Routing

last person joined: 4 days ago 

Ask questions and share experiences about ACX Series, CTP Series, MX Series, PTX Series, SSR Series, JRR Series, and all things routing, including portfolios and protocols.

  • 1.  Anyone can explain difference among several policy-option policy-statement?

    Posted 07-27-2016 08:53

    Hi, Anyone can explain difference among several policy-option policy-statement below?

     

    We have several commands as below. In all configuration for the router MX960, I do not know how the configuration define traffic. I know these commands function would bolck the rest traffic after allowing some traffic pass. My question is what is difference among four commands? Thank you


    set policy-options policy-statement ABC_IMPORT_V4 term DROP_RFC_1918 from prefix-list-filter RFC1918 orlonger

    set policy-options policy-statement ABC_IMPORT_V4 term DROP_RFC_1918 then reject

     

    set policy-options policy-statement ABC_EXPORT_V4 term EXPLICIT_DENY then reject

    set policy-options policy-statement ABC_IMPORT_V4 term EXPLICIT_DENY then reject



  • 2.  RE: Anyone can explain difference among several policy-option policy-statement?

     
    Posted 07-27-2016 09:05

    Hi, 

     

    Are those policies being applied to any protocols?

    Also, is it the complete policy-statement?

    ABC_IMPORT_V4 and ABC_EXPORT_V4 are 2 different policies probably meant to be applied as import and export policies.

     

    "I know these commands function would bolck the rest traffic after allowing some traffic pass"

    Policies are mainly to influence routing protocol decisions and not to allow/block traffic. Allowing/Blocking traffic is implemented using firewall filters.

     

    Cheers,

    Ashvin



  • 3.  RE: Anyone can explain difference among several policy-option policy-statement?

    Posted 07-27-2016 09:24

    Thank you so much for your fast reply. I am sorry I missed some info in the last post. In fact, all the policies exist with bgp.  All that commands is like below. So these policies would allow some traffic pass and deny all rest.

     

    set routing-instances CDF protocols bgp group BCD neighbor 12.12.1.1 import ABC_IMPORT_V4



  • 4.  RE: Anyone can explain difference among several policy-option policy-statement?
    Best Answer

     
    Posted 07-27-2016 09:57

    Hi, 

     

    Based on accept actions in the import policy applied to the BGP neighbor, the prefixes in the accept term will be accepted, else there is a reject implying all prefixes will be rejected.

     

    That is, If the comprehensive policy is as below and applied as import to BGP neighbor:

    set policy-options policy-statement ABC_IMPORT_V4 term DROP_RFC_1918 from prefix-list-filter RFC1918 orlonger
set policy-options policy-statement ABC_IMPORT_V4 term DROP_RFC_1918 then reject
set policy-options policy-statement ABC_IMPORT_V4 term EXPLICIT_DENY then reject
    set routing-instances CDF protocols bgp group BCD neighbor 12.12.1.1 import ABC_IMPORT_V4

    There's no accept action + an EXPLICIT_DENY, then no prefixes are imported from that BGP neighbor.

     

    If there was no EXPLICIT-DENY term, then all prefixes would be accepted except for prefixes in prefix-list RFC1918.

     

    Cheers,

    Ashvin