77. Routing Policy Example
Now that we’ve understood what a routing policy is and what the structure of a routing policy looks like, let’s look at an example. So we know that a routing policy has a policy statement. It then has terms defined within it. Terms are like if then statements, if everything matches, we can perform a specific set of actions and for match conditions we can use from statements or to statements. From statements I used to match incoming routes and to statements I used to match outgoing routes. Now let’s look at an example here. Let’s say we have a couple of routers and these routers have been configured to use the RIP routing protocol. Router one has a connected network, which is one seven to 16 1.0/16, and router two has two connected networks, one ninety 168.1.0/24 and 10, 0 one 0/twenty four. Let’s say we are configuring router one and we want to configure a routing policy to only allow the import of the route one 90 to 168.1.0/24. We do not want to accept any other routes.
How would we configured this so the configuration will look like this. Notice we are under the policy options configuration hierarchy. We have configured a policy statement called RIP Import. Keep in mind, the policy statement is just an identifier. It does not become an import policy just because we name it as rape. Import. Whether it will be used as an import or an export policy will depend on how we can figure it. So the policy statement is called rip import. We have two terms. Term one is configured to match anything that comes from the protocol rip. And then we’ve applied a root filter. I know we haven’t spoken about the root filters yet, but by looking at it, you will get an idea of what it really does. The root filter is configured to match the prefix one 90 to 168.0.01 0 last sixteen or any longer prefix. We’ll talk about Routt filters and match types like or longer in an upcoming video, but what we are doing here is that we are trying to match only routes that have a prefix length of one 90 to 168.0.01. Last 16 or anything longer than that in the configuration example that we saw here. Our prefix that we wanted to match was one 90 to 168. One . 0./twenty four. That is a subset of what we’ve configured here. So that is going to match. The action for that term is to accept.
For all other routes, we’re going to use term number two. Notice we’ve admitted the firm statement. That means all other routes are going to match term to and the action is to reject. So that’s how we can configure a routing policy to control what routes we want to import or what routs we want to export. Let’s also look at a simple export policy. The policy statement is rape export. In this case, we only have one term. We’re using the key word to to match an outgoing route. And we are matching on to protocols, direct and rip. And the action is to accept. Now, let’s also get to the Junos terminal and see how the configuration would look like. All right, I’m here at Junos terminal. We’ll try to configure a simple routing policy just to see the options that are available to us when we can figure this. I’m right now in the configuration mode. I’m first going to enter the edit policy options configuration mode. All right. We first need to start by defining a policy. So let’s say edit and let’s do a question mark here. The key word that we are looking for is policy statement. So we’ll to edit policy statement. Question mark. We need to provide a name. Let’s call this as rip policy. Now we need to configure the terms. We know that a policy is made up of terms. Right. So we’ll do edit and let’s do a question mark here. We can do. Term question mark. And let’s provide a term name. Let’s just call this as a term one, added term. Term one. Press enter. Now we can provide the match conditions. So set space question mark. We can see it from two and then. Let’s do from set from.
And if I do a question mark here, you’ll notice there are so many options to match a route. We can be very, very flexible with this. For example, we can match a protocol. We can match an interface, we can match a family. We can also match a preference value, we can match a root filter. We can match a prefix list. We’ll talk about this in an upcoming video right now. Let’s keep it simple. We’re going to say set from protocol. And if I do a question mark, you will see all the routing protocols here. Let’s say RIP. Let’s also add one more match condition. So we’ll do set from interface. And now we can provide the interface name. Je e0 0 0. Let’s do a show. So right now we’ve got a firm statement.
Now we can define them action, so we’ll do set then question mark. And again, you’ll notice there’s so many actions that we can take. For example, we can accept the route or we can choose to reject the route. Notice, we also have the option to set the preference value off the route. We have some other options as well, like we can set the forwarding class for that route. And we also have this keyword here called Next. That allows us to specify if we want to move evaluation to the next policy or the next term. Right now, I’m going to say set, then accept. And if we look at the policy right now, this is how it will look like. In fact, if we go one level up or two levels up and now if we do a show, this is how our policy will look like. So that’s the configuration of a simple routing policy.
