Merging Policies

In the following example IP policy p1 and IP policy p2 are attached at interface atm5/0.1 as input attachments. Subsequently, policy p3 is attached at the same point. Then policies p1 and p2 are attached as output at atm 5/0.2.

  1. Create IP policy p1.
    host1(config)#ip classifier-list C1 tcp host 1.1.1.1 any eq 80 host1(config)#ip classifier-list C2 icmp any any 8 0 host1(config)#ip policy-list p1 host1(config-policy)#classifier-group C1 precedence 90 host1(config-policy-classifier-group)#forward next-hop 10.1.1.1 host1(config-policy-classifier-group)#exit host1(config-policy)#classifier-group C2 precedence 10 host1(config-policy-classifier-group)#filter host1(config-policy-classifier-group)#exit
  2. Create IP policy p2.
    host1(config)#ip classifier-list C1 tcp host 1.1.1.1 any eq 80 host1(config)#ip classifier-list C3 ip any host 2.2.2.2 host1(config)#ip policy-list p2 host1(config-policy)#classifier-group C1 precedence 90 host1(config-policy-classifier-group)#forward next-hop 20.1.1.1 host1(config-policy-classifier-group)#exit host1(config-policy)#classifier-group C3 precedence 10 host1(config-policy-classifier-group)#filter host1(config-policy-classifier-group)#exit host1(config-policy)#classifier-group * precedence 1000 host1(config-policy-classifier-group)#forward host1(config-policy-classifier-group)#exit
  3. Attach IP policy p1 as input at interface atm5/0.1.
    host1(config)#Interface atm 5/0.1 host1(config-subif)#ip policy input p1 statistics enable merge host1(config-subif)#exit
  4. Attach IP policy p2 as input at interface atm 5/0.1. A merged policy is created.
    host1(config)#Interface atm 5/0.1 host1(config-subif)#ip policy input p2 statistics enable merge host1(config-subif)#exit
  5. Display the policy lists.
    host1#show policy-list
    
                                      Policy Table
                                      ------ -----
    IP Policy p1
       Administrative state: enable
       Reference count:      1
       Classifier control list: C2, precedence 10
          filter
       Classifier control list: C1, precedence 90
          forward
             Virtual-router: default
             List:
               next-hop 10.1.1.1, order 100, rule 2 (active)
       Referenced by interfaces: 
          None
       Referenced by profiles: 
          None
       Referenced by merge policies:
          mpl_5
    IP Policy p2
       Administrative state: enable
       Reference count:      1
       Classifier control list: C3, precedence 10
          filter
       Classifier control list: C1, precedence 90
          forward
             Virtual-router: default
             List:
               next-hop 20.1.1.1, order 100, rule 3 (active)
       Classifier control list: *, precedence 1000
          forward
       Referenced by interfaces: 
          None
       Referenced by profiles: 
          None
       Referenced by merge policies:
          mpl_5
    IP Policy mpl_5
       Administrative state: enable
       Reference count:      1
       Classifier control list: C2, precedence 10
          filter
       Classifier control list: C3, precedence 10
          filter
       Classifier control list: C1, precedence 90
          forward
             Virtual-router: default
             List:
               next-hop 10.1.1.1, order 100, rule 2 (active)
               next-hop 20.1.1.1, order 100, rule 3 (reachable)
       Classifier control list: *, precedence 1000
          forward
       Referenced by interfaces: 
          ATM5/0.1  input policy, statistics enabled, virtual-router default
       Referenced by profiles: 
          None
       Component policies:
          p1
          p2
  6. Show configuration.
    host1#show conf
    
    ! Configuration script being generated on TUE APR 26 2005 17:33:01 UTC
    ! Juniper Edge Routing Switch ERX1440
    ! Version: 9.9.9 development-4.0 (April 4, 2005  15:39)
    ! Copyright (c) 1999-2005 Juniper Networks, Inc.  All rights reserved.
    ! 
    ! Commands displayed are limited to those available at privilege level 15
    !
    …
    interface atm 5/0.1
     ip policy input p1 statistics enabled merge
     ip policy input p2 statistics enabled merge
     exit
    …
    …
    ip policy-list p1
     classifier-group C2 precedence 10
      filter
     classifier-group C1 precedence 90
      forward next-hop 10.1.1.1
    !
    ip policy-list p2
     classifier-group C3 precedence 10
      filter
     classifier-group C1 precedence 90
      forward next-hop 20.1.1.1
     classifier-group * precedence 1000
      forward
    !
    …
    …
    ! End of generated configuration script.
  7. Display interface statistics.
    host1#show ip interface atm 5/0.1
    
