Routing
Routing

Junos policy chain

2 weeks ago

Hi,

policy-statement rm_ospf_to_rib_blue {
        #
        # Deny default route prefix in RIB
        #
        term seq_100 {
            from {
                protocol ospf;
                prefix-list pl_default_route;
            }
            then reject;
        }
        #
        # Deny all local-only OSPF lab routes
        #
        term seq_110 {
            from {
                protocol ospf;
                tag 100820;
            }
            then reject;
        }
        #
        # Allow all other OSPF routes in RIB
        #
        term seq_500 {
            from {
                protocol ospf;
                prefix-list-filter pl_default_route longer;
            }
            then next policy;
        }
        #
    }

1. term seq_500 action is next policy. Does it mean take no action for match and move to next policy ?

2. what if instead of next policy I have next term, does action specified by matach is taken or action is ignored and it jumps to next term ?

 

set from protocol aggregate
set from route-filter 172.16.0.0/16 upto /18
set then reject

set routing-options aggregate 172.16.0.0/16
set routing-options aggregate 172.16.1.0/24

1. Does it mean, match route 172.16.0.0/16  - 18 is first matched for protocol aggregare.

    Now, if dont have aggregate fom route 172.16.128.0/17 is protocol aggregate but it is in inet.0 learned from bgp peer. So, how the action be processed ? Does 172.16.128.0.17 has to be aggregate as well for route to be rejected ?

3 REPLIES 3
Routing

Re: Junos policy chain

2 weeks ago

Hi Rohit,

Please refer following link for a very beautiful exaplanation of how policy chain works. I think it should resolve all your query

 

https://www.juniper.net/documentation/en_US/junos/topics/concept/policy-routing-policies-chain-evalu...

 

 

Next Term:  In general the route is evaluated against the first term in the first routing policy. If it matches, the specified action is taken. If the action is to accept or reject the route that action is taken and the evaluation of the route ends. However, if the "next term" action is specified the route is evaluated against the second term in the first routing policy. If it matches, the specified action is taken

Next Policy: If the next policy action is specified, any accept or reject action specified in this term is skipped, all remaining terms in this policy are skipped, all other actions are taken, and route is evaluated against the first term in the second routing policy.

 

Please let me know if you still have any doubts


*PS: Please mark my response as solution if it answers your query, kudos are apprectaed too!!!

Thanks
Vishal

Routing

Re: Junos policy chain

2 weeks ago
policy-statement rm_ospf_to_bgp_blue {
        #
        # Allow OSPF tagged infrastructure prefixes from each vPB into BGP
        #
        term seq_100 {
            from {
                protocol ospf;
                rib blue.inet.0;
                tag 100811;
            }
            then {
                origin igp;
                community set cl_reso_id;
                community add cl_vpn_zone_blue;
                community add cl_prefix_class_infra;
                community add cl_vpn_id_blue;
                community add cl_rt_blue;
                accept;
            }
        }
        # Allow OSPF tagged lab prefixes from each vPB into BGP
        #
        term seq_110 {
            from {
                protocol ospf;
                rib blue.inet.0;
                tag 100814;
            }
            then {
                origin igp;
                community set cl_reso_id;
                community add cl_vpn_zone_blue;
                community add cl_prefix_class_user;
                community add cl_vpn_id_blue;
                next policy;
            }
        }
        # Allow all other OSPF prefixes from each vPB into BGP
        #
        term seq_500 {
            from {
                protocol ospf;
                rib blue.inet.0;
            }
            then {
                origin igp;
                community set cl_reso_id;
                community add cl_vpn_zone_blue;
                community add cl_prefix_class_infra;
                community add cl_vpn_id_blue;
                next policy;
            }
        }
        # Deny all other OSPF prefixes
        #
        term seq_900 {
            from {
                protocol ospf;
                rib blue.inet.0;
                policy rp_everything;
            }
            then reject;
        }
        # Continue to next policy
        #
        term seq_1000 {
            then next policy;
        }
        #
    }

Example: I have route 129.30.12.0./24 in RIB: blue.inet.0 and in ospf and NO TAG. Will term seq_500  match and processing stops or will it come to last term for next policy processing ?

Routing

Re: Junos policy chain

2 weeks ago

Hi Rohit,

 

You have next policy in the term seq_500

 

As I mentioned in previous response If the next policy action is specified, any accept or reject action specified in this term is skipped, all remaining terms in this policy are skipped, all other actions are taken, and route is evaluated against the first term in the second routing policy.

So the route won't be evaluated against any other term in that policy but move on to second policy.

Thanks
Visha