Any questions l.jpg
This presentation is the property of its rightful owner.
Sponsored Links
1 / 74

Any Questions? PowerPoint PPT Presentation


  • 180 Views
  • Updated On :
  • Presentation posted in: General

Any Questions?. Protocol Independent Properties and Routing Policy. Routing Capabilities that are not related to a specific routing protocol Protocol Independent Properties (PIP) Routing Policy Need to understand syntax and function. Pg 71. Protocol Independent Properties and Routing Policy.

Download Presentation

Any Questions?

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Any questions l.jpg

Any Questions?


Protocol independent properties and routing policy l.jpg

Protocol Independent Properties and Routing Policy

  • Routing Capabilities that are not related to a specific routing protocol

    • Protocol Independent Properties (PIP)

  • Routing Policy

    • Need to understand syntax and function

Pg 71


Protocol independent properties and routing policy3 l.jpg

Protocol Independent Properties and Routing Policy

  • Understanding the default behavior of routers

    • Static routes

    • Direct routes

  • Understanding the default behavior of routing protocols

    • Default policy

  • Setting up routing policy filters

    • Control what routing updates get into the router and what routing updates are sent out

Pg 71


Protocol independent properties and routing policy4 l.jpg

Protocol Independent Properties and Routing Policy

  • Understanding the default behavior of routers

    • Static routes

    • Direct routes

  • Understanding the default behavior of routing protocols

    • Default policy

  • Setting up routing policy filters

    • Control what routing updates get into the router and what routing updates are sent out

Pg 71


Protocol independent properties l.jpg

Protocol Independent Properties

  • Static, aggregated, and generated routes

  • Global preference

  • Martian routes

  • Route tables and routing information base (RIB) groups

  • Autonomous system (AS) number and router ID

Pg 72


Routing policy l.jpg

Routing Policy

  • Policy overview, import and export policy

  • Policy components (terms, match conditions, actions, policy chains)

  • Route filters

  • Advanced policy concepts

Pg 72


Static aggregate and generated routes l.jpg

Static, Aggregate and Generated Routes

  • Static routes are routes programmed directly on the router

    • Not learned through updates from routing protocols

    • Can be useful

  • Since they aren’t dynamic, use can cause outages when something goes wrong on the network

  • OK for stub networks at the edge

    • Single point of entry/egress anyway

Pg 72


Static aggregate and generated routes8 l.jpg

Static, Aggregate and Generated Routes

  • Can be used to send updates though other protocols like BGP

    • Sending a route that is always up that represents numerous other more specific routes which may or may not be up at any given time

    • Hide instability from other routers

Pg 72


Static aggregate and generated routes9 l.jpg

Static, Aggregate and Generated Routes

  • Static, Aggregate and Generated routes are all defined statically

  • Can all be supernet

    • Represent and aggregated sum of network prefixes

  • Can be subnets

    • Subnetwork of a full class address

Pg 72


Static aggregate and generated routes10 l.jpg

Static, Aggregate and Generated Routes

Pg 73


Static aggregate and generated routes11 l.jpg

Static, Aggregate and Generated Routes

  • Discard

    • A discard next hop results in the silent discard of matching traffic. Silent here refers to the fact that no Internet Control Message Protocol (ICMP) error message is generated back to the source of the packet. You normally choose a discard next hop when the goal is to advertise a single aggregate that represents a group of prefixes, with the expectation that any traffic attracted by the aggregate route will longest-match against one of the more specific routes, and therefore be forwarded according to the related next hop rather than the reject or discard next hop of the aggregate route itself. The use of discard is best current practice when advertising an aggregate because the generation of ICMP error messages can consume system resources and may end up bombarding an innocent third party, as in the case of spoofed source addressing as part of a distributed denial of service (DDoS) attack.

Pg 73


Static aggregate and generated routes12 l.jpg

Static, Aggregate and Generated Routes

  • Reject

    • A reject next hop results in the generation of an ICMP error message reporting an unreachable destination for matching traffic. This is the default next hop type of an aggregated route and for a generated route when it has no contributors.

  • Forwarding

    • A forwarding next hop is used to move traffic to a downstream node, and it is typically specified as the IP address of a directly connected device. Matching traffic is then forwarded to the specified next hop. On a multiaccess network such as a LAN, this involves the resolution of the IP address to a link layer address through the Address Resolution Protocol (ARP) or some form of static mapping. When directing traffic over a point-to-point interface, the next hop can be specified as an interfae name; however, LAN interface types require an IP address next hop due to their multipoint nature.

