[j-nsp] commands converted from Cisco IOS
daniel
daniel at claudius.demon.nl
Fri Mar 11 18:18:49 EST 2005
in this case the default policy would indeed accept your bgp routes. However,
the default policy is _not_ to just 'accept' whatever makes it through the
policy-chain. The behavior depends on the context (i.e. protocol). Pls see:
http://www.juniper.net/techpubs/software/junos/junos71/swconfig71-policy/html/policy-overview-framework3.html#1021027
(line may wrap).
Daniel.
On 11:21 Mon 07 Mar , C. Hagel wrote:
> Actually what is happening is, as Craig had said, BGP is being kicked to
> the "next policy" as stated in your config. This is not "next-term"
> which would be a "then reject" according to the config you supplied. If
> you kick something to a "next-policy" and there is no other policy
> defined (as you have stated is your case) it will go to the default
> policy at the end of the string, which simply would say "then accept".
> This is a policy that is implimented in Junos by defualt.
>
>
> On Mon, 7 Mar 2005 11:49:01 -0500
> "TechSupport" <techsupport at isaacmorris.com> wrote:
>
> T> Dear Craig,
> T>
> T> You said 'from-bgp' is saying if the route is from protocol BGP, then
> T> it is evaluated through the next policy in the chain. But there is not
> T> policy after 'from-bgp' except for the deny by default. Does that mean
> T> all BGP packets will be denied under my current config?
> T>
> T>
> T> version 7.1R1.3;
> T> system {
> T> host-name traffic;
> T> domain-name isaacmorris.com;
> T> time-zone America/New_York;
> T> root-authentication {
> T> encrypted-password "$1$tRMtSdRC$MSTI0s4n7jwz22wCVMm3f/";
> T> }
> T> name-server {
> T> 198.6.1.122;
> T> 198.6.1.142;
> T> }
> T> services {
> T> ssh;
> T> web-management {
> T> http;
> T> }
> T> }
> T> syslog {
> T> file messages {
> T> any any;
> T> }
> T> }
> T> }
> T> interfaces {
> T> fe-0/0/0 {
> T> unit 0 {
> T> family inet {
> T> address 192.168.1.244/24;
> T> }
> T> }
> T> }
> T> t1-0/0/2 {
> T> encapsulation frame-relay;
> T> lmi {
> T> lmi-type ansi;
> T> }
> T> t1-options {
> T> line-encoding b8zs;
> T> framing esf;
> T> }
> T> unit 0 {
> T> description "MCI T1 [bandwidth.com]";
> T> point-to-point;
> T> dlci 500;
> T> family inet {
> T> address 208.192.182.138/30;
> T> }
> T> }
> T> }
> T> lo0 {
> T> unit 0 {
> T> family inet {
> T> address 127.0.0.1/32;
> T> }
> T> }
> T> }
> T> }
> T> routing-options {
> T> router-id 65.198.234.1;
> T> autonomous-system 31916;
> T> }
> T> protocols {
> T> bgp {
> T> log-updown;
> T> group jweb-bgp {
> T> type external;
> T> local-address 208.192.182.138;
> T> neighbor 208.192.182.137 {
> T> description "MCI T1 [bandwidth.com]";
> T> export bgp-redistributes;
> T> remove-private;
> T> peer-as 701;
> T> }
> T> }
> T> }
> T> }
> T> policy-options {
> T> policy-statement bgp-redistributes {
> T> term sourced-bgp-network {
> T> from {
> T> route-filter 65.198.234.0/24 exact;
> T> }
> T> then accept;
> T> }
> T> term from-bgp {
> T> from protocol bgp;
> T> then next policy;
> T> }
> T> term ios-implicit-deny {
> T> then reject;
> T> }
> T> }
> T> }
> T>
> T>
> T>
> T> Thanks,
> T> Albert
> T>
> T>
> T> -----Original Message-----
> T> From: Craig Pierantozzi [mailto:tozz at arpa.bind.com]
> T> Sent: Sunday, March 06, 2005 11:24 PM
> T> To: TechSupport
> T> Cc: juniper-nsp at puck.nether.net
> T> Subject: Re: [j-nsp] commands converted from Cisco IOS
> T>
> T> JunOS has the concept of a policy chain which is multiple
> T> policies that can be evaluated. Example:
> T>
> T> export [ policy1 policy2 ]
> T>
> T> In general, a route is evaluated against the terms in a
> T> policy and if it matches, an action is taken. No other
> T> term or policy is evaluated after the match. Below, the term
> T> 'from-bgp' is saying if the route is from protocol BGP, then
> T> it is evaluated through the next policy in the chain.
> T>
> T> The last term is a catch all for routes that are not matched
> T> in any term above and they are denied.
> T>
> T> Check out the topics listed at:
> T>
> T> http://www.juniper.net/techpubs/software/junos/junos70/swconfig70-policy
> T> /html/policy-overview-framework13.html
> T>
> T> regards
> T> -craig
> T>
> T>
> T> * Thus spake TechSupport (techsupport at isaacmorris.com):
> T>
> T> > Dear All,
> T> >
> T> >
> T> >
> T> > Thank you in advance for your help.
> T> >
> T> > I am new to Junos.
> T> >
> T> > I took my startup-config from my 2650 and translated it to Junos. I
> T> > understand the whole thing expect for the last 2 statements under
> T> > Policy-Options:
> T> >
> T> >
> T> >
> T> > term from-bgp {
> T> > from protocol bgp;
> T> > then next policy;
> T> > }
> T> > term ios-implicit-deny {
> T> > then reject;
> T> > }
> T> >
> T> >
> T> >
> T> > Could someone explain the function of these lines?
> T> >
> T> >
> T> >
> T> > Thanks,
> T> >
> T> > Albert
> T> >
> T> > _______________________________________________
> T> > juniper-nsp mailing list juniper-nsp at puck.nether.net
> T> > http://puck.nether.net/mailman/listinfo/juniper-nsp
> T>
> T> _______________________________________________
> T> juniper-nsp mailing list juniper-nsp at puck.nether.net
> T> http://puck.nether.net/mailman/listinfo/juniper-nsp
>
>
> --
> <>
>
>
>
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> http://puck.nether.net/mailman/listinfo/juniper-nsp
More information about the juniper-nsp
mailing list