[j-nsp] Leaking OSPF routes into ISIS
saku at ytti.fi
Thu Oct 6 11:33:23 EDT 2016
On 6 October 2016 at 18:12, Hugo Slabbert <hugo at slabnet.com> wrote:
> I generally create an explicit 'reject-all' policy and stick that at the end
> of policy lists, rather than nesting the reject within an existing policy.
> It's a bit clearer.
Always terminate as late as sensible policy design allows, as it'll
make it more extendable, not needing to rewrite those special cases,
just add new policy. To that effect, also consider default-action
reject instead of reject, so that you mark route to be rejected,
unless later otherwise told, this is again useful if you have that one
special hack, you don't need to rewrite anything, just chain new small
hack policy to revert that decision.
More information about the juniper-nsp