Pg 73


Forwarding next hop qualifier l.jpg

Forwarding Next Hop Qualifier

  • resolve

    • The resolve keyword allows you to define an indirect next hop for a static route, which is to say an IP forwarding address that does not resolve to a directly connected interface route. For example, you could specify a static route that points to a downstream neighbor’s loopback address. In this case, matching traffic will result in a recursive lookup against the specified (lo0) next hop to select a directly connected forwarding next hop. If a parallel connection exists, the failure of the currently used link results in a new recursive lookup and selection of the remaining link for packet forwarding.

  • qualified-next-hop

    • The qualified-next- hop keyword allows you to define a single static route with a list of next hops that are individually qualified with a preference. In operation, the most preferred qualified next hop that is operational—that is, the next hop can be resolved and the interface that is operational is used. When that next hop is no longer usable, the next-best-qualified next hop is selected. That is to say, when the primary link is down, the router selects the next preferred next hop, which may point to a low-speed backup facility.

Pg 74


Any questions14 l.jpg

Any Questions?


Static vs aggregate l.jpg

Static vs. Aggregate

  • Static routes are active whenever they have a viable next hop

    • Can be a discard/reject for blocking traffic

  • Aggregates need contributing routes

    • A more specific route learned through another mechanism

      • Static definition or OSPF/dynamic routing protocol

      • Contributing routes are more specific than aggregates

        • supernetting

Pg 74


Contributing routes l.jpg

contributing routes

  • Aggregate route 10.1/16 can be activated by route 10.1.1/24

    • It has a longer (more specific) mask and shares the same 16 high-order prefix bits as the aggregate route.

    • The route 10.2.2/24 does not contribute to a10.1/16 aggregate as it does not share the same aggregate prefix.

Pg 74


Contributing routes17 l.jpg

contributing routes

  • Routing Policy can be used to filter what routes can contribute

    • Only active routes are subject to routing policy

  • A given route can only contribute to a single aggregate route

  • Aggregates can contribute to other less specific aggregates

    • 10.0.0.0 /16 can contribute to 10.0.0.0/8

Pg 75


Aggregate vs generated l.jpg

Aggregate vs. Generated

  • Similar in that both require contributers

    • Aggregate always has next hop of discard or reject

  • Generated routes are more like routes of last resort

Pg 75


Any questions19 l.jpg

Any Questions?


Route attributes and flags l.jpg

Route Attributes and Flags

  • When defining static routes you include attributes

    • AS

    • BGP Community

    • Route Tag

    • Metric

    • Etc

  • Attributes don’t always affect usage, depending on protocol in use

Pg 77


Route attributes and flags21 l.jpg

Route Attributes and Flags

  • Can also set flags to control how the route is handled

    • No-advertise flag

      • Prevents that route from being exported to routing protocols

Pg 77


Static route example l.jpg

Static Route Example

  • Route [network/mask] next-hop [IP address]

Pg 79


Route preference l.jpg

Route Preference

  • Routes can be learned from multiple sources

    • Static

    • Direct

    • Dynamic Protocols (RIP, OSPF, BGP, etc)

  • Each source has a preference

    • Used to determine which one to use if multiple results

Pg 78


Slide24 l.jpg

Pg 78


Floating static routes l.jpg

Floating Static Routes

  • Static route with a modified preference

    • Less preferred than one learned dynamically

      • Provide backup to routes that should be dynamic

        [ edit routing-options static route 0. 0. 0. 0/0]

        [email protected]# show

        next-hop 172. 16. 1. 1;

        preference 11;

        [ edit routing-options static route 0. 0. 0. 0/0]

        [email protected]# run show route 200. 0. 0. 0

        inet. 0: 12 destinations, 12 routes (12 active, 0 holddown, 0 hidden)

        + = Active Route, - = Last Active, * = Both

        0. 0. 0. 0/0 *[ Static/11] 00: 00: 06

        > to 172. 16. 1. 1 via fe-0/0/0. 412

Pg 80


Martian routes l.jpg

Martian Routes

  • Route that should not be present

  • Martian table is full of routes that shouldn’t be used

    • Reserved addressing –RFC 1918

  • Martian routes are excluded from route update processing

  • Filters without the use of an export policy

Pg 81


Martian routes27 l.jpg

Martian Routes

  • Can view them

    [ edit routing-options]

