Navigation
Table of Contents
Guide That Contains This Content
[+] Expand All
[-] Collapse All
Merging Policies
In the following example IP policy p1 and IP policy p2 are attached at interface atm5/0.1 as input attachments. Subsequently, policy p3 is attached at the same point. Then policies p1 and p2 are attached as output at atm 5/0.2.
- Create IP policy p1.host1(config)#ip classifier-list C1 tcp host 1.1.1.1 any eq 80 host1(config)#ip classifier-list C2 icmp any any 8 0 host1(config)#ip policy-list p1 host1(config-policy)#classifier-group C1 precedence 90 host1(config-policy-classifier-group)#forward next-hop 10.1.1.1 host1(config-policy-classifier-group)#exit host1(config-policy)#classifier-group C2 precedence 10 host1(config-policy-classifier-group)#filter host1(config-policy-classifier-group)#exit
- Create IP policy p2.host1(config)#ip classifier-list C1 tcp host 1.1.1.1 any eq 80 host1(config)#ip classifier-list C3 ip any host 2.2.2.2 host1(config)#ip policy-list p2 host1(config-policy)#classifier-group C1 precedence 90 host1(config-policy-classifier-group)#forward next-hop 20.1.1.1 host1(config-policy-classifier-group)#exit host1(config-policy)#classifier-group C3 precedence 10 host1(config-policy-classifier-group)#filter host1(config-policy-classifier-group)#exit host1(config-policy)#classifier-group * precedence 1000 host1(config-policy-classifier-group)#forward host1(config-policy-classifier-group)#exit
- Attach IP policy p1 as input at interface atm5/0.1.host1(config)#Interface atm 5/0.1 host1(config-subif)#ip policy input p1 statistics enable merge host1(config-subif)#exit
- Attach IP policy p2 as input at interface atm 5/0.1. A
merged policy is created.host1(config)#Interface atm 5/0.1 host1(config-subif)#ip policy input p2 statistics enable merge host1(config-subif)#exit
- Display the policy lists.
host1#show policy-list
Policy Table ------ ----- IP Policy p1 Administrative state: enable Reference count: 1 Classifier control list: C2, precedence 10 filter Classifier control list: C1, precedence 90 forward Virtual-router: default List: next-hop 10.1.1.1, order 100, rule 2 (active)Referenced by interfaces: NoneReferenced by profiles: NoneReferenced by merge policies: mpl_5IP Policy p2 Administrative state: enable Reference count: 1 Classifier control list: C3, precedence 10 filter Classifier control list: C1, precedence 90 forward Virtual-router: default List: next-hop 20.1.1.1, order 100, rule 3 (active) Classifier control list: *, precedence 1000 forwardReferenced by interfaces: NoneReferenced by profiles: NoneReferenced by merge policies: mpl_5IP Policy mpl_5 Administrative state: enable Reference count: 1 Classifier control list: C2, precedence 10 filter Classifier control list: C3, precedence 10 filter Classifier control list: C1, precedence 90 forward Virtual-router: default List: next-hop 10.1.1.1, order 100, rule 2 (active) next-hop 20.1.1.1, order 100, rule 3 (reachable) Classifier control list: *, precedence 1000 forwardReferenced by interfaces: ATM5/0.1 input policy, statistics enabled, virtual-router defaultReferenced by profiles: NoneComponent policies: p1 p2 - Show configuration.
host1#show conf
! Configuration script being generated on TUE APR 26 2005 17:33:01 UTC ! Juniper Edge Routing Switch ERX1440 ! Version: 9.9.9 development-4.0 (April 4, 2005 15:39) ! Copyright (c) 1999-2005 Juniper Networks, Inc. All rights reserved. ! ! Commands displayed are limited to those available at privilege level 15 ! … interface atm 5/0.1 ip policy input p1 statistics enabled merge ip policy input p2 statistics enabled merge exit … … ip policy-list p1 classifier-group C2 precedence 10 filter classifier-group C1 precedence 90 forward next-hop 10.1.1.1 ! ip policy-list p2 classifier-group C3 precedence 10 filter classifier-group C1 precedence 90 forward next-hop 20.1.1.1 classifier-group * precedence 1000 forward ! … … ! End of generated configuration script.
