We're going to look at the policy language that is used in different vendors So for Cisco for policy control if you want a complicated Way to do this you have what we call route maps and a route map is like a program for iOS it has line numbers much as all programming languages used to have an Each line with its line number is a separate condition or action And a concept is basically if you match something then do a particular expression and then exit else if you match something else then do this other expression and then exit and Then it continues on and on and on and on The route map continue keyword allows you to apply more than one condition and actions inside one roadmap It would be an expression that allows you to jump to the next line number and continue to do what? Is contained in both expressions? Now for juniper they have a policy framework Which generally is used for both routing policy hours? Well as firewall filtering now just like Cisco root Maps You have three main components you have much conditions that select whatever you want to match Then you have actions which are performed if the criteria match Now these match conditions and actions are contained in terms a time is an actual line of statement that contains those match conditions and the actions Unlike iOS they are not numbered and the term does not define a default action Since it does not contain a permit or deny keyword as part of its statement So, let's look at some sample route maps Now we have a couple of rules for example Lines can have multiple set statements and if that happens all the state statements are implemented by that particular line say a route map space sample permit And you have set community 300 : 1 and set lookup reference 120 So anything that passes through this particular route map Statement is going to have both the community set as well as the local preference In this case, nothing is matched. So everything that is advertised will be much better statement Alternatively you can have multiple match statements Like much community one Much IP address prefix list and then you give it a name and in this case all these conditions must match For the local preference to be set to 300 Some match statements can have multiple commands in this case At least one of the commands must match and the slide shows you an example So route map sample permit 10 your matching IP address prefix list my list other lists What this means is much everything inside the prefix is my list or match everything that is inside a prefix list are the list and if Something is inside. One of these prefix list sets the community to 300 : 10 if you have a route map with just a match statement and No set statement Then any prefixes that is matching will go through and the rest are dropped in this example We have route map sample per meter 10 and then much IP address prefix list my list so for this statement the action that's going to be Done is the permit which is up here at the top If you had route map sample denied and then the action that would be done would be to deny Everything that matches this prefix list As we've mentioned before if you have a line with only a set statement, all the prefixes will be matched and Whatever you say in the set statement will be done. Any following lines are ignored. So in this example Route map sample permit 10 with set local preference 120 and then route map sample permit 20 sets community 300 : 5 the second route map statement will never ever ever be reached because Everything will have the local preference set and then it will exit the whole route map Aligned with a match and set statement and not following lines will have the default Rule applied which means everything which doesn't match what has been set will be dropped. So in this example Anything which doesn't match the prefix list, my list is going to be denied. So Let's look at what this implies If you omit the third line in this example it means that prefixes that do not match list 1 or list 2 are going to be Dropped because the route maps have an implicit deny all in this case You want to match things in list once at 120? Match things in list 2 set up reference of 80 and then everything else will go through the default 100 if you don't have the third line then it will not only Not set the local preference, but it will actually drop the prefix And this is an example of how you would actually apply this to the BGP session Now to do s path filtering We already showed you how to use a filter list But in some cases besides just filtering the list. Maybe you want to set a local preference as well This slide shows you how to do it. So instead of applying a filter list You apply a route map in the inbound direction And then you say permit 10 and then you match an S path of 1 Which will match the s path access list 1 and then you set a local preference to 80 then If you must s path to you set the local preference to 200 This is an example of how you'd use this particular concepts to do prepend You have a route map set path parameter 10 And it's applied in the outbound direction towards a neighbor. It does not have a match statement so it's going to match everything and then you have set s path prepend and then The S numbers that you want to prepend if you do this, make sure you use your own s number when prepending otherwise you can mess with the bgp look detection and Some s ends will be dropped because you are prepending the wrong autonomous system number The slides That talk about communities Show you how to match communities and this slide also gives you an example of how you'd measure community and then set a local preference For community lists Because you can have more than one entry inside a community list. You have to remember that if you have a prefix that belongs to 150 colon 3 and 200 colon 5 then it will set the local preference to 15 Otherwise if it belongs to only 88 : 6 you're going to set the local preference to 200 If there's not a condition than anything which doesn't match any of these conditions is going to be dropped When you have multiple values in the same community list statement is a logical and between them If you have multiple values in separate community list statement, a logical or condition is between each statement For example if you have IP community list 1 as shown in the example Permit 150 colon 3 space 200 colon 5 then both these communities must exist If you have I become list one permit 150 colon 3 and then IP community list 1 permit 200 colon 5 then either of these could match and this is an example configuration that shows using this We've mentioned a continue keyword and this is a way you could to some bit of sate statements if it matches a condition and then others bit of statements that Much other conditions and this slide shows you how to do it So the continued 30 will skip the Permits 20 line and jump down to line 30 where you have a match for group 3 where you're sending a prepend of 100? 100 so permit 20 is only run for lists prefixes which do not match group 1 and They match group 2 in this case. You are setting the community. No export For juniper policy languages you have it configured and other policy options and this is an example of how you do a route filter and You'd say policy options. You have a policy statement you give it a name and then you have different thumbs So tom some prefixes and then you dis inside the tongue you specify which prefixes you want to match so you have a from keyword and then different route filters as mentioned in the previous Video you can have an action on a particular route filter. So you serve route filter 0 0/0 Exact reject and this will reject the default route It will not continue processing these terms then you have route filter 1 9 2 8 up to 24 and route filter 1 9 3 8 prefix length range 12 20 and you don't have a Action on these two route filters. So if something matches either one of these two route filters it's going to go to that then close and apply the preference of 200 and then tool accept Then you have a term default deny which has a then reject Remember that for Juniper the default policy is dependent on the routing protocol So for BGP the default policy is to announce everything that is inside BGP This slide shows you how you would actually do an a regex Configuration. So for example you have autonomous system number one eight zero zero who's your neighbor or further down the line and you want to match everything that they Originate so you'd have s path you give it a name and then you put the red X which is dot star space 1800 Then you have a policy statement Which is any name and then you have a Tom filter a SS and then you have from Ayers path and then you put the same name in red as we've seen as You had up there that you named? And then you can set up reference to ten Now to apply to a bgp session you have protocols BGP and then you can say export and then the outer policy out to export that named policy and This will apply to everything every BGP session Now juniper BGP requires that each neighbor is inside a group So you have a group for up streams and this could be type external and you have an export and import statement The export statement all - up streams - out will override the global export outer policy out in red Then you have a neighbor one 7 to 16 - the - with an import policy import - example This will overwrite the green import incoming - up streams policy Next you have a neighbor without a particular policy applied and this means that they shall use the import policy for the group and Export policy for the group since those both will override the outer BGP policy.
© Produced by Philip Smith and the Network Startup Resource Center, through the University of Oregon.
Attribution-NonCommercial 4.0 International (CC BY-NC 4.0)
This is a human-readable summary of (and not a substitute for) the license. Disclaimer. You are free to: Share — copy and redistribute the material in any medium or format Adapt — remix, transform, and build upon the material The licensor cannot revoke these freedoms as long as you follow the license terms. Under the following terms: Attribution — You must give appropriate credit, provide a link to the license, and indicate if changes were made. You may do so in any reasonable manner, but not in any way that suggests the licensor endorses you or your use. NonCommercial — You may not use the material for commercial purposes. No additional restrictions — You may not apply legal terms or technological measures that legally restrict others from doing anything the license permits.