    [email protected]# run show route martians table inet. 0

    inet. 0:

    0. 0. 0. 0/0 exact -- allowed

    0. 0. 0. 0/8 orlonger -- disallowed

    127. 0. 0. 0/8 orlonger -- disallowed

    128. 0. 0. 0/16 orlonger -- disallowed

    191. 255. 0. 0/16 orlonger -- disallowed

    192. 0. 0. 0/24 orlonger -- disallowed

    223. 255. 255. 0/24 orlonger -- disallowed

    240. 0. 0. 0/4 orlonger -- disallowed

Pg 81


Martian routes28 l.jpg

Martian Routes

  • Cannot explicitly remove entries, but you can write new ones that will change behavior

Pg 81


Any questions29 l.jpg

Any Questions?


Martian routes30 l.jpg

Martian Routes

  • Cannot explicitly remove entries, but you can write new ones that will change behavior

    [ edit routing-options martians]

    [email protected]# set 0/0 exact (default is deny)

    [ edit routing-options martians]

    [email protected]# show

    0. 0. 0. 0/0 exact;

    After the change is committed, the results are confirmed:

    [ edit routing-options martians]

    [email protected]# run show route martians table inet. 0

    inet. 0:

    0. 0. 0. 0/0 exact -- disallowed

    0. 0. 0. 0/8 orlonger -- disallowed

    127. 0. 0. 0/8 orlonger -- disallowed

    128. 0. 0. 0/16 orlonger -- disallowed

    191. 255. 0. 0/16 orlonger -- disallowed

    192. 0. 0. 0/24 orlonger -- disallowed

    223. 255. 255. 0/24 orlonger -- disallowed

    240. 0. 0. 0/4 orlonger -- disallowed

Pg 81


Routing tables and rob groups l.jpg

Routing Tables and ROB groups

  • Router can maintain many routing tables for specific purposed

  • Automatically created some

    • One for each family

  • Can create your own by using virtual routers or VPNs and Virtual Roue and Forwarding table (VRF)

  • Can also create directly with RIB groups

Pg 83


Default tables l.jpg

Default tables

  • inet.0

    • The inet.0 table is the default unicast route table for the IPv4 protocol. This is the main route table used to store unicast routes such as interface local/direct, static, or dynamically learned routes.

  • inet.1

    • The inet. 1 table serves as a multicast forwarding cache. This table constrains the various IPv4 (S,G) group entries that are dynamically created as a result of join state.

  • inet.2

    • The inet. 2 table houses unicast routes that are used for multicast reverse path forwarding (RPF) lookup, typically as learned through MP-BGP using SAFI 2. The IPv4 unicast routes stored in this table can be used by multicast protocols such as the Distance Vector Multicast Routing Protocol (DVMRP), which requires a specific RPF table. In contrast, PIM does not need an inet. 2 because it can perform RPF checks against the inet. 0 table. You can import routes from inet.0 into inet. 2 using RIB groups, or install routes directly into inet. 2 from a multicast routing protocol.

Pg 83


Default tables33 l.jpg

Default tables

  • inet.3

    • The inet. 3 table contains MPLS LSP information. This table contains the egress address of the MPLS LSP, along with the LSP name and outgoing interface, and is populated by both RSVP and LSP. The inet.3 table is used when the local router functions as the ingress to an LSP.

  • instance_name. inet. 0

    • When you configure a VRF or VR routing instance, the resultant instance creates a route table based on the routing instance’s name. For example, defining a Layer 3 VPN instance called ce1 results in the creation of a route table named ce1. inet. 0. A routing instance differs from a logical router in that various routing instances share a single instance of the routing protocol daemon (rpd), whereas each LR gets its own instance of rpd, which in turn provides greater isolation. Note that LRs are not supported on J-series platforms with the 8.0 release used to write this book.

  • inet6. 0

    • The inet6.0 table is used to house IPv6 unicast route tables.

Pg 83


Default tables34 l.jpg

Default tables

  • bgp. l3vpn.0

    • The bgp. l3vpn.0 table contains routes learned from other Provider Edge (PE) routers in a Layer 3 VPN environment via BGP. Routes in this table are copied into a particular Layer 3 VRF when there is a matching route table.