78. Prefix Lists
Now, let’s talk about prefixed lists. What is a prefixed list? Well, a prefix list is a named list of IP addresses that can be used to match roots. So, simply put is just a list of IP addresses that we would configure to match roots. It is configured under the edit policy options hierarchy, the same place where you would configure a routing policy. The advantage of creating a Prefect’s list is that it can be configured once and referenced in multiple terms within a single policy or in different policies. It can be used with routing policies and five also the ters. A use case for a prefix list is where I want to match a specific set of roots that belong to my customers. Let’s look at a configuration example. So here I have a prefix list called R FC 1918 that matches private IP addresses. So we’ve got three IP address ranges, 10 .s or 080/eight one seven to . 16 0 0/twelve and one ninety two 168.0 0/16. Here we have a policy statement called My Policy, and we have a term called Reject or F.C. 1918. Where we are trying to match roots that match the prefix list, or FC 1918. If that’s a match, the configure an action is to reject. Think of the advantage of configuring a prefix list. Let’s add this prefix list is used in multiple places. In my configuration. And I now want to update the route in that prefix list. Imagine if we did not have a prefix list and we had to explicitly configure the routes in multiple places. When I want to update my routes, I would have to update the configuration at multiple places.
That will take a longer amount of time. And there’s also a chance of a configuration error because we are doing it multiple times. With a prefix list, if we need to update the roots, we only need to perform the changes in one common place. It makes applying the changes faster and reduces the chances of configuration errors. Imagine a prefix list that looks like this. In this case, we have a Prefect’s list called VPN clients where we’re trying to match so many routes. Think of a service provider environment where you have multiple customers. In that case, you could have prefix list that are trying to match a lot of routes. It makes configuration very easy because you just have one place where you can go and update your routes. Now let’s get to the Junos terminal and see how to configure this. All right, I’m here at the Junos terminal and I’m already in the configuration mode. I’ll first navigate to edit policy options and I’ll start with edit space question mark. And here we have the option to define a prefixed list. Let’s do that. We’ll say edit prefix list. And let’s do a question mark here.
We need to provide a name. Let’s call this as our FC one nine one eight. And now we can use the set command to provide a prefix. So we’ll see a set 10 0 0./eight. Will do set. One seven two 16 0 0./twelve. And we’ll also do one ninety to 168. 0 0. /ed 16. So now I’ve got my prefix list configured. If I do up and then show that we can see the prefix list now we can start using this within a policy. Let’s give that a try. So I’m going to say set policy statement. Just gonna call this as my policy. And we’ll see from. And here you’ll notice we have the option to provide a Prefect’s list to match the route. Also notice we have another similar command that is prefixed list filter. We’ll talk about that very shortly. So a prefix list is used to match roots. Back over here. Here’s another example of a prefix list. In this case, we’ve called it as customer list. And we’re trying to match to IP address ranges 10 one one 0/twenty four and one seven to sixteen. Sixteen. Daudzai or/twenty four.
And here we have the policy statement. The policy statement is called My Policy. The first term is called Customers, where we are trying to match the prefix list defined earlier. The action is to accept and for all other IP address ranges. We have set the action to reject. Now, let’s talk about it, prefix list, filter with the prefix list, filter command, you can specify a match type of exact longer or or longer on the listed prefixes. So unlike a prefix list where you’re performing an exact match with the prefix list filter command, we can perform other match types like longer or longer. We haven’t talked about what longer or longer means. We’ll talk about that in an upcoming video. But the key takeaway here is that when you choose to use a prefix list with the prefix list filter command. You can not only do an exact match. You can also do other match types like longer or longer. Another key difference is that you can specify an optional action to be taken if the filter matches. And the action is part of the prefixed list, filter command. When specified, the action is executed immediately after the match occurs and the then statement is not evaluated. So there are two key differences between the prefixed list command and the prefix list filter command with the prefix list filter command. You can use the configured prefix list for an exact match, or you can perform other match types and you can also configured an action to be taken along with the match condition.
