[j-nsp] Selective packet mode & local traffic
Wayne Tucker
wayne at tuckerlabs.com
Mon Aug 13 22:12:45 EDT 2012
On Fri, Aug 10, 2012 at 11:49 AM, Phil Mayers <p.mayers at imperial.ac.uk> wrote:
> Unless I'm missing a trick, apply-paths in a prefix list pulls the netmask in when applied to interface ips. This is ok for lo0 filters, but not those on transit interfaces.
Good point. I remember seeing something about that but I don't
remember the context so I'm not sure whether it was a warning or a
workaround...
It could use some cleanup, but something like this should work:
put the following in /var/db/scripts/commit/local-addresses.slax
version 1.0;
ns junos = "http://xml.juniper.net/junos/*/junos";
ns xnm = "http://xml.juniper.net/xnm/1.1/xnm";
ns jcs = "http://xml.juniper.net/junos/commit-scripts/1.0";
import "../import/junos.xsl";
match configuration {
var $top = .;
for-each (policy-options/prefix-list/apply-macro[name =
'local-addresses']) {
var $prefix-list-name = ../name;
for-each ($top/interfaces/interface/unit/family/inet/address) {
var $address = substring-before(name, "/");
<transient-change> {
<policy-options> {
<prefix-list> {
<name> $prefix-list-name;
<prefix-list-item> {
<name> $address _ "/32";
}
}
}
}
}
}
}
set system scripts commit allow-transients
set system scripts commit file local-addresses.slax
set policy-options prefix-list local-addresses apply-macro local-addresses
HTH
:w
More information about the juniper-nsp
mailing list