    ATM5/0.1 line protocol Atm1483 is up, ip is up
      Network Protocols: IP
      Internet address is 99.99.99.2/255.255.255.0
      Broadcast address is 255.255.255.255
      Operational MTU = 9180  Administrative MTU = 0
      Operational speed = 155520000  Administrative speed = 0
      Discontinuity Time = 721112
      Router advertisement = disabled
      Proxy Arp = disabled
      Network Address Translation is disabled
      TCP MSS Adjustment = disabled
      Administrative debounce-time = disabled 
      Operational debounce-time    = disabled 
      Access routing = disabled 
      Multipath mode = hashed
      Auto Configure = disabled
      Auto Detect = disabled
      Inactivity Timer = disabled
      In Received Packets 0, Bytes 0
        Unicast Packets 0, Bytes 0
        Multicast Packets 0, Bytes 0
      In Policed Packets 0, Bytes 0
      In Error Packets 0
      In Invalid Source Address Packets 0
      In Discarded Packets 0
      Out Forwarded Packets 0, Bytes 0
        Unicast Packets 0, Bytes 0
        Multicast Routed Packets 0, Bytes 0
      Out Scheduler Dropped Packets 0, Bytes 0
      Out Policed Packets 0, Bytes 0
      Out Discarded Packets 0
      IP policy input mpl_5
        classifier-group C2 entry 1
          0 packets, 0 bytes
          filter
        classifier-group C3 entry 1
          0 packets, 0 bytes
          filter
        classifier-group C1 entry 1
          0 packets, 0 bytes
          forward
        classifier-group * 
          0 packets, 0 bytes
          forward
      queue 0: traffic class best-effort, bound to ip ATM5/0.1
        Queue length 0 bytes 
        Forwarded packets 0, bytes 0
        Dropped committed packets 0, bytes 0
        Dropped conformed packets 0, bytes 0
        Dropped exceeded packets 0, bytes 0
  8. Attach IP policy p1 at atm 5/0.2 as output.
    host1(config)#interface atm 5/0.2 host1(config-subif)#ip policy output p1 statistics enable merge host1(config-subif)#exit
  9. Attach IP policy p2 at atm 5/0.2 as output. Merge policy mpl_5 is now attached.
    host1(config)#interface atm 5/0.2 host1(config-subif)#ip policy output p2 merge host1(config-subif)#exit
  10. Display policies to verify that mpl_5 is created.
    host1#show policy-list
    
                                      Policy Table
                                      ------ -----
    IP Policy p1
       Administrative state: enable
       Reference count:      1
       Classifier control list: C2, precedence 10
          filter
       Classifier control list: C1, precedence 90
          forward
             Virtual-router: default
             List:
               next-hop 10.1.1.1, order 100, rule 2 (active)
       Referenced by interfaces: 
          None
       Referenced by profiles: 
          None
       Referenced by merge policies:
          mpl_5
    IP Policy p2
       Administrative state: enable
       Reference count:      1
       Classifier control list: C3, precedence 10
          filter
       Classifier control list: C1, precedence 90
          forward
             Virtual-router: default
             List:
               next-hop 20.1.1.1, order 100, rule 3 (active)
       Classifier control list: *, precedence 1000
          forward
       Referenced by interfaces: 
          None
       Referenced by profiles: 
          None
       Referenced by merge policies:
          mpl_5
    IP Policy mpl_5
       Administrative state: enable
       Reference count:      2
       Classifier control list: C2, precedence 10
          filter
       Classifier control list: C3, precedence 10
          filter
       Classifier control list: C1, precedence 90
          forward
             Virtual-router: default
             List:
               next-hop 10.1.1.1, order 100, rule 2 (active)
               next-hop 20.1.1.1, order 100, rule 3 (reachable)
       Classifier control list: *, precedence 1000
          forward
       Referenced by interfaces: 
          ATM5/0.1  input policy, statistics enabled, virtual-router default
          ATM5/0.2  output policy, statistics enabled, virtual-router default
       Referenced by profiles: 
          None
       Component policies:
          p1
          p2
  11. Create and attach IP policy p3 at atm 5/0.1. A new merge policy mpl_7 is created, which is a combination of p1, p2, and p3. The previous merge policy attachment is removed.
    host1(config)#ip classifier-list C4 udp host 1.1.1.1 any eq 900 host1(config)#ip policy-list p3 host1(config-policy)#classifier-group C4 precedence 900 host1(config-policy-classifier-group)#color red host1(config-policy-classifier-group)#exit host1(config-policy)#classifier-group C1 precedence 80 host1(config-policy-classifier-group)#color yellow host1(config-policy-classifier-group)#exit host1(config-policy)#exit host1(config)#interface atm 5/0.1 host1(config-subif)#ip policy input p3 statistics enable merge host1(config-subif)#exit
  12. Display policies to verify that mpl_5 and mpl_7 have been created.
    host1#show policy-list
    
