Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Navigation
Guide That Contains This Content
[+] Expand All
[-] Collapse All
     

    Related Documentation

     

    Resolving Policy Merge Conflicts

    The set of component policies are first ordered by their name to form the final merged policy. For example, if the component policies sets contain cp_1, cp_3, cp_9, cp_2, the order in which these policies are merged is cp_1, cp_2, cp_3, and cp_9. The merge order is important for resolving merge conflicts.

    Various conflicting combinations of component policies can result in a merged policy that is not a perfect union of the component policies. These conflicts are resolved as they currently are in policy CLI context, where, in any conflict, the most recently executed command takes precedence.

    More than one component policy can contain the same classifier group. If the precedence does not match, the precedence of the classifier group defined in the last component policy becomes the final precedence for this classifier group in the merged policy, as in the following example:

    host1(config)#ip policy-list p1 host1(config-policy)#classifier-group C1 precedence 90 host1(config-classifier-group)#forward host1(config-classifier-group)#exit host1(config)#ip policy-list p2 host1(config-policy)#classifier-group C1 precedence 100 host1(config-classifier-group)#forward host1(config-classifier-group)#exit host1(config)#ip policy-list p3 host1(config-policy)#classifier-group C1 precedence 130 host1(config-classifier-group)#forward host1(config-classifier-group)#exit

    If you combine p1, p2, and p3, you get the following with p1, p2, p3 as the merge order for the set of component policies.

    ip policy-list mpl_10classifier-group C1 precedence 130forwardexit

    For IP, the forward, filter, next-hop, and next-interface rules are mutually exclusive within a classifier group. For all other types, filter and forward rules are mutually exclusive.

    A conflict arises when more than one component policy has the same classifier group and when the rule sets defined in these classifier groups conflict. To resolve the merge conflict, the last command entered replaces any previous conflicting commands for a classifier group, as in the following example:

    host1(config)#ip policy-list p1 host1(config-policy)#classifier-group C1 precedence 90 host1(config-classifier-group)#forward host1(config-classifier-group)#exit host1(config)#ip policy-list p2 host1(config-policy)#classifier-group C1 precedence 90 host1(config-classifier-group)#next-hop 1.1.1.1 host1(config-classifier-group)#exit host1(config)#ip policy-list p3 host1(config-policy)#classifier-group C1 precedence 90 host1(config-classifier-group)#filter host1(config-classifier-group)#exit

    Combining p1 and p2 internally results in:

    ip policy-list mpl_20classifier-group C1 precedence 90next-hop 1.1.1.1exit

    Combining p2 and p3 internally results in:

    ip policy-list mpl_21classifier-group C1 precedence 90filterexit

    Combining p1, p2, and p3 internally results in:

    ip policy-list mpl_22

    classifier-group C1 precedence 90filterexit

    If you have the same policy rule with different parameters, the parameter of the last rule entered with the same type is used, with the exception of IP forward rule, to resolve the conflict, as in the following example:

    host1(config)#ip policy-list p1 host1(config-policy)#classifier-group C1 precedence 90 host1(config-classifier-group)#color red host1(config-classifier-group)#exit host1(config)#ip policy-list p2 host1(config-policy)#classifier-group C1 precedence 90 host1(config-classifier-group)#color yellow host1(config-classifier-group)#exit

    Combining p1 and p2 internally results in:

    ip policy-list mpl_20classifier-group C1 precedence 90color yellowexit

    With the IP policy forward rule, when more forward rules are added to an existing classifier group, the list of forward rules is created. This is also true during merging, as in the following example:

    host1(config)#ip policy-list p1 host1(config-policy)#classifier-group C1 precedence 90 host1(config-classifier-group)#forward next-hop 1.1.1.1 host1(config-classifier-group)#exit host1(config)#ip policy-list p2 host1(config-policy)#classifier-group C1 precedence 90 host1(config-classifier-group)#forward next-interface atm 5/0.1 host1(config-classifier-group)#exit host1(config)#ip policy-list p2 host1(config-policy)#classifier-group C1 precedence 90 host1(config-classifier-group)#forward next-interface fastEthernet 4/0.1
    next-hop 1.1.1.2
    host1(config-classifier-group)#exit

    Combining p1, p2, and p3, internally results in the following:

    ip policy-list mpl_10classifier-group C1 precedence 90forward next-hop 1.1.1.1forward next-interface atm 5/0.1forward next-interface fastEthernet 4/0.1 next-hop 1.1.1.2exit

    Policy management enables multiple policy attachments at the same attachment point, which results in a merged policy that is created and attached at the specified attachment point. The logical OR of the statistics and baseline keywords of all attachments are used as the statistics and baseline keyword for the merged policy attachment, as in the following example:

    host1(config)#interface atm 5/0.1 host1(config-subif)#ip policy input p1 statistics enable baseline enable merge host1(config-subif)#ip policy input p2 merge host1(config-subif)#ip policy input p3 statistics enable merge host1(config-subif)#exit

    Results in the following:

    interface atm 5/0.1ip policy input mpl_5 statistics enable baseline enable mergeexit
     

    Related Documentation

     

    Published: 2014-08-14