We're going to look at the policy language that is used in different vendors
So for Cisco for policy control if you want a complicated
Way to do this you have what we call route maps and a route map is like a program for iOS
it has line numbers much as all programming languages used to have an
Each line with its line number is a separate condition or action
And a concept is basically if you match something then do a particular expression and then exit
else if you match something else then do this other expression and then exit and
Then it continues on and on and on and on
The route map continue keyword allows you to apply more than one condition and actions inside one roadmap
It would be an expression that allows you to jump to the next line number and continue to do what?
Is contained in both expressions?
Now for juniper they have a policy framework
Which generally is used for both routing policy hours?
Well as firewall filtering now just like Cisco root Maps
You have three main components you have much conditions that select whatever you want to match
Then you have actions which are performed if the criteria match
Now these match conditions and actions are contained in terms a time is an actual line of statement that contains those match conditions
and the actions
Unlike iOS they are not numbered and the term does not define a default action
Since it does not contain a permit or deny keyword as part of its
statement
So, let's look at some sample route maps
Now we have a couple of rules for example
Lines can have multiple set statements and if that happens all the state statements are implemented by that particular
line say a route map space sample permit
And you have set community
300 : 1 and set lookup reference 120
So anything that passes through this particular route map
Statement is going to have both the community set as well as the local preference
In this case, nothing is matched. So everything that is advertised will be much better statement
Alternatively you can have multiple match statements
Like much community one
Much IP address prefix list and then you give it a name and in this case all these conditions must match
For the local preference to be set to 300
Some match statements can have multiple commands in this case
At least one of the commands must match and the slide shows you an example
So route map sample permit 10 your matching IP address prefix list my list other lists
What this means is much everything inside
the prefix is my list or match everything that is inside a prefix list are the list and if
Something is inside. One of these prefix list sets the community to 300 : 10
if you have a route map with just a match statement and
No set statement
Then any prefixes that is matching will go through and the rest are dropped in this example
We have route map sample per meter 10 and then much IP address prefix list my list
so for this statement the action that's going to be
Done is the permit which is up here at the top
If you had route map sample denied and then the action that would be done would be to deny
Everything that matches this prefix list
As we've mentioned before
if you have a line with only a set statement, all the prefixes will be matched and
Whatever you say in the set statement will be done. Any following lines are ignored. So in this example
Route map sample permit 10 with set local preference 120 and then route map sample permit 20 sets community
300 : 5
the second route map statement will never ever ever be reached because
Everything will have the local preference set and then it will exit the whole route map
Aligned with a match and set statement and not following lines will have the default
Rule applied which means everything which doesn't match what has been set will be dropped. So in this example
Anything which doesn't match the prefix list, my list is going to be denied. So
Let's look at what this implies
If you omit the third line in this example
it means that prefixes that do not match list 1 or list 2 are going to be
Dropped because the route maps have an implicit deny all
in this case
You want to match things in list once at 120?