                                      Policy Table
                                      ------ -----
    IP Policy p1
       Administrative state: enable
       Reference count:      2
       Classifier control list: C2, precedence 10
          filter
       Classifier control list: C1, precedence 90
          forward
             Virtual-router: default
             List:
               next-hop 10.1.1.1, order 100, rule 2 (active)
       Referenced by interfaces: 
          None
       Referenced by profiles: 
          None
       Referenced by merge policies:
          mpl_5
          mpl_7
    IP Policy p2
       Administrative state: enable
       Reference count:      2
       Classifier control list: C3, precedence 10
          filter
       Classifier control list: C1, precedence 90
          forward
             Virtual-router: default
             List:
               next-hop 20.1.1.1, order 100, rule 3 (active)
       Classifier control list: *, precedence 1000
          forward
       Referenced by interfaces: 
          None
       Referenced by profiles: 
          None
       Referenced by merge policies:
          mpl_5
          mpl_7
    IP Policy p3
       Administrative state: enable
       Reference count:      1
       Classifier control list: C1, precedence 80
          color yellow
       Classifier control list: C4, precedence 900
          color red
       Referenced by interfaces: 
          None
       Referenced by profiles: 
          None
       Referenced by merge policies:
          mpl_7
    IP Policy mpl_5
       Administrative state: enable
       Reference count:      1
       Classifier control list: C2, precedence 10
          filter
       Classifier control list: C3, precedence 10
          filter
       Classifier control list: C1, precedence 90
          forward
             Virtual-router: default
             List:
               next-hop 10.1.1.1, order 100, rule 2 (active)
               next-hop 20.1.1.1, order 100, rule 3 (reachable)
       Classifier control list: *, precedence 1000
          forward
       Referenced by interfaces: 
          ATM5/0.2  output policy, statistics enabled, virtual-router default
       Referenced by profiles: 
          None
       Component policies:
          p1
          p2
    IP Policy mpl_7
       Administrative state: enable
       Reference count:      1
       Classifier control list: C2, precedence 10
          filter
       Classifier control list: C3, precedence 10
          filter
       Classifier control list: C1, precedence 80
          forward
             Virtual-router: default
             List:
               next-hop 10.1.1.1, order 100, rule 2 (active)
               next-hop 20.1.1.1, order 100, rule 3 (reachable)
          color yellow
       Classifier control list: C4, precedence 900
          color red
       Classifier control list: *, precedence 1000
          forward
       Referenced by interfaces: 
          ATM5/0.1  input policy, statistics enabled, virtual-router default
       Referenced by profiles: 
          None
       Component policies:
          p1
          p2
          p3
  13. Detach p2 from atm 5/0.1. A new merge policy mpl_8 is created, which is a combination of p1 and p3. The previous merge policy mpl_7 is detached and, because this policy has no attachments, it is deleted.
    host1(config)#interface atm 5/0.1 host1(config-subif)#no ip policy input p2 host1(config-subif)#exit
  14. Display policies to verify that the mpl_7 is removed and the new merge policy mpl_8 is created.
    host1#show policy-list
    
                                      Policy Table
                                      ------ -----
    IP Policy p1
       Administrative state: enable
       Reference count:      2
       Classifier control list: C2, precedence 10
          filter
       Classifier control list: C1, precedence 90
          forward
             Virtual-router: default
             List:
               next-hop 10.1.1.1, order 100, rule 2 (active)
       Referenced by interfaces: 
          None
       Referenced by profiles: 
          None
       Referenced by merge policies:
          mpl_5
          mpl_8
    IP Policy p2
       Administrative state: enable
       Reference count:      1
       Classifier control list: C3, precedence 10
          filter
       Classifier control list: C1, precedence 90
          forward
             Virtual-router: default
             List:
               next-hop 20.1.1.1, order 100, rule 3 (active)
       Classifier control list: *, precedence 1000
          forward
       Referenced by interfaces: 
          None
       Referenced by profiles: 
          None
       Referenced by merge policies:
          mpl_5
    IP Policy p3
       Administrative state: enable
       Reference count:      1
       Classifier control list: C1, precedence 80
          color yellow
       Classifier control list: C4, precedence 900
          color red
       Referenced by interfaces: 
          None
       Referenced by profiles: 
          None
       Referenced by merge policies:
          mpl_8
    IP Policy mpl_5
       Administrative state: enable
       Reference count:      1
       Classifier control list: C2, precedence 10
          filter
       Classifier control list: C3, precedence 10
          filter
       Classifier control list: C1, precedence 90
          forward
             Virtual-router: default
             List:
               next-hop 10.1.1.1, order 100, rule 2 (active)
               next-hop 20.1.1.1, order 100, rule 3 (reachable)
       Classifier control list: *, precedence 1000
          forward
       Referenced by interfaces: 
          ATM5/0.2  output policy, statistics enabled, virtual-router default
       Referenced by profiles: 
          None
       Component policies:
          p1
          p2
    IP Policy mpl_8
       Administrative state: enable
       Reference count:      1
       Classifier control list: C2, precedence 10
          filter
       Classifier control list: C1, precedence 80
          forward
             Virtual-router: default
             List:
               next-hop 10.1.1.1, order 100, rule 2 (active)
               next-hop 20.1.1.1, order 100, rule 3 (reachable)
          color yellow
       Classifier control list: C4, precedence 900
          color red
       Referenced by interfaces: 
          ATM5/0.1  input policy, statistics enabled, virtual-router default
       Referenced by profiles: 
          None
       Component policies:
          p1
          p3
  15. Detach p1 from atm 5/0.1. Merge policy mpl_8 is detached and deleted, and only p3 is attached to this interface.
    host1(config)#interface atm 5/0.1 host1(config-subif)#no ip policy input p1 host1(config-subif)#exit
  16. Display policies to verify that p3 is attached to atm 5/0.1 and mpl_8 is removed.
    host1#show policy-list
    
