[j-nsp] Match multiple bgp communities in a policy with AND condition

Olivier Benghozi olivier.benghozi at wifirst.fr
Thu Apr 6 13:47:09 EDT 2017 

We use some same kinds of things here, that is subpolicies expressions (or subpolicies chains at other places):


policy-statement Blah {
    term MyTerm {
        from {
            policy ( ! (( ! A ) && B && ( C || D )));
        }
        then next policy;
    }

policy-statement A {
    term match {
        from community com-A;
        then accept;
    }
    term default {
        then reject;
    }
}
policy-statement B {
    term match {
        from community com-B;
        then accept;
    }
    term default {
        then reject;
    }
}
policy-statement C {
    term match {
        from community com-C;
        then accept;
    }
    term default {
        then reject;
    }
}
policy-statement D {
    term match {
        from community com-D;
        then accept;
    }
    term default {
        then reject;
    }
}

community com-A members 123:1;
community com-B members 123:2;
community com-C members 123:3;
community com-D members 123:4;


> Le 6 avr. 2017 à 17:59, serge vautour <sergervautour at gmail.com> a écrit :
> 
> IMHO whether you add a community to a policy term match statement or add a
> community to a community members list, you still have to add the community
> somewhere. I don't see how you get from 2x10 to 100.... Maybe I don't
> understand the ask.
> 
> The only way I know how to get the AND logic to work in a single policy
> term is to call another policy. This isn't tested but something like this:
> 
> [edit policy-options]
> +   policy-statement communityb {
> +       term term1 {
> +           from community b;
> +           then accept;
> +       }
> +   }
> +   policy-statement xy {
> +       term term1 {
> +           from {
> +               community a;
> +               policy communityb;
> +           }
> +           then accept;
> +       }
> +   }
> [edit policy-options]
> +   community a members 123:1;
> +   community b members 123:2;
> 
> 
> I hope this helps.
> Serge
> 
> 
> On Thu, Apr 6, 2017 at 12:10 PM, "Rolf Hanßen" <nsp at rhanssen.de> wrote:
> 
>> Hello Serge,
>> 
>> this works, but that is exactly the config I would like to avoid.
>> In case of 2 communities this adds a third one, but in case of 2x 10
>> communities that can be combined this adds 100 additional communities.
>> 
>> kind regards
>> Rolf
>> 
>>> Hello,
>>> 
>>> Have you tried this?
>>> 
>>> set policy-options community MATCH2 members [ 123:1 123:2 ]
>>> 
>>> I believe this will result in a logical AND.
>>> 
>>> Serge
>>> 
>> 
>> 
>> 
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp

More information about the juniper-nsp mailing list