- Display interface statistics.
host1#show ip interface atm 5/0.1
ATM5/0.1 line protocol Atm1483 is up, ip is up Network Protocols: IP Internet address is 99.99.99.2/255.255.255.0 Broadcast address is 255.255.255.255 Operational MTU = 9180 Administrative MTU = 0 Operational speed = 155520000 Administrative speed = 0 Discontinuity Time = 721112 Router advertisement = disabled Proxy Arp = disabled Network Address Translation is disabled TCP MSS Adjustment = disabled Administrative debounce-time = disabled Operational debounce-time = disabled Access routing = disabled Multipath mode = hashed Auto Configure = disabled Auto Detect = disabled Inactivity Timer = disabled
In Received Packets 0, Bytes 0 Unicast Packets 0, Bytes 0 Multicast Packets 0, Bytes 0 In Policed Packets 0, Bytes 0 In Error Packets 0 In Invalid Source Address Packets 0 In Discarded Packets 0 Out Forwarded Packets 0, Bytes 0 Unicast Packets 0, Bytes 0 Multicast Routed Packets 0, Bytes 0 Out Scheduler Dropped Packets 0, Bytes 0 Out Policed Packets 0, Bytes 0 Out Discarded Packets 0IP policy input mpl_5 classifier-group C2 entry 1 0 packets, 0 bytes filter classifier-group C3 entry 1 0 packets, 0 bytes filter classifier-group C1 entry 1 0 packets, 0 bytes forward classifier-group * 0 packets, 0 bytes forward queue 0: traffic class best-effort, bound to ip ATM5/0.1 Queue length 0 bytes Forwarded packets 0, bytes 0 Dropped committed packets 0, bytes 0 Dropped conformed packets 0, bytes 0 Dropped exceeded packets 0, bytes 0 - Attach IP policy p1 at atm 5/0.2 as output.host1(config)#interface atm 5/0.2 host1(config-subif)#ip policy output p1 statistics enable merge host1(config-subif)#exit
- Attach IP policy p2 at atm 5/0.2 as output. Merge policy
mpl_5 is now attached.host1(config)#interface atm 5/0.2 host1(config-subif)#ip policy output p2 merge host1(config-subif)#exit
- Display policies to verify that mpl_5 is created.
host1#show policy-list
Policy Table ------ ----- IP Policy p1 Administrative state: enable Reference count: 1 Classifier control list: C2, precedence 10 filter Classifier control list: C1, precedence 90 forward Virtual-router: default List: next-hop 10.1.1.1, order 100, rule 2 (active)Referenced by interfaces: NoneReferenced by profiles: NoneReferenced by merge policies: mpl_5IP Policy p2 Administrative state: enable Reference count: 1 Classifier control list: C3, precedence 10 filter Classifier control list: C1, precedence 90 forward Virtual-router: default List: next-hop 20.1.1.1, order 100, rule 3 (active) Classifier control list: *, precedence 1000 forwardReferenced by interfaces: NoneReferenced by profiles: NoneReferenced by merge policies: mpl_5IP Policy mpl_5 Administrative state: enable Reference count: 2 Classifier control list: C2, precedence 10 filter Classifier control list: C3, precedence 10 filter Classifier control list: C1, precedence 90 forward Virtual-router: default List: next-hop 10.1.1.1, order 100, rule 2 (active) next-hop 20.1.1.1, order 100, rule 3 (reachable) Classifier control list: *, precedence 1000 forwardReferenced by interfaces: ATM5/0.1 input policy, statistics enabled, virtual-router default ATM5/0.2 output policy, statistics enabled, virtual-router defaultReferenced by profiles: NoneComponent policies: p1 p2 - Create and attach IP policy p3 at atm 5/0.1. A new merge
policy mpl_7 is created, which is a combination of p1, p2, and p3.
