[j-nsp] Juniper Policy-Fu needed

[Rafael Rodriguez]

Hello list,

My Juniper Policy-Fu is not (yet) strong enough.

The Juniper Policy Framework Guide has been great but I have a couple
questions I hope the list can help with.

1) Within policy sub-routines, does "default-action accept" and
"default-action reject" have the same affect (returning TRUE or FALSE to the
calling policy) as just the regular "accept" and "reject" actions?  I
haven't been able to find documentation that speaks to this.  It almost
seems like policies that are called directly/chained need to be written
differently from policies you plan on using as a sub-routine.

2) Is it possible to write a single policy that can be used directly/chained
and in a sub-routine?  Can the "default-action" and regular "accept" and
"reject" be used together?  Can you mix a "default-action accept" with a
regular "reject"?  If so, I'd love to see an example.

3) Are all none terminating actions listed in sub-routines performed
regardless of the returned TRUE or FALSE?  I've read mixed things about
this.

4) As far as routing policies go (thinking BGP here), I'm a big fan on
setting the default action of a protocol (via policy) to reject.  Currently
doing this with a "default-action reject" being processed first.  I then
have common policies chained together on import and export.  Instead of
chaining policies on the import and export statements, is it possible to
perform the 'chaining' in a single 'master' policy that calls a bunch of
common sub-routines that are reused?  How would the idea of changing the
default protocol action to reject fit into this type of 'master' policy?

Thanks in advance.

Cheers,
RR