Routing
Highlighted
Routing

Anyone can explain difference among several policy-option policy-statement?

‎07-27-2016 08:53 AM

Hi, Anyone can explain difference among several policy-option policy-statement below?

 

We have several commands as below. In all configuration for the router MX960, I do not know how the configuration define traffic. I know these commands function would bolck the rest traffic after allowing some traffic pass. My question is what is difference among four commands? Thank you


set policy-options policy-statement ABC_IMPORT_V4 term DROP_RFC_1918 from prefix-list-filter RFC1918 orlonger

set policy-options policy-statement ABC_IMPORT_V4 term DROP_RFC_1918 then reject

 

set policy-options policy-statement ABC_EXPORT_V4 term EXPLICIT_DENY then reject

set policy-options policy-statement ABC_IMPORT_V4 term EXPLICIT_DENY then reject

3 REPLIES 3
Highlighted
Routing

Re: Anyone can explain difference among several policy-option policy-statement?

‎07-27-2016 09:05 AM

Hi, 

 

Are those policies being applied to any protocols?

Also, is it the complete policy-statement?

ABC_IMPORT_V4 and ABC_EXPORT_V4 are 2 different policies probably meant to be applied as import and export policies.

 

"I know these commands function would bolck the rest traffic after allowing some traffic pass"

Policies are mainly to influence routing protocol decisions and not to allow/block traffic. Allowing/Blocking traffic is implemented using firewall filters.

 

Cheers,

Ashvin

Highlighted
Routing

Re: Anyone can explain difference among several policy-option policy-statement?

‎07-27-2016 09:24 AM

Thank you so much for your fast reply. I am sorry I missed some info in the last post. In fact, all the policies exist with bgp.  All that commands is like below. So these policies would allow some traffic pass and deny all rest.

 

set routing-instances CDF protocols bgp group BCD neighbor 12.12.1.1 import ABC_IMPORT_V4

Highlighted
Routing
Solution
Accepted by topic author eesunj
‎07-27-2016 12:14 PM

Re: Anyone can explain difference among several policy-option policy-statement?

‎07-27-2016 09:57 AM

Hi, 

 

Based on accept actions in the import policy applied to the BGP neighbor, the prefixes in the accept term will be accepted, else there is a reject implying all prefixes will be rejected.

 

That is, If the comprehensive policy is as below and applied as import to BGP neighbor:

set policy-options policy-statement ABC_IMPORT_V4 term DROP_RFC_1918 from prefix-list-filter RFC1918 orlonger
set policy-options policy-statement ABC_IMPORT_V4 term DROP_RFC_1918 then reject
set policy-options policy-statement ABC_IMPORT_V4 term EXPLICIT_DENY then reject
set routing-instances CDF protocols bgp group BCD neighbor 12.12.1.1 import ABC_IMPORT_V4

There's no accept action + an EXPLICIT_DENY, then no prefixes are imported from that BGP neighbor.

 

If there was no EXPLICIT-DENY term, then all prefixes would be accepted except for prefixes in prefix-list RFC1918.

 

Cheers,

Ashvin

Feedback