[j-nsp] Community matching policy

Krasimir Avramski krasi at smartcom.bg
Mon Mar 31 10:03:25 EDT 2014


With the requirement to use only "invert-match" community definitions let
say:
TEST1 =  everything except 100:100
TEST2 = everything except 101:101
we have !TEST1 OR !TEST2 ( these are target routes you want to accept)  =
!(!!TEST1 && !!TEST2) = !(TEST1 && TEST2)

So define policies:

policy-statement TEST1 {
    term 1 {
        from community TEST1;
        then accept;
    }
    term 2 {
        then reject;
    }
}
policy-statement TEST2 {
    term 1 {
        from community TEST2;
        then accept;
    }
    term 2 {
        then reject;
    }
}

then apply the following policy expression to BGP neighbor: "(!(TEST1 &&
TEST2))":

group test {
    neighbor a.b.c.d {
        import ( ! ( TEST1 && TEST2 ));
    }
}


Best regards,
Krasi



On 31 March 2014 14:00, Andrew Khan <good1uzi at outlook.com> wrote:

>  Hello Krasi,
> Thanks for the reply, appreciated. Sorry I did not mention in my first
> email that I'm trying to find a workaround while using invert-match. Any
> idea on achieving the same results when using invert-match.
>
> Kind regards,
>
>
> ------------------------------
> Date: Mon, 31 Mar 2014 13:41:40 +0300
> Subject: Re: [j-nsp] Community matching policy
> From: krasi at smartcom.bg
> To: good1uzi at outlook.com
> CC: juniper-nsp at puck.nether.net
>
>
> A match 100:100
> B match 101:101
> Your TEST1 term match on !A OR !B <=> !(A AND B), so it effectively
> rejects every route that has NO communities 100:100 AND 101:101 (at the
> same time)
> Your target is to accept A OR B, so you can first match and accept on
> these communities (TEST1 OR TEST2 defined without invert-match) and then
> reject everything else.
>
> Best Regards,
> Krasi
>
>
> On 31 March 2014 12:10, Andrew Khan <good1uzi at outlook.com> wrote:
>
> Hi -
>
> Let's say I want to reject everything except the following communities:
>
> Either 100:100
> OR 101:101
> OR both 100:100 101:100
>
> Tried to setup something:
>
> [edit policy-options]
> policy-statement TEST {
>       term TEST1 {
>           from community [ TEST1 TEST2 ]; ///////Is not it logical OR, and
> matching everything except what I want because of invert-match//////
>            then reject;
>        }
>       term TEST2 {
>      then accept;   //// And then this should accept what I wanted /////
>    }
> }
>
> [edit policy-options]
>    community TEST1 {
>       invert-match;
>        members 100:100;
>    }
>    community TEST2 {
>        invert-match;
>        members 101:101;
>    }
>
> However it is rejecting everything. Any thoughts what I'm missing here or
> perhaps the approach is not correct.
>
> Thanks in advance.
>
>
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>
>
>


More information about the juniper-nsp mailing list