                                      Policy Table
                                      ------ -----
    IP Policy p1
       Administrative state: enable
       Reference count:      1
       Classifier control list: C2, precedence 10
          filter
       Classifier control list: C1, precedence 90
          forward
             Virtual-router: default
             List:
               next-hop 10.1.1.1, order 100, rule 2 (active)
       Referenced by interfaces: 
          None
       Referenced by profiles: 
          None
       Referenced by merge policies:
          mpl_5
    IP Policy p2
       Administrative state: enable
       Reference count:      1
       Classifier control list: C3, precedence 10
          filter
       Classifier control list: C1, precedence 90
          forward
             Virtual-router: default
             List:
               next-hop 20.1.1.1, order 100, rule 3 (active)
       Classifier control list: *, precedence 1000
          forward
       Referenced by interfaces: 
          None
       Referenced by profiles: 
          None
       Referenced by merge policies:
          mpl_5
    IP Policy p3
       Administrative state: enable
       Reference count:      1
       Classifier control list: C1, precedence 80
          color yellow
       Classifier control list: C4, precedence 900
          color red
       Referenced by interfaces: 
          ATM5/0.1  input policy, statistics disabled, virtual-router default
       Referenced by profiles: 
          None
       Referenced by merge policies:
          None
    IP Policy mpl_5
       Administrative state: enable
       Reference count:      1
       Classifier control list: C2, precedence 10
          filter
       Classifier control list: C3, precedence 10
          filter
       Classifier control list: C1, precedence 90
          forward
             Virtual-router: default
             List:
               next-hop 10.1.1.1, order 100, rule 2 (active)
               next-hop 20.1.1.1, order 100, rule 3 (reachable)
       Classifier control list: *, precedence 1000
          forward
       Referenced by interfaces: 
          ATM5/0.2  output policy, statistics enabled, virtual-router default
       Referenced by profiles: 
          None
       Component policies:
          p1
          p2
  17. Detach p3 from atm 5/0.1.
    host1(config)#interface atm 5/0.1 host1(config-subif)#no ip policy input p3 host1(config-subif)#exit
  18. Detach p1 from atm 5/0.2. Merge policy mpl_5 is detached and deleted and only p2 is now attached.
    host1(config)#interface atm 5/0.2 host1(config-subif)#no ip policy output p1 host1(config-subif)#exit
  19. Detach p2 from atm 5/0.2.
    host1(config)#interface atm 5/0.2 host1(config-subif)#no ip policy output p2 host1(config-subif)#exit
  20. Display policies to verify that no merge policies exist and that all other policies have a 0 reference count because they are not attached anywhere.
    host1#show policy-list
    
                                      Policy Table
                                      ------ -----
    IP Policy p1
       Administrative state: enable
       Reference count:      0
       Classifier control list: C2, precedence 10
          filter
       Classifier control list: C1, precedence 90
          forward
             Virtual-router: default
             List:
               next-hop 10.1.1.1, order 100, rule 2 (active)
    IP Policy p2
       Administrative state: enable
       Reference count:      0
       Classifier control list: C3, precedence 10
          filter
       Classifier control list: C1, precedence 90
          forward
             Virtual-router: default
             List:
               next-hop 20.1.1.1, order 100, rule 3 (active)
       Classifier control list: *, precedence 1000
          forward
    IP Policy p3
       Administrative state: enable
       Reference count:      0
       Classifier control list: C1, precedence 80
          color yellow
       Classifier control list: C4, precedence 900
          color red

Related Documentation