  • bgp. l2vpn.0

    • The bgp.l2vpn. 0 table contains routes learned from other PE routers in a Layer 2 VPN environment via BGP. The related Layer 2 routing information is copied into Layer 2 VRFs based on matching target communities.

  • mpls.0

    • The mpls. 0 table houses the MPLS label-switching operations used when the local router is acting as a transit label-switching router (LSR) in support of LSPs.

  • iso. 0

    • The iso.0 table houses IS-IS routes, which consist of a network entity title (NET) and a host ID. When using IS-IS in support of IP routing, you can expect to see only the local router’s NET, which is typically assigned to the loopback interface, because in this context the IS-IS protocol is used to convey IP, not ISIS routes.

  • juniper_private

    • JUNOS software needs to communicate internally with service Physical Interface Cards (PICs). The juniper_private tables are created as needed to facilitate these internal communications between the RE and service PIC hardware.

Pg 83


User defined rib and rib groups l.jpg

User Defined RIB and RIB Groups

  • Allows you to create your own route tables and merge information from different tables together.

Pg 86


Any questions36 l.jpg

Any Questions?


Router id l.jpg

Router ID

  • Usually an IP V4 address on the router

  • Used to identify routers when sending and receiving router updates

    • For routing protocols

  • No need for a route to have a route to that IP address, just an identifier

  • Only one RID per router

Pg 88


Router id38 l.jpg

Router ID

  • Different assignments

    • Explicitly with set router-id command

      • [edit routing-options]

      • [email protected]# set router-id 1.1.1.

    • Use the lo0 interface

      • Loopback interfaces don’t go down, so the address is always available

    • If not configured, RID is the primary IP address of the first interface that comes online

      • Usually loopback if set to non 127.0.0.1

Pg 89


Router id39 l.jpg

Router ID

  • To route to RID

    • Since 8.5 you need to set up IGP on the interface

Pg 89


Autonomous system number l.jpg

Autonomous System Number

  • Required for BGP

  • More details in Chapter 5

  • Configured in the routing-options directory

    • [email protected]# Set autonomous-system 100

  • Used by routers to indentify if routing updates are internal or external

  • Pg 89


    Any questions41 l.jpg

    Any Questions?


    Routing policy42 l.jpg

    Routing Policy

    • Used to manage routing information

      • Not related to data

    • Policy is configured in the

      • Edit policy-options level

    • Filters have a similar syntax

    Pg 90


    Routing policy43 l.jpg

    Routing Policy

    • Control what routes are installed into the route table for possible selection as an active route

    • Control what routes are exported from the route table, and into which protocols

    • Alter attributes of routes, either at reception or at the time of advertisement to other peers

    Pg 90


    Routing policy44 l.jpg

    Routing Policy

    • Need routing policy if the default routing policy doesn’t meet your needs

    • For example

      • Directly connected routes aren’t advertised in RIP

      • Need a policy to make that happen

    Pg 90


    When and how is policy applies l.jpg

    When and How is Policy Applies

    • Import Policy

      • Before updates get to the router table

        • Show route receive-protocol bgp

    • Export Policy

      • After routing table but before information is sent to the neighbors

      • Affects what you tell others

    Pg 91


    When and how is policy applies46 l.jpg

    When and How is Policy Applies

    Pg 91


    When and how is policy applies47 l.jpg

    When and How is Policy Applies

    • Link State Protocols don’t send updates the same way

      • OSPF

    • Not much for import policy

    • Check chapter 4

    Pg 91


    General process l.jpg

    General Process

    • Create a policy

      • Set terms

        • Set matches

        • Set Action

    • Apply policy to a protocol

      • Import

      • Export

    Pg 93


    Applying to bgp and rip l.jpg

    Applying to BGP and RIP

    • Different hierarchies available

      • Global

      • Group

      • Neighbor

    • Only most explicit is used

    Pg 93


    Applying to bgp and rip50 l.jpg

    Applying to BGP and RIP

    • Different hierarchies available

      [ edit protocols bgp]

      [email protected]# show

      export global_export;

      group internal {

      export internal_export;

      neighbor 1. 1. 1. 1 {

      export neighbor_1. 1. 1. 1_export;

      }

      neighbor 2. 2. 2. 2;

      }

      group other {

      neighbor 3. 3. 3. 3;

      }

    Pg 93


    Policy chain l.jpg

    Policy Chain

    • Can set multiple policies in order

      • Each policy will be evaluated in order

        [ edit protocols bgp group internal]

        [email protected]# set neighbor 1. 1. 1. 1 export [ global-export internal_export]

        [ edit protocols bgp]

        [email protected]# show group internal neighbor 1. 1. 1. 1

        export [ neighbor_1. 1. 1. 1_export global_export internal_export] ;

      • Only until an accept or reject is made

    Pg 93


    Any questions52 l.jpg

    Any Questions?


