[j-nsp] Community matching policy

Dave Bell me at geordish.org
Mon Mar 31 07:59:57 EDT 2014 

The logic of !A OR !B makes my head hurt, so its simple to write out a
truth table to work out exactly what it does.

A | B | !A OR !B
-----------------------
T | T | F
T | F | T
F | T | T
F | F | T

This makes it clear that !A OR !B is identical to !(A AND B)

I don't think there is any way to do what you are interested in with the
invert-match statement. I would just do something like this

term A {
 from {
    community [ A B ];
 }
 then accept;
}
reject;

community A {
  members 100:100;
}
community B {
 members 101:101;
}

It may be possible to add the two communities into one community statement.
I'm unsure how exactly that will behave though.

Regards,
Dave


On 31 March 2014 12:47, Andrew Khan <good1uzi at outlook.com> wrote:

> In addition to my last question, what I don't understand is that !A OR !B
> <=> !(A AND B) /// how come it became AND operation rather than logical
> OR///
>
> From Juniper documentation:
> You can include the names of multiple communities in the community match
> condition. If you do this, only one community needs to match for a match to
> occur (matching is effectively a logical OR operation).
>
> Is it invert-match causing this behavior? What if I don't use
> invert-match, will it be a logical OR operation e.g. A OR B <=> A OR B or
> will it be A OR B <=> (A AND B)
>
> Thanks
>
>
>
> > From: good1uzi at outlook.com
> > To: krasi at smartcom.bg
> > Date: Mon, 31 Mar 2014 11:00:48 +0000
> > CC: juniper-nsp at puck.nether.net
> > Subject: Re: [j-nsp] Community matching policy
> >
> >
> >
> >
> > Hello Krasi,
> > Thanks for the reply, appreciated. Sorry I did not mention in my first
> email that I'm trying to find a workaround while using invert-match. Any
> idea on achieving the same results when using invert-match.
> >
> > Kind regards,
> >
> >
> > Date: Mon, 31 Mar 2014 13:41:40 +0300
> > Subject: Re: [j-nsp] Community matching policy
> > From: krasi at smartcom.bg
> > To: good1uzi at outlook.com
> > CC: juniper-nsp at puck.nether.net
> >
> > A match 100:100B match 101:101 Your TEST1 term match on !A OR !B <=> !(A
> AND B), so it effectively rejects every route that has NO communities
> 100:100 AND 101:101 (at the same time)
> > Your target is to accept A OR B, so you can first match and accept on
> these communities (TEST1 OR TEST2 defined without invert-match) and then
> reject everything else.
> > Best Regards,
> > Krasi
> >
> > On 31 March 2014 12:10, Andrew Khan <good1uzi at outlook.com> wrote:
> >
> > Hi -
> >
> >
> >
> > Let's say I want to reject everything except the following communities:
> >
> >
> >
> > Either 100:100
> >
> > OR 101:101
> >
> > OR both 100:100 101:100
> >
> >
> >
> > Tried to setup something:
> >
> >
> >
> > [edit policy-options]
> >
> > policy-statement TEST {
> >
> >       term TEST1 {
> >
> >           from community [ TEST1 TEST2 ]; ///////Is not it logical OR,
> and matching everything except what I want because of invert-match//////
> >
> >            then reject;
> >
> >        }
> >
> >       term TEST2 {
> >
> >      then accept;   //// And then this should accept what I wanted /////
> >
> >    }
> >
> > }
> >
> >
> >
> > [edit policy-options]
> >
> >    community TEST1 {
> >
> >       invert-match;
> >
> >        members 100:100;
> >
> >    }
> >
> >    community TEST2 {
> >
> >        invert-match;
> >
> >        members 101:101;
> >
> >    }
> >
> >
> >
> > However it is rejecting everything. Any thoughts what I'm missing here
> or perhaps the approach is not correct.
> >
> >
> >
> > Thanks in advance.
> >
> >
> >
> >
> >
> > _______________________________________________
> >
> > juniper-nsp mailing list juniper-nsp at puck.nether.net
> >
> > https://puck.nether.net/mailman/listinfo/juniper-nsp
> >
> >
> >
> >
> > _______________________________________________
> > juniper-nsp mailing list juniper-nsp at puck.nether.net
> > https://puck.nether.net/mailman/listinfo/juniper-nsp
>
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>

More information about the juniper-nsp mailing list