[j-nsp] Community matching policy
Andrew Khan
good1uzi at outlook.com
Mon Mar 31 07:00:48 EDT 2014
Hello Krasi,
Thanks for the reply, appreciated. Sorry I did not mention in my first email that I'm trying to find a workaround while using invert-match. Any idea on achieving the same results when using invert-match.
Kind regards,
Date: Mon, 31 Mar 2014 13:41:40 +0300
Subject: Re: [j-nsp] Community matching policy
From: krasi at smartcom.bg
To: good1uzi at outlook.com
CC: juniper-nsp at puck.nether.net
A match 100:100B match 101:101 Your TEST1 term match on !A OR !B <=> !(A AND B), so it effectively rejects every route that has NO communities 100:100 AND 101:101 (at the same time)
Your target is to accept A OR B, so you can first match and accept on these communities (TEST1 OR TEST2 defined without invert-match) and then reject everything else.
Best Regards,
Krasi
On 31 March 2014 12:10, Andrew Khan <good1uzi at outlook.com> wrote:
Hi -
Let's say I want to reject everything except the following communities:
Either 100:100
OR 101:101
OR both 100:100 101:100
Tried to setup something:
[edit policy-options]
policy-statement TEST {
term TEST1 {
from community [ TEST1 TEST2 ]; ///////Is not it logical OR, and matching everything except what I want because of invert-match//////
then reject;
}
term TEST2 {
then accept; //// And then this should accept what I wanted /////
}
}
[edit policy-options]
community TEST1 {
invert-match;
members 100:100;
}
community TEST2 {
invert-match;
members 101:101;
}
However it is rejecting everything. Any thoughts what I'm missing here or perhaps the approach is not correct.
Thanks in advance.
_______________________________________________
juniper-nsp mailing list juniper-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
More information about the juniper-nsp
mailing list