[j-nsp] policy from JNCIP book

David water dwater2010 at gmail.com
Tue May 4 09:15:43 EDT 2010 

So in my case, sanity checks mean the from action in term 3, if term 3 is
true then only jump to next policy and if not then continue to the next
term(term 4) and that will be reject, correct me if I am wrong.

On Tue, May 4, 2010 at 8:43 AM, <vvasilev at vvasilev.net> wrote:

> Hi David,
>
> Here "next policy" means the default BGP policy which by default accepts
> all BGP routes that pass sanity checks.
>
> Vladi
>
> Sent from my BlackBerry® wireless device
>
> -----Original Message-----
> From: David water <dwater2010 at gmail.com>
> Date: Tue, 4 May 2010 08:31:22
> To: <juniper-nsp at puck.nether.net>
> Subject: [j-nsp] policy from JNCIP book
>
> Hi,
>
> I am trying to understand the policy in BGP, in JNCIP book we have
> following
> policy with term 1 to 3. Term 1 and 2 is rejecting all unwanted routes and
> term 3 is matching those are originating in C1 and reference to the next
> policy. So here next policy will be next term (term4) if so then it will be
> rejected ? if it is pointing to other policy then it is not define then
> will
> it mach to the BGP default policy to accept all EBGP routes? Please help me
> to understand. This policy is used in import at EBGP peer to accept the
> selected route.  Same way if I want to match customer prefix route, lets
> say
> 1.1.1.0/24 then in term I will use route filter to match the prefix and
> then
> next-policy?
>
> term 1 {
> from {
> route-filter 0.0.0.0/0 through 0.0.0.0/7 reject;
> route-filter 0.0.0.0/1 prefix-length-range /1-/7 reject;
> }
> }
> term 2 {
> from {
> route-filter 0.0.0.0/0 prefix-length-range /29-/32 reject;
> route-filter 172.16.0.0/12 orlonger reject;
> route-filter 192.168.0.0/16 orlonger reject;
> route-filter 10.0.0.0/8 orlonger reject;
> }
> }
> term 3 {
> from as-path c1;
> then next policy;
> }
> term 4 {
> then reject;
> }
>
>
> --
> David W.
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>



-- 
David W.

More information about the juniper-nsp mailing list