[j-nsp] Policy ordering in 8.0
nachocheeze at gmail.com
nachocheeze at gmail.com
Mon Jan 15 03:42:39 EST 2007
I recently upgraded one of our Junipers from 7.3R2.9 to 8.0R2.8, and
discovered something that I'm not sure if it's a bug, or simply a new
"feature" of JunOS
Under the "policy options" section, I've got quite a large number of
policy statements. In previous releases, the ordering of the policy
statements as they were added simply appended them to the end of the
list.
Short example: If I had two policies already in place, one called
"A-LEVEL-ROUTES", and the other called "Z-LEVEL-ROUTES", then added
another policy called "B-LEVEL-ROUTES", JunOS wouldn't arrange them
alphabetically or in any other specific order, but simply append the
"B-LEVEL" policy after the "Z-LEVEL" policy.
Since nothing was arranged, things got kind of messy, so I just
developed my own personal organization and was able to manually
reorder my policies based on my own preference by using the
commands"insert policy-statement 'x' before policy-statement 'y'", and
"insert policy-statement 'z' after policy-statement 'y'".
As I said bit messy, but it worked for me; I knew where everything was.
I then upgraded to 8.0, ran the rancid configuration differ, and
almost had a heart attack at the number of listed changes before
figuring out what happened. Apparently a new "feature" in 8.0 is to
order all your named policy-statements alphabetically.
I double checked all the terms within all the policy-statements, and
none of the named terms had been reordered; they were all still listed
in the precisely written manner (the most important thing, because a
reorder in the terms could really screw up stuff). This simply
affected the ordering of the policy-statements themselves, which isn't
really a huge deal since it doesn't change how action sets are
evaluated, but if it was in the release notes I sure didn't see it.
It also now appears the option to order them manually has now been
disabled, at least in my code revision. Example:
{master}[edit policy-options]
# insert policy-statement TO-CUST-A ?
Possible completions:
+ apply-groups Groups from which to inherit configuration data
+ apply-groups-except Don't inherit configuration data from these groups
> from Conditions to match the source of a route
> term Policy term
> then Actions to take if 'from' and 'to' conditions match
> to Conditions to match the destination of a route
{master}[edit policy-options]
You can still see where the ability USED to be there to re-order...
# insert policy-statement TO-CUST-A b
^
syntax error, expecting `after' or `before'.
# insert policy-statement TO-CUST-A af
^
syntax error, expecting `after' or `before'.
Everyone else seeing similar behavior? I checked the bug reports, and
at last look couldn't find a PR number. Either this is a new
"feature" that I missed reading, or just hasn't been reported as a bug
yet.
More information about the juniper-nsp
mailing list