[j-nsp] route-filter ... longer: not working?

Thu May 19 15:54:34 EDT 2005

* Daniel Roesen wrote:
> policy-statement ipv6-ebgp-filter {
>     from {
>         family inet6;
>         route-filter ::/8 orlonger;
>         route-filter 2001:db8::/32 orlonger;
>         route-filter 2001:5001:103::/48 orlonger;
>         route-filter 2002::/16 longer;
>         route-filter fe00::/9 orlonger;
>         route-filter ff00::/8 orlonger;
>         route-filter 0::/0 upto /48 next policy;
>     }
>     then {
>         trace;
>         reject;
>     }
> }

See
http://www.juniper.net/techpubs/software/junos/junos70/swconfig70-policy/
html/policy-extend-match-config23.html

2002::/16 is evaluated *only* against the "route-filter 2002::/16
longer" entry (which neither accepts, nor rejects 2002::/16, thus your
prefix is probably rejected elsewhere) due to the "longest-match lookup"
and not against "route-filter 0::/0 upto /48 next policy".

At least that's my understanding of how route-filter statements work.

--sebastian

-- 
SABT-RIPE   PGPKEY-D008DA9C