    Policy chain behavior l.jpg

    Policy chain behavior

    • Beware of match all or deny all policy

    • Export [accept deny]

      • This will accept all routes. None will even make it to the deny policy in the chain

    • Export [deny accept]

      • This will deny all routes, none will ever make it to the accept policy in the chain

    • Policies in a chain can be re-organized

      • Use insert feature

      • Delete and re-create

    Pg 93


    Policy chain behavior54 l.jpg

    Policy Chain behavior

    • If multiple polices apply at multiple levels only the most specific will work

    • If multiple policies in a chain, work from left to right

      • Until an accept or reject, then stop evaluating

    Pg 93


    Any questions55 l.jpg

    Any Questions?


    Policy components l.jpg

    Policy Components

    • Each policy has one or more terms

      • Terms are added to bottom

      • Terms are evaluated in order

      • Ordering is important

    • Each term has one or more from and then statements

      • From is the match criteria

      • Then is the action

    Pg 93


    Policy components57 l.jpg

    Policy Components

    [ edit policy-options]

    [email protected]# set policy-statement explicit_term term new from protocol direct

    [ edit policy-options]

    [email protected]# set policy-statement explicit_term term new then reject

    [ edit policy-options]

    [email protected]# show policy-statement explicit_term

    term 1 {

    from protocol direct;

    then accept;

    }

    term new {

    from protocol direct;

    then reject;

    }

    Pg 95


    Re order policy terms l.jpg

    Re-order policy terms

    • Since the order of the terms matters, you can insert one term in front of another if necessary

      [ edit policy-options]

      [email protected]# edit policy-statement explicit_term

      [ edit policy-options policy-statement explicit_term]

      [email protected]# insert term new before term 1

      [ edit policy-options policy-statement explicit_term]

      [email protected]# show

      term new {

      from protocol direct;

      then reject;

      }

      term 1 {

      from protocol direct;

      then accept;

      }

    Pg 95


    Logic and or in matching l.jpg

    Logic AND/OR in matching

    • Multiple match criteria in the from statements

      • If multiple statements, all have to match

        • AND

      • If multiple statements in brackets, either one can match

        • OR

          policy-statement test {

          term 1 {

          from {

          protocol [ bgp rip ] ; ##logical OR within brackets

          interface fe-0/0/0. 0; ## logical AND with other match criteria

          }

          then next term;

          }

          }

    Pg 96


    Policy match and criteria l.jpg

    Policy Match and Criteria

    • Many possibilities with the from statement

      • Interface

      • Protocol

      • AS path

      • Source addresses

      • Router filter

        • More advanced

    Pg 96


    Policy actions l.jpg

    Policy Actions

    • Lots of options for the then statement

      • Mostly looking at

      • Reject

      • Accept

      • Next

    Pg 97


    Route filters l.jpg

    Route Filters

    • Helps match on a number of possible addresses

    • More complex syntax

      • Must understand prefixes and the basics of the match commands

    Pg 98


    Binary trees l.jpg

    Binary Trees

    • Basic idea is that you start from the part of the tree that matches your prefix

      • Quick way to filter

    Pg 98


    Any questions64 l.jpg

    Any Questions?


    Binary trees65 l.jpg

    Binary Trees

    • Basic idea is that you start from the part of the tree that matches your prefix

      • Quick way to filter

    Pg 98


    Router filters and match types l.jpg

    Router Filters and Match Types

    • With a route filter you specify a starting prefix and initial prefix length

      • Match type to say how the prefix length is used

    • Prefix length is almost as important as the prefix itself

    Pg 100


    Router filters and match types67 l.jpg

    Router Filters and Match Types

    Pg 101


    Router filters and match types68 l.jpg

    Router Filters and Match Types

    • exact

      • The exact match type is just what it sounds like. To match with exact, both the initial prefix bits must match, and the prefix length must be equal to the value specified. If the prefix bits do not match, or if the prefix length is either shorter or longer, the exact match type does not match. Figure 3-4 shows that route filter 192.168.0.0/16 exact matches only on that node of the J-Tree, to the exclusion of all others.

