Date post: | 04-Apr-2018 |
Category: |
Documents |
Upload: | er-biswajit-biswas |
View: | 221 times |
Download: | 0 times |
of 15
7/30/2019 ABC Training Mod 05 Policy
1/15
Custom Training
Module 6 Routing Policy
7/30/2019 ABC Training Mod 05 Policy
2/15
Policy Overview
Routing policy controls routing information transferredinto and out of the routing table
Ignore or change imported learned routes
Suppress or change advertised active routes
Redistribute routes from one protocol to another protocol
Routing policy consist of match/action pairs
Eliminates need for route maps, access lists, distribution lists,network commands etc. to accomplish a single goal
7/30/2019 ABC Training Mod 05 Policy
3/15
Import and Export Policy
Routing policy is performed from the perspective of therouting table
JUNOS applies import policy prior to route selection andinclusion into the routing table
JUNOS applies export policy to active routes prior to being
sent to neighbor
Juniper Networks Technical Certification Program (JNTCP)
M/T-Series Routers Track
Juniper Networks Technical Certification Program (JNTCP)
Enterprise Routing Track
RoutingTableNeighbor Neighbor
Import Export
7/30/2019 ABC Training Mod 05 Policy
4/15
Default Routing Policy
Every protocol has default policy
A default policy is applied implicitly to the end of both theimport and export policy chain
IS-IS and OSPF
Import: IS-IS and OSPF do not allow import policies andtherefore do not require a default import policy.
Export: The primary purpose of IS-IS and OSPF export policiesare to introduce routes from other protocol.
RIP
Import: Accept all routes imported from RIP neighbors
Export: Reject all routes advertised to RIP neighbors
BGP
Import: Accept all routes imported from BGP neighbors
Export: Accept all routes exported to BGP neighbors in
accordance with the BGP protocol requirements
7/30/2019 ABC Training Mod 05 Policy
5/15
Routing Policy Syntax
Generic policy syntax
policy-options {
policy-statement policy-name {
term term-name {from {
match-conditions;
}
then {
match-actions;
}
}
}}
A policy can have
multiple terms
7/30/2019 ABC Training Mod 05 Policy
6/15
Match Conditions
Policies typically contain some form of match condition
The absence of a match condition means that all possibleroutes match
Possible match conditions include:
Neighbor address
Protocol
The protocol which activated the route in the routing table
Routing protocol information
BGP attributes
OSPF Tag
OSPF area ID
10.10.0.0/16 *[BGP/170]
172.16.30.0/24 *[OSPF/10]
192.168.5.0/24 *[Static/5]
7/30/2019 ABC Training Mod 05 Policy
7/15
Match Actions
The action performed in a term or policy for a givenmatch condition
Terminating actions
Accept route
Reject route
Flow control actions Skip to next term
Skip to next policy
Modify attribute actions
Cost (metric)
Preference
Community (Tag)
Local-preference
7/30/2019 ABC Training Mod 05 Policy
8/15
Route Filters
Route Filters are used to match individual routes orgroups of routes
General syntax in the form of:
Route Filter evaluation depends on the match type
Match types dictate the different route sets
exact
orlonger
longerupto
prefix-length-range
route-filter prefix/prefix-lengthmatch-typeaction;
7/30/2019 ABC Training Mod 05 Policy
9/15
Route Filters
exact
192.168/16
orlonger (down to /32)
192.168/16
192.168/16
192.168/16
192.168/16
longer (down to /32)
/x
/yprefix-length-range /x-/yupto
7/30/2019 ABC Training Mod 05 Policy
10/15
Policy Examples
Write a policy to redistribute RIP routes into OSPF
Policies are configured under the policy-options hierarchy
Apply the policy to OSPF
[edit policy-options]
lab@Denver# show policy-statement rip-to-ospf
term rip-routes {
from protocol rip;
then accept;
}
[edit protocols ospf]
lab@Denver# set export rip-to-ospf
7/30/2019 ABC Training Mod 05 Policy
11/15
Another Policy Example
Multiple match conditions require that all criteria matchbefore the action is applied
Create a policy to redistribute only OSPF area 2 routes
Juniper Networks Technical Certification Program (JNTCP)
M/T-Series Routers Track
[edit]
lab@Denver# show policy-options
policy-statement isis-level2-routes {term l2-routes {
from {
protocol ospf;
area 2;
}
then accept;
}
}
7/30/2019 ABC Training Mod 05 Policy
12/15
Another Policy Example
Configure a multiple term policy
Create a policy to aggregate BGP routes
lab@Denver# show policy-options
policy-statement aggregate-routes {
term reject-specific-routes {
from {
protocol bgp;
route-filter 172.80.0.0/16 longer;
}
then reject;
}
term accept-agg-route {
from {
protocol aggregate;
route-filter 172.80.0.0/16 exact;
}
then accept;
}
}
7/30/2019 ABC Training Mod 05 Policy
13/15
Monitoring Policy Operation
The show route receive-protocol and showroute advertising-protocol commands: Display routing updates received beforeimport and after
export policy processing, respectively
Filtered routes are the exception for import policy
Other tools
test policy command trace action
Neighbors
Protocol
RoutingTable
Neighbors
Protocol
ImportPolicy
Routes Routes
ExportPolicy
show route receive-protocol bgp neighbor
show route advertising-protocol bgp neighbor
Show routes beforeimport policy
Shows routes afterexport policy
RouteFilters
7/30/2019 ABC Training Mod 05 Policy
14/15
Questions
7/30/2019 ABC Training Mod 05 Policy
15/15