[j-nsp] Nested subroutine behaviour
Weber, Markus
Markus.Weber at kpn.de
Wed Feb 27 06:51:25 EST 2019
Jason wrote:
> I’m having a hard time wrapping my head around behaviour with route
> policies that consist of nested subroutines.
> policy-options {
> policy-statement P-TEST1 {
> term SUB1 {
> from policy SUB1;
> then reject;
> }
> }
> policy-statement SUB1 {
> term SUB2 {
> from policy SUB2;
> }
> }
> policy-statement SUB2 {
> term NOMATCH {
> from route-filter 1.1.1.1/32 exact;
> }
> }
> }
To my knowledge:
Subroutines match if they accept and don't match if they reject. If you
don't specify an action, the default should be accept and thus results
in a match.
Accepts/rejects in subroutines aren't used for accepting/rejecting the
route, but used as condition for the from.
As your SUB1 has no explicit action, it will return (default) "accept"
and thus in P-TEST1 "from policy SUB1" will always match. SUB2 adds
nothing here.
It's best if you explicit add reject and accept in sub routines (unless
you just use the sub routine for route manipulation like adding communities,
changing local-pref, but even then it doesn't harm).
https://www.juniper.net/documentation/en_US/junos/topics/usage-guidelines/policy-configuring-subroutines-in-routing-policy-match-conditions.html
Markus
More information about the juniper-nsp
mailing list