The previous merge policy attachment is removed.host1(config)#ip classifier-list C4 udp host 1.1.1.1 any eq 900 host1(config)#ip policy-list p3 host1(config-policy)#classifier-group C4 precedence 900 host1(config-policy-classifier-group)#color red host1(config-policy-classifier-group)#exit host1(config-policy)#classifier-group C1 precedence 80 host1(config-policy-classifier-group)#color yellow host1(config-policy-classifier-group)#exit host1(config-policy)#exit host1(config)#interface atm 5/0.1 host1(config-subif)#ip policy input p3 statistics enable merge host1(config-subif)#exit
- Display policies to verify that mpl_5 and mpl_7 have been
created.
host1#show policy-list
Policy Table ------ ----- IP Policy p1 Administrative state: enable Reference count: 2 Classifier control list: C2, precedence 10 filter Classifier control list: C1, precedence 90 forward Virtual-router: default List: next-hop 10.1.1.1, order 100, rule 2 (active)Referenced by interfaces: NoneReferenced by profiles: NoneReferenced by merge policies: mpl_5 mpl_7IP Policy p2 Administrative state: enable Reference count: 2 Classifier control list: C3, precedence 10 filter Classifier control list: C1, precedence 90 forward Virtual-router: default List: next-hop 20.1.1.1, order 100, rule 3 (active) Classifier control list: *, precedence 1000 forwardReferenced by interfaces: NoneReferenced by profiles: NoneReferenced by merge policies: mpl_5 mpl_7IP Policy p3 Administrative state: enable Reference count: 1 Classifier control list: C1, precedence 80 color yellow Classifier control list: C4, precedence 900 color redReferenced by interfaces: NoneReferenced by profiles: NoneReferenced by merge policies: mpl_7IP Policy mpl_5 Administrative state: enable Reference count: 1 Classifier control list: C2, precedence 10 filter Classifier control list: C3, precedence 10 filter Classifier control list: C1, precedence 90 forward Virtual-router: default List: next-hop 10.1.1.1, order 100, rule 2 (active) next-hop 20.1.1.1, order 100, rule 3 (reachable) Classifier control list: *, precedence 1000 forwardReferenced by interfaces: ATM5/0.2 output policy, statistics enabled, virtual-router defaultReferenced by profiles: NoneComponent policies: p1 p2IP Policy mpl_7 Administrative state: enable Reference count: 1 Classifier control list: C2, precedence 10 filter Classifier control list: C3, precedence 10 filter Classifier control list: C1, precedence 80 forward Virtual-router: default List: next-hop 10.1.1.1, order 100, rule 2 (active) next-hop 20.1.1.1, order 100, rule 3 (reachable) color yellow Classifier control list: C4, precedence 900 color red Classifier control list: *, precedence 1000 forwardReferenced by interfaces: ATM5/0.1 input policy, statistics enabled, virtual-router defaultReferenced by profiles: NoneComponent policies: p1 p2 p3 - Detach p2 from atm 5/0.1. A new merge policy mpl_8 is
created, which is a combination of p1 and p3. The previous merge policy
mpl_7 is detached and, because this policy has no attachments, it
is deleted.host1(config)#interface atm 5/0.1 host1(config-subif)#no ip policy input p2 host1(config-subif)#exit
- Display policies to verify that the mpl_7 is removed and
the new merge policy mpl_8 is created.
host1#show policy-list
Policy Table ------ ----- IP Policy p1 Administrative state: enable Reference count: 2 Classifier control list: C2, precedence 10 filter Classifier control list: C1, precedence 90 forward Virtual-router: default List: next-hop 10.1.1.1, order 100, rule 2 (active)Referenced by interfaces: NoneReferenced by profiles: NoneReferenced by merge policies: mpl_5 mpl_8IP Policy p2 Administrative state: enable Reference count: 1 Classifier control list: C3, