- Certification FAQ
- Jncie: Juniper Networks Certified Internet Expert Study Guide: Exam Cert-Jncie-M
- Stay ahead with the world's most comprehensive technology and business learning platform.
- % Free Juniper Certification Exam Questions & Dumps - PrepAway
- Read JNCIE: Juniper Networks Certified Internet Expert Study Guide: Exam CERT-JNCIE-M Ebook
An example of a policy chain can be seen on the Merlot router as: [edit protocols bgp] user Merlot show. The adv-statics, adv-large-aggregates, and adv-small-aggregates policies, in addition to the default BGP policy, make up the policy chain applied to the BGP peers of Merlot.
You could easily make an argument for just converting this policy chain into a single multiterm policy for the internal BGP IBGP peers. While this is certainly true, one of the advantages of a policy chain would be lost: the ability to reuse policies for different purposes. Figure 1. Any EBGP peer providing transit service should only receive aggregate routes whose mask length is smaller than 18 bits.
Any EBGP peer providing peering services should receive all customer routes and all aggregates whose mask length is larger than 19 bits. Each individual portion of these administrative policies is coded into a separate routing policy within the [edit policy-opitons] configuration hierarchy. They then provide the administrators of AS with a multitude of configuration options for advertising routes to its peers.
Cabernet is providing transit service to AS , which allows it to advertise their assigned routing space to the Internet at large. On the other hand, the peering service provided by Zinfandel allows AS to route traffic directly between the Autonomous Systems for all customer routes. The adv-large-aggregates policy is applied to Cabernet to advertise the aggregate routes with a subnet mask length between 16 and 18 bits.
After committing the configuration, we check the routes being sent to AS [edit protovols bgp] user Merlot set group Ext-AS export adv-large-aggregates [edit protovols bgp] user Merlot commit [edit protocols bgp] user Merlot run show route advertising-protocol bgp The Lets first verify that we have the correct policy applied: [edit protocols bgp] user Merlot show group Ext-AS type external; export adv-large-aggregates; peer-as ; neighbor The adv-large-aggregates policy is correctly applied.
Lets see if we can find where the other routes are coming from. The show route command provides a vital clue:  user Merlot run show route Merlot has learned this route via its BGP session with Chablis. Remember that the default policy is always applied to the end of every policy chain in the JUNOS software. What we need is a policy to block the more specific routes from being advertised.
- Gods Plan For You: Receiving Your Blessings in Difficult Times.
- Juniper Networks Certification Guide: Overview and Career Paths!
- The American Synthetic Organic Chemicals Industry: War and Politics, 1910-1930.
- Related Links;
- Juniper Certifications;
We create a policy called not-larger-than that rejects all routes within the This ensures that all aggregates with a mask between 16 and 18 bits are advertisedexactly the goal of our administrative policy. It appears as if our policy chain is working correctlyonly the In fact, as long as the not-larger-than policy appears before the BGP default policy in our policy chain we achieve the desired results.
Our administrative policy states that this peer should receive only aggregate routes larger than 18 bits in length and all customer routes. In anticipation of encountering a similar problem, we create a policy called notsmaller-than that rejects all aggregates with mask lengths between 16 and 18 bits. In addition, we apply the adv-statics and adv-small-aggregates policies to announce those particular routes to the peer: [edit policy-options] user Merlot show policy-statement not-smaller-than It looks like this policy chain is working as designed as well.
In fact, after configuring our individual policies, we can use them in any combination on the router. Another useful tool for reusing portions of your configuration is a policy subroutine, so lets investigate that concept next. This similarity also includes the concept of nesting your policies into a policy subroutine. A subroutine in a software program is a section of code that you reference on a regular basis.
A policy subroutine works in the same fashionyou reference an existing policy as a match criterion in another policy. The router first evaluates the subroutine and then finishes its processing of the main policy. Of course, there are some details that greatly affect the outcome of this evaluation. First, the evaluation of the subroutine simply returns a true or false Boolean result to the main policy.
Because you are referencing the subroutine as a match criterion, a true result means that the main policy has a match and can perform any configured actions. A false result from the subroutine, however, means that the main policy does not have a match.
Of course, we cant commit our configuration since we reference a policy we havent yet created. We create the subroutine-policy and check our work: [edit policy-options policy-statement main-policy] user Merlot commit Policy error: Policy subroutine-policy referenced but not defined. The router evaluates the logic of main-policy in a defined manner.
The match criterion of from policy subroutine-policy allows the router to locate the subroutine. All terms of the subroutine are evaluated, in order, following the normal policy processing rules. In our example, all static routes in the routing table match the subroutine with an action of accept. This returns a true result to the original, or calling, policy which informs the router that a positive match has occurred.
The actions in the calling policy are executed and the route is accepted. All other routes in the routing table do not match the subroutine and should logically return a false result to the calling policy.
Jncie: Juniper Networks Certified Internet Expert Study Guide: Exam Cert-Jncie-M
The router should evaluate the second term of main-policy and reject the routes. Keep in mind that the actions in the subroutine do not actually accept or reject a specific route. They are only translated into a true or a false result. Actions that modify a routes attribute, however, are applied to the route regardless of the outcome of the subroutine. The policy subroutine of main-policy is applied as an export policy to Chardonnay.
After establishing the BGP session, we verify that Merlot has static routes to send:.
After applying the policy subroutine to Chardonnay, we check to see if only four routes are sent to the EBGP peer: [edit protocols bgp] user Merlot set group Ext-AS export main-policy  user Merlot run show route advertising-protocol bgp The four local static routes are being sent to Chardonnay, but additional routes are being advertised as well. Lets see if we can figure out where these routes are coming from:  user Merlot run show route We saw a similar problem in the Policy Chains section earlier in the chapter when the BGP default policy was advertising extra routes.
The default policy is affecting the outcome in this case as well, but not in the way that you might think.
The currently applied policy chain for Chardonnay is main-policy followed by the BGP default policy. The terms of main-policy account for all routes with an explicit accept or reject action, so the BGP default policy is not evaluated as a part of the policy chain. It is being evaluated, however, as a part of the subroutine, which brings up the second important concept concerning a policy subroutine. The default policy of the protocol where the subroutine is applied is always evaluated as a part of the subroutine itself. In our case, the BGP default policy is evaluated along with subroutine-policy to determine a true or false result.
Stay ahead with the world's most comprehensive technology and business learning platform.
The actions of the default policy within the subroutine mean that you are actually evaluating a policy chain at all times. Using this new concept of a subroutine alters the logic evaluation of the subroutine. All static and BGP routes in the routing table return a true result to the calling policy while all other routes return a false result to the calling policy. This clearly explains the routes currently being advertised to Chardonnay.
To achieve the result we desire, we need to eliminate the BGP default policy from being evaluated within the subroutine.
% Free Juniper Certification Exam Questions & Dumps - PrepAway
This is easily accomplished by adding a new term to subroutine-policy as follows: [edit policy-options policy-statement subroutine-policy] user Merlot show. When we check the results of this new subroutine, we see that only the local static routes are advertised to Chardonnay:  user Merlot run show route advertising-protocol bgp Determining the Logic Result of a Subroutine It is worth noting again that the configured actions within a subroutine do not in any way affect whether a particular route is advertised by the router.
The subroutine actions are used only to determine the true or false result.
To illustrate this point, assume that main-policy is applied as we saw in the Policy Subroutines section. Because they are rejected within the subroutine, there is no need within main-policy for an explicit then reject term. You may already see the flaw in this configuration, but lets follow the logic. The router evaluates the first term of main-policy and finds a match criterion of from policy subroutine-policy.
It then evaluates the first term of the subroutine and finds that all static routes have an action of then accept.
Read JNCIE: Juniper Networks Certified Internet Expert Study Guide: Exam CERT-JNCIE-M Ebook
This returns a true result to main-policy, where the subroutine-as-a-match term has a configured action of then accept. The static routes are now truly accepted and are advertised to the EBGP peer. When it comes to the BGP routes in the routing table, things occur a bit differently. This returns a false result to main-policy, which means that the criterion in the subroutine-asa-match term doesnt match.
This causes the routes to move to the next configured term in mainpolicy, which has no other terms. The router then evaluates the next policy in the policy chain the BGP default policy. Prefix Lists The use of the policy subroutine in the previous section was one method of advertising a set of routes by configuring a single section of code. The JUNOS software provides other methods of accomplishing the same task, and a prefix list is one of them.
A prefix list is a listing of IP prefixes that represent a set of routes that are used as match criteria in an applied policy. Such a list might be useful for representing a list of customer routes in your AS. A prefix list is given a name and is configured within the [edit policy-options] configuration hierarchy. Using Figure 1. This means that Merlot, whose loopback address is The Muscat and Chablis routers assign customer routes within the Merlot has been designated the central point in AS to maintain a complete list of customer routes.
It configures a prefix list called all-customers as so:  user Merlot show policy-options prefix-list all-customers As you look closely at the prefix list you see that there are no match types configured with each of the routes as you might see with a route filter. This is an important point when using a prefix list in a policy. In other words, each route in the list must appear in the routing table exactly as it is configured in the prefix list. All the routes in the all-customers prefix list appear in the current routing table:  user Merlot run show route Prf 0 5 5 5 5 10 10 This comparison also holds true when we discuss a policy expression.
A policy expression within the JUNOS software is the combination of individual policies together with a set of logical operators. This expression is applied as a portion of the policy chain.