[j-nsp] Re: Re: Re: Re: Interfaces, deactivate vs disable
Richard A Steenbergen
ras at e-gerbil.net
Thu Jun 9 21:47:08 EDT 2005
On Fri, Jun 10, 2005 at 01:25:47AM +0200, Daniel Roesen wrote:
> Yes, but I'm always uncomfortable with mixing the terms syntax with
> the no-terms syntax. I just doesn't look "right". Perhaps "then"
> without a covering term should be forbidden if other terms do exist,
> and instead call it "default". THAT would make sense to me. And this
> could work the same way in policies.
I dunno, a default "then" action seems to make perfect sense to me. It is
a direct reference to the "then" block in a term, and because there is no
other match criteria no other elements are needed. In my mind this makes
far more sense than some reserved-name term, and probably implements a
lot easier too.
For example, lets say that you had a reserved-name term "default" which
always got sorted in the bottom. Besides the fact that this behavior is
non-obvious to the casual observer, and hard to document in the cli online
help, it leads to unnecessary one-off behaviors. Lets say that I type
"insert term default before term someearlierterm", what happens? Does it
stay stuck at the bottom? Does it generate an error? I don't see why you
would want to screw with it personally, when the default "then" action
simplifies term-less configs AND makes so much sense already. :)
But at any rate, I don't want to confuse the poor Juniper people or dilute
the point that we need a default-action term. Asking for such a complex
change is probably just going to result in no action being taken without
major customer revenue attached. We're better off asking for something
that is so simple to implement and test that they can slip it in simply
because it *should* be done, and not because someone with a $50mil check
is demanding it. Plus it is pretty much self-documenting, since it just
makes firewalling consistant with the existing policy language.
--
Richard A Steenbergen <ras at e-gerbil.net> http://www.e-gerbil.net/ras
GPG Key ID: 0xF8B12CBC (7535 7F59 8204 ED1F CC1C 53AF 4C41 5ECA F8B1 2CBC)
More information about the juniper-nsp
mailing list