KEMBAR78
Module 5 - Routing Policy | PDF | Routing | Computer Networking
Scribd
Upload
18 views26 pages

Module 5 - Routing Policy

Uploaded by

sayadian
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
18 views26 pages

Module 5 - Routing Policy

Uploaded by

sayadian
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
You are on page 1/ 26

Introduction to Juniper Networks Routers

Module 5: Routing Policy

Copyright © 2006, Juniper Networks, Inc. CJNR-M-7.a.7.6.1


Module Objectives
 After successfully completing this module, you will be
able to:
– State the purpose of routing policy
– Explain the difference between import and export policies
– Describe the default policy for OSPF, IS-IS, and BGP
– Compare route filter match types
– Write multiterm policies
– Correctly apply policy to BGP
– Use the CLI to monitor policy operation
– Describe advanced policy capabilities

Copyright © 2006, Juniper Networks, Inc.


Routing Policy
 Where we are going…
– Overview
– When to use policy
– Import vs. export policy
– Routing policy flow
– Generic policy syntax
– Match conditions
– Match actions
– Default policies
– Policy examples
– Applying policy
– Route filters
– Advanced policy overview

Copyright © 2006, Juniper Networks, Inc.


Policy Overview
 Controls routing information transferred into and out of
the routing table
– Can ignore or change incoming routing information
– Can suppress or change outgoing routing information
 Policies are made up of match/action pairs
– Match conditions can be protocol specific

Copyright © 2006, Juniper Networks, Inc.


When to Apply Policy
 Apply policy when:
– You do not want to import all learned routes into the routing
table
– You do not want to advertise all learned routes to
neighboring routers
– You want one protocol to receive routes from another
protocol
– You want to modify information associated with a route

Copyright © 2006, Juniper Networks, Inc.


Import and Export Policies
 Perform policy filtering with respect to the JUNOS
software routing table
– JUNOS software applies import policy prior to inclusion
in the routing table
– JUNOS software applies export policy only to active
routes in the routing table

Neighbors Neighbors
Import Export
Routes Routing Routes
Table

Protocol Protocol

PFE
Forwarding
Table

Copyright © 2006, Juniper Networks, Inc.


Routing Policy Flow
 Policies can be chained together
 Evaluation normally proceeds left to right until a
terminating action is reached
– Terminating actions are accept or reject
 Individual policies can contain a collection of terms
– Flow control actions such as next-policy supported
Route

Policy 1 Policy 2 Policy n


Term A Term A
Accept Accept Term A
or Reject or Reject Accept
or Reject
Term B Term B
Accept Accept Default
or Reject or Reject Policy Reject
Term C Term C
Accept Accept Accept
or Reject or Reject
Copyright © 2006, Juniper Networks, Inc.
Generic Policy Syntax
Basic policy syntax:

policy-options {
policy-statement policy-name {
term term-name {
from {
match-conditions; A policy
} can have
then {
action;
multiple
} terms
}
}
}

Copyright © 2006, Juniper Networks, Inc.


Match Conditions
 Policies typically contain some form of match criterion
 Possibilities include:
– Neighbor address
– Protocol (source of information)
 BGP, direct, DVMRP, IS-IS, local, MPLS, OSPF,
PIM, RIP, static, aggregate
– Routing protocol information
 OSPF area ID
 IS-IS level number
 BGP attributes
– Regular expression-based matches for AS path and
communities

Copyright © 2006, Juniper Networks, Inc.


Match Actions
 The action associated with a given term/policy is
performed for matching routes:
– Terminating actions
 Accept route
 Reject (or suppress) route
– Flow control actions
 Skip to next policy
 Skip to next term
– Modify attributes actions
 Metric
 Preference
 Color
 Next-hop address

Copyright © 2006, Juniper Networks, Inc.


Default Policies
 Every protocol has a default policy
– The default policy is applied implicitly at the end of the policy chain;
can be overridden with default-action statement
 IS-IS and OSPF
– Import: Accept all routes learned from that protocol
 Import policy is theoretically invalid for link-state protocols
– Export: Accept interface routes, reject all others
 Note: With OSPF, interface routes are not subject to policy
 RIP
– Import all learned RIP routes, export nothing
 RIP requires export policy to announce RIP (or other) routes
 BGP
– Import all routes learned from BGP neighbors
– Export all active routes learned from BGP neighbors to all BGP
neighbors
 EBGP-learned routes are exported to all BGP peers
 IBGP-learned routes are exported to all EBGP peers (assumes logical IBGP full
mesh)

Copyright © 2006, Juniper Networks, Inc.


A Policy Example
 Write a policy statement at the [edit policy-
options] hierarchy:
[edit policy-options]
user@host# show policy-statement advertise-ospf
term pick-ospf {
from protocol ospf;
then accept;
}

 Apply the policy to one or more routing protocol in the


import, export, or both directions:
[edit protocols bgp]
user@host# set export advertise-ospf

Copyright © 2006, Juniper Networks, Inc.


Another Policy Example
 Specifying multiple conditions in a from statement
means that all criteria must match before the action is
taken
[edit]
user@host# show policy-options
policy-statement isis-level2 {
term find-level2-routes {
from {
protocol isis; Logical AND Function
level 2;
}
then accept;
}
}
 To accomplish a logical OR, use separate terms

Copyright © 2006, Juniper Networks, Inc.


Applying Policy
 You must apply policies before they can take effect
 Link-state protocols (IS-IS and OSPF) have only export
filtering points
 BGP and RIP support both import and export policies

[edit protocols]
user@host# show
bgp {
import bgp-import;
export bgp-export;
}
ospf {
export ospf-export;
}

Copyright © 2006, Juniper Networks, Inc.


