[j-nsp] JNCIP book, OSPF policy
Ahmad Alhady
ahmad.alhady at yahoo.com
Fri Dec 19 02:08:59 EST 2008
Yes, u r right
but we in JNCIP book making this policies to prevent loops... R6 and R7 running OSPF and RIP and redis RIP - OSPF and vis versa...
so this produce loops..
as OSPF external routes will be redis to RIP router, and the accepted from him as RIP routes coz RIP pref < OSPF ex pref
so 1st policy is ensuring that R6 not get RIP from R7 and vise versa
and 2nd one is ensuring to R6 and R7 not getting OSPF routes from RIP routetr
but my policy is target to prevent any non-RIP routs to be received
from RIP routers, in same time ensure that RIP routes is ONLY recieved
from RIP router!
am I correct ?
Thanks
Ahmad
________________________________
From: andy <ndy at shady.org>
To: Ahmad Alhady <ahmad.alhady at yahoo.com>
Sent: Friday, December 19, 2008 9:57:01 AM
Subject: Re: [j-nsp] JNCIP book, OSPF policy
The first policy matches all routes, your policy only matches RIP routes within the prefix 192.168.0.0/22 AND a next hop value.
So, there may be routes matched by the first policy that your policy fails to accept.
Bear in mind that every condition is checked in order like a logical AND.
So, your policy states
from protocol RIP AND has a next hop of 172.16.40.1 AND within the prefix 192.168.0.0/22 or longer. so all 3 conditions have to be correct.
Id assume that not all prefixes within 192.168.0.0/22 have a next hop of 172.16.40.1 and still require to be matched. Or prefixes outwith 192.168.0.0/22
have a next hop value of 172.16.40.1 and require to be matched.
However, ive not read the book, but thats certainly what it looks like.
Cheers
On Thu, Dec 18, 2008 at 10:42:27PM -0800, Ahmad Alhady wrote:
> Hi all,
>
> in JNCIP book there are 2 diffrent rip import policies.
>
> lab at r6# show policy-options policy-statement rip-in
> term 1 {
> from {
> protocol rip;
> next-hop 172.16.40.1;
> }
> then accept;
> }
> term 2 {
> then reject;
> }
>
>
> lab at r7# show policy-options policy-statement rip-in
> term 1 {
> from {
> protocol rip;
> route-filter 192.168.0.0/22 orlonger;
> }
> then accept;
> }
> term 2 {
> then reject;
>
>
>
> 1st one is ensuring to not get RIP from R7
>
> and 2nd one is ensuring to not get OSPF routes from RIP routetr
>
> why we dont do like this
>
>
> lab at r7# show policy-options policy-statement rip-in
> term 1 {
> from {
> protocol rip;
> next-hop 172.16.40.1;
> route-filter 192.168.0.0/22 orlonger;
> }
> then accept;
> }
> term 2 {
> then reject;
>
> so Dont accept except ONLY RIP routes from RIP router....
>
>
> ?!!
>
>
> Ahmad
>
>
>
>
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>
--
andy andy at shady.org
-----------------------------------------------
Never argue with an idiot. They drag you down
to their level, then beat you with experience.
-----------------------------------------------
More information about the juniper-nsp
mailing list