So here’s an example of what it looks like. We have the same prefix list are FC one nine one eight. And this time in the policy statement, instead of using the prefix list command, we are using the prefix list filter command. We’ve called the same prefix list are FC one nine one eight. But this time we’ve specified a different match type because the prefix list filter command supports additional match types. So here we’ve specified or longer and we’ve specified the action along with the match conditions. In this case, the action will be immediately applied and the then statement will be ignored. Back to the Junos terminal. If we do set policy statement, my policy in from and let’s start with Prefect’s list. Prefix list.
And if I do a question mark here, I can provide my prefix list name, which is our FC one nine one eight when a scroll up and check the name. There you go. It’s our F.C. one nine one eight. I haven’t committed my configuration yet, so we can’t use the tacky cell, type it in our FC one nine one eight. And if I do a question mark here, you’ll notice we are executing the statement when we use the command prefix list. Now, let’s change this. I’m going to change this to prefix list filter. We need to provide the list name. So that’s our FC one nine one eight. And notice, we now have the option for exact match or a longer match or or longer. So let’s say we waited longer. And if I do a question mark here. Now we can specify additional actions over here. So those are the two key differences between using a prefix list and a prefix list filter. A prefix list will only do an exact match, whereas a prefix list filter allows exact longer or longer matches. And it also allows you to specify an action as part of the match condition.
79. Prefix List vs Prefix List Filter
We’ve talked about the technical difference between a prefix list and a prefix list filter. Now let’s take the example of an incoming route and see what would be the impact if we used prefix list versus prefix list filter. So here’s my configuration. I have a prefix list called FC 1918, which is used to match the private IP address ranges. And here’s my policy statement. I have a term called Import R.F. 1918, which is matching on the prefix list. FC 1918. Let’s say we have two routers are one and our two. The routing policy is applied on router are one before applying the routing policy, the routing table of our one looks like this. It only has one route matching 0 SLAs. You know, the routing table looks incomplete. We do not have the type of rout. And the next top IP address. But for this discussion, the destination alone is sufficient. So in this case, Rueter are one only has one destination address configured, which is 0 less 0. At this point, Rueter are two is trying to send a route which is 10 or 0.01 0/eight. Looking at the routing policy, we can see that this is an exact match in the prefix list or FC 1918. So will this route be accepted into the routing table? The answer is yes, because a prefix list will perform an exact match. So the routing table will be updated to look like this. Now, let’s look at another example. We have the same routing table. We have the same policy statement.
This time, Rueter are two is trying to send a route that looks like this one seven two 16 0 0/twenty four. Will this route be accepted by router? Are one looking at the Prefect’s list? We’ve defined one seven two 16 0.01 less twelve. But the incoming route is one seven two 16 0 0/twenty four. In this case, we do not have an exact match. So this route will not be added to the routing table. So this is very important to keep in mind. A prefixed list will always perform an exact match. Now let’s change this configuration to a prefixed list philtre. We have the same prefix list. We have the same policy statement and term, but this time we are using the keyword prefix list filter our FC 1918 and the match type is or longer. And the action is except we have the same two routers are one and our two. This is the routing table of our one 0 less 0. And again, we have the same incoming route one seven two 16 0 0/24. In this case, will the route be accepted? The answer is yes. Even though the prefix list defines the IP address range as one seven to 16 0.01 Leisz twelve. The incoming route is a longer route. Look at the subnet mask. It is a longer match. So one seven two 16 0 0/24 is longer than one seven two 16, 0 0 /ed twelve. This route will be accepted and the routing table will be updated. This is how you prefix list and a prefix list filter can affect an incoming route.