Apply Routing Policy to BGP
 BGP has three filtering points per direction:
– Global
– Groups of neighbors
– Individual neighbors
 Only the most specific policies are applied to a
particular peer
– Neighbor policy overrides group and global policies
– Group policy overrides global policy

Copyright © 2006, Juniper Networks, Inc.


BGP Policy Application Example
[edit protocols]
user@host# show
bgp {
export local-customers;
group meganet-inc {
type external;
import [ martian-filter long-prefix-filter as-47-filter ];
peer-as 47;
neighbor 1.2.2.4;
neighbor 1.2.2.5;
}
group problem-child {
type external;
import [ as-47-filter long-prefix-filter martian-filter ];
export kill-private-addresses;
peer-as 54;
neighbor 1.2.2.6;
neighbor 1.2.2.7;
neighbor 1.2.2.8 {
import [ reject-unwanted as-666-routes ];
}
}
}

Copyright © 2006, Juniper Networks, Inc.


Route Filters
 Use route filters to match an individual route (or
groups of routes)
– You can specify multiple route filters within a single term
– General syntax in the form of:
route-filter prefix/prefix-length match-type actions;
 Route filter evaluation has special rules according to
the match type
– Match types specify different sets of routes:
 exact
 orlonger
 longer
 upto
 through
 prefix-length-range
– Policy test function is useful for route-filter debugging

Copyright © 2006, Juniper Networks, Inc.


Route Filter Match Types (1 of 2)
 exact
– Match the specified prefix and mask exactly
– No other routes will be included

from route-filter 192.168/16 exact;


 orlonger
– Match the specified prefix and mask exactly
– Also match any routes that start with the same prefix and have
longer masks

 longer
from route-filter 192.168/16 orlonger;
– Do not match the specified prefix and mask exactly
– Match only the routes that start with the same prefix and have
longer masks

from route-filter 192.168/16 longer;

Copyright © 2006, Juniper Networks, Inc.


Route Filter Match Types (2 of 2)
 upto
– Match the specified prefix and mask exactly
– Also match any routes that start with the same prefix and
have a mask no longer than the second value specified
from route-filter 192.168/16 upto /24;
 through
– Match the first specified prefix and mask exactly
– Match the second specified prefix and mask exactly
– Match all prefixes directly between the two prefixes
from route-filter 192.168/16 through 192.168.16/20;
 prefix-length-range
– Match only routes that start with the same prefix and have
a mask between the two values specified (inclusive match)
from route-filter 192.168/16 prefix-length-range /20-/24;

Copyright © 2006, Juniper Networks, Inc.


Match Types Summary
Given a starting prefix of 192.168/16, what matches with
each option?
192.168/16 192.168/16 192.168/16

… … …

… … …
exact orlonger (down to /32) longer (down to /32)
192.168/16 192.168/16 192.168/16

/x
… … …

… … …
/y
upto prefix-length-range /x-/y through
Copyright © 2006, Juniper Networks, Inc.
Route Filter Actions
term term-name {
from {
route-filter dest-prefix match-type actions;
Longest-
route-filter dest-prefix match-type actions; Match
} Lookup
then actions;
}

 Only one route filter in a given term can be considered


a match
– Longest-match lookup is performed on the prefix being
evaluated
 If an action is specified to a route filter, it takes effect
immediately
– The global then portion of the term is ignored
 If specific actions are not defined, the then portion of the term is
executed for matching prefixes

Copyright © 2006, Juniper Networks, Inc.


Test Your Knowledge (1 of 2)
Which action is taken when this policy evaluates
10.0.67.43/32?

[edit policy-options policy-statement pop-quiz]


user@host# show
from {
route-filter 10.0.0.0/16 orlonger accept;
route-filter 10.0.67.0/24 orlonger;
route-filter 10.0.0.0/8 orlonger reject;
}
then {
metric 10;
accept;
}

Copyright © 2006, Juniper Networks, Inc.


Test Your Knowledge (2 of 2)
Which action is taken when this policy evaluates
10.0.55.2/32?

[edit policy-options policy-statement pop-quiz]


user@host# show
from {
route-filter 10.0.0.0/16 orlonger accept;
route-filter 10.0.67.0/24 orlonger;
route-filter 10.0.0.0/8 orlonger reject;
}
then {
metric 10;
accept;
}

Copyright © 2006, Juniper Networks, Inc.


Monitoring Policy Operation
Route Import Export
Neighbors Neighbors
Filters Policy Policy
Routes Routing
Routes
Table

Protocol Protocol

show route receive-protocol bgp neighbor


Show routes before import policy

show route advertising-protocol bgp neighbor


Shows routes after export policy
 The show route receive-protocol and show
route advertising-protocol commands:
– Display routing updates received before import and after
export policy processing, respectively
 Filtered routes are the exception for import policy
 Question: How can you monitor the effects of your
import policy?
Copyright © 2006, Juniper Networks, Inc.
Review Questions
1. What is the purpose of routing policy?
2. The terms import and export are based on the
perspective of which entity within the router?
3. How does the default policy for OSPF differ from that
of BGP?
4. What types of match conditions are supported in
policy?
5. What types of match actions can you use in policy?
6. Explain the difference between applying policy at the
global, group, and peer levels of BGP.
7. What command would you use to monitor the effects of
your import policy?

Copyright © 2006, Juniper Networks, Inc.


Lab 4: Routing Policy

Lab Objective:
Configure routing policy on your router using
JUNOS software. You will complete this lab by
configuring a policy to the RIP configuration
left in place from the last lab.

Copyright © 2006, Juniper Networks, Inc.

You might also like