditions, allowing certain prefixes, rejecting certain prefixes, allowing certain prefix ranges, rejecting certain prefix ranges etc... we often need to check whether the policy is working fine or not. There is one such utility/command available in Junos called "test policy" which can help us to verify whether the policy is working fine against a given destination prefix or not.

 

For example, I have following policy which only allows 100.100.100.100/32 prefix and rejects all other prefixes.

 

lab> show configuration | display set | match LDP-ADVERTISE-LABEL-FOR
set protocols ldp egress-policy LDP-ADVERTISE-LABEL-FOR
set policy-options policy-statement LDP-ADVERTISE-LABEL-FOR term lo0 from route-filter 100.100.100.100/32 exact
set policy-options policy-statement LDP-ADVERTISE-LABEL-FOR term lo0 then accept
set policy-options policy-statement LDP-ADVERTISE-LABEL-FOR term default then reject

 

set interfaces lo0 unit 0 family inet address 100.100.100.100/32
set interfaces lo0 unit 0 family inet address 110.100.110.100/32

 

For 100.100.100.100, it passes the test:

 

lab> test policy LDP-ADVERTISE-LABEL-FOR 100.100.100.100    

inet.0: 18 destinations, 18 routes (17 active, 0 holddown, 1 hidden)
Restart Complete
+ = Active Route, - = Last Active, * = Both

100.100.100.100/32 *[Direct/0] 1w2d 18:40:30
                    > via lo0.0

Policy LDP-ADVERTISE-LABEL-FOR: 1 prefix accepted, 0 prefix rejected

 

For 110.100.110.100, it fails the test:

 

lab> test policy LDP-ADVERTISE-LABEL-FOR 110.100.110.100

Policy LDP-ADVERTISE-LABEL-FOR: 0 prefix accepted, 1 prefix rejected

 

Hope this helps.

 

If this post was helpful, please mark this post as an "Accepted Solution".
Kudos are always appreciated!

 

Thanks

 

Hope this helps

--------------------------------------------------------------------------------------------------------
If this post was helpful, please mark this post as an "Accepted Solution".
Kudos are always appreciated!
--------------------------------------------------------------------------------------------------------