Match things in list 2 set up reference of 80 and then everything else will go through the default
100 if you don't have the third line then it will not only
Not set the local preference, but it will actually drop the prefix
And this is an example of how you would actually apply this to the BGP session
Now to do s path filtering
We already showed you how to use a filter list
But in some cases besides just filtering the list. Maybe you want to set a local preference as well
This slide shows you how to do it. So instead of applying a filter list
You apply a route map in the inbound direction
And then you say permit 10 and then you match an S path of 1
Which will match the s path access list 1 and then you set a local preference to 80 then
If you must s path to you set the local preference to 200
This is an example of how you'd use this particular concepts to do prepend
You have a route map set path parameter 10
And it's applied in the outbound direction towards a neighbor. It does not have a match statement
so it's going to match everything and then you have set s path prepend and then
The S numbers that you want to prepend if you do this, make sure you use your own s number when prepending
otherwise you can mess with the bgp look detection and
Some s ends will be dropped because you are prepending the wrong autonomous system number
The slides
That talk about communities
Show you how to match communities and this slide also gives you an example of how you'd measure community and then set a local preference
For community lists
Because you can have more than one entry inside a community list. You have to remember
that if you have a prefix that belongs to
150 colon 3 and 200 colon 5 then it will set the local preference to 15
Otherwise if it belongs to only 88 : 6 you're going to set the local preference to 200
If there's not a condition than anything which doesn't match any of these conditions is going to be dropped
When you have multiple values in the same community list statement is a logical and between them
If you have multiple values in separate community list statement, a logical or condition is between each statement
For example if you have IP community list
1 as shown in the example
Permit 150 colon 3 space 200 colon 5 then both these communities must exist
If you have I become list one permit 150 colon 3 and then IP community list 1 permit
200 colon 5 then either of these could match and this is an example configuration that shows using this
We've mentioned a continue keyword and this is a way you could to
some bit of sate statements if it matches a condition and then others bit of statements that
Much other conditions and this slide shows you how to do it
So the continued 30 will skip the
Permits 20 line and jump down to line 30 where you have a match for group 3 where you're sending a prepend of 100?
100
so permit 20 is only run for
lists prefixes which do not match group 1 and
They match group 2 in this case. You are setting the community. No export
For juniper policy languages
you have it configured and other policy options and this is an example of how you do a route filter and
You'd say policy options. You have a policy statement you give it a name and then you have different thumbs
So tom some prefixes and then you dis inside the tongue you specify which prefixes you want to match
so you have a from keyword and then different route filters as
mentioned in the previous
Video you can have an action on a particular route filter. So you serve route filter 0 0/0
Exact reject and this will reject the default route
It will not continue processing these terms then you have route filter 1 9 2
8 up to 24 and route filter 1 9 3 8 prefix length range 12 20 and you don't have a
Action on these two route filters. So if something matches either one of these two route filters
it's going to go to that then close and apply the preference of
200 and then tool accept
Then you have a term default deny which has a then reject
Remember that for Juniper the default policy is dependent on the routing protocol
So for BGP the default policy is to announce everything that is inside BGP
This slide shows you how you would actually do an a regex
Configuration. So for example you have
autonomous system number one eight zero zero who's your neighbor or
further down the line and you want to match everything that they
Originate so you'd have s path you give it a name and then you put the red X which is dot star space 1800
Then you have a policy statement
Which is any name and then you have a Tom filter a SS
and then you have from Ayers path and then you put the same name in red as we've seen as
You had up there that you named?
And then you can set up reference to ten
Now to apply to a bgp session you have protocols BGP and
then you can say export and then the outer policy out to export that named policy and
This will apply to everything every BGP session
Now juniper BGP requires that each neighbor is inside a group
So you have a group for up streams and this could be type external and you have an export and import statement
The export statement all - up streams - out will override the global export outer policy out in red
Then you have a neighbor one 7 to 16 - the - with an import policy import - example
This will overwrite the green import incoming - up streams policy
Next you have a neighbor without a particular policy applied and this means that they shall use
the import policy for the group and
Export policy for the group since those both will override the outer BGP policy.
© Produced by Philip Smith and the Network Startup Resource Center, through the University of Oregon.
Attribution-NonCommercial 4.0 International (CC BY-NC 4.0)
This is a human-readable summary of (and not a substitute for) the license. Disclaimer. You are free to: Share — copy and redistribute the material in any medium or format Adapt — remix, transform, and build upon the material The licensor cannot revoke these freedoms as long as you follow the license terms. Under the following terms: Attribution — You must give appropriate credit, provide a link to the license, and indicate if changes were made. You may do so in any reasonable manner, but not in any way that suggests the licensor endorses you or your use. NonCommercial — You may not use the material for commercial purposes. No additional restrictions — You may not apply legal terms or technological measures that legally restrict others from doing anything the license permits.