    • or-longer

      • The or-longer match type matches the specified prefix and initial mask length and matches on prefixes with longer mask lengths when they share the same high-order bits, as indicated by the specified prefix. In this example, the result is a match against 192.168.0.0/16 itself, as well as 192.168.0/17 and 192.168.128/18 and all longer mask lengths, up to /32.

    Pg 100


    Router filters and match types69 l.jpg

    Router Filters and Match Types

    • longer

      • The longer match type excludes the exact match and catches all routes with the same prefix bits, but only when their masks are longer than the prefix length specified. The difference between or-longer and longer is shown in Figure 3-4, where the latter excludes the exact match, which is prefix 192.168.0.0/16 in this case.

    • upto

      • The upto match type matches against the initial prefix and mask length, as well as matching prefixes with masks that are longer than the initial value, upto the ending mask length value. In the example, the initial prefix of 192.168.0.0/16 matches, as well as all other 192.168 prefixes that have mask lengths upto the specified value, which is 18 in this example. Therefore, 192.168.1 92/18 will match, whereas 192.168.1/24 will not.

    Pg 100


    Router filters and match types70 l.jpg

    Router Filters and Match Types

    • longer

      • The longer match type excludes the exact match and catches all routes with the same prefix bits, but only when their masks are longer than the prefix length specified. The difference between or-longer and longer is shown in Figure 3-4, where the latter excludes the exact match, which is prefix 192.168.0.0/16 in this case.

    • upto

      • The upto match type matches against the initial prefix and mask length, as well as matching prefixes with masks that are longer than the initial value, upto the ending mask length value. In the example, the initial prefix of 192.168.0.0/16 matches, as well as all other 192.168 prefixes that have mask lengths upto the specified value, which is 18 in this example. Therefore, 192.168.1 92/18 will match, whereas 192.168.1/24 will not.

    Pg 100


    Router filters and match types71 l.jpg

    Router Filters and Match Types

    • prefix-length-range

      • The prefix-length- range match type matches against routes with the same prefix as specified in the initial mask length, but only when the associated mask falls between the starting and ending values. The result is that the exact match is excluded, whereas routes with the same high-order prefix bits, but masks that fall within the specified range, are accepted. This match type is especially useful when the goal is to filter the route based on mask length alone, which is a common policy within service provider networks, as many refuse to carry routes with masks longer than 28 in an effort to keep route table size manageable. To prevent installation of any route with a mask length longer than /28, you can use a route-filter 0/0 prefix-length-range /28-/32 reject statement. Because the initial prefix length is 0, all prefix values match, making the decision to reject one that is based strictly on mask length.

    • through

      • The through match type is generally misunderstood, and it rarely works the way folks think it should. This is not to say that it is broken, but it has led to this somewhat humorous rule of thumb: “When you are thinking of using through, think again.” In most cases, when people use through, what they wanted is more of the upto or prefix-length-range type of match. The statement is intended to warn the user that in most cases, through is not what you really want, and that the decision to use it should be carefully thought, pardon the pun, through.

    Pg 100


    Router filters and match types72 l.jpg

    Router Filters and Match Types

    • Longest match wins

      • Longest prefix that matches

    • However, if the match type doesn’t include it

      • Wont match

        [ edit policy-options policy-statement test_me]

        [email protected]# show

        from {

        route-filter 200. 0. 0. 0/16 longer reject;

        route-filter 200. 0. 67. 0/24 longer;

        route-filter 200. 0. 0. 0/8 orlonger accept;

        }

        then {

        metric 10;

        accept;

        }

    Pg 100


    Default policies l.jpg

    Default Policies

    • OSPF and IS-IS

      • Default import policy for all link state policy is to accept all learned routes

      • Default export policy is to reject everything

        • LSA flooding is not affected

    Pg 103


    Default policies74 l.jpg

    Default Policies

    • RIP default

      • Import policy default is to accept all received RIP routes that pass a sanity check

    Pg 103


  • Login