[j-nsp] Re: Re: Re: Re: Interfaces, deactivate vs disable

Richard A Steenbergen ras at e-gerbil.net
Thu Jun 9 21:47:08 EDT 2005 

On Fri, Jun 10, 2005 at 01:25:47AM +0200, Daniel Roesen wrote:
> Yes, but I'm always uncomfortable with mixing the terms syntax with
> the no-terms syntax. I just doesn't look "right". Perhaps "then"
> without a covering term should be forbidden if other terms do exist,
> and instead call it "default". THAT would make sense to me. And this
> could work the same way in policies.

I dunno, a default "then" action seems to make perfect sense to me. It is 
a direct reference to the "then" block in a term, and because there is no 
other match criteria no other elements are needed. In my mind this makes 
far more sense than some reserved-name term, and probably implements a 
lot easier too.

For example, lets say that you had a reserved-name term "default" which 
always got sorted in the bottom. Besides the fact that this behavior is 
non-obvious to the casual observer, and hard to document in the cli online 
help, it leads to unnecessary one-off behaviors. Lets say that I type 
"insert term default before term someearlierterm", what happens? Does it 
stay stuck at the bottom? Does it generate an error? I don't see why you 
would want to screw with it personally, when the default "then" action 
simplifies term-less configs AND makes so much sense already. :)

But at any rate, I don't want to confuse the poor Juniper people or dilute 
the point that we need a default-action term. Asking for such a complex 
change is probably just going to result in no action being taken without 
major customer revenue attached. We're better off asking for something 
that is so simple to implement and test that they can slip it in simply 
because it *should* be done, and not because someone with a $50mil check 
is demanding it. Plus it is pretty much self-documenting, since it just 
makes firewalling consistant with the existing policy language.

-- 
Richard A Steenbergen <ras at e-gerbil.net>       http://www.e-gerbil.net/ras
GPG Key ID: 0xF8B12CBC (7535 7F59 8204 ED1F CC1C 53AF 4C41 5ECA F8B1 2CBC)

More information about the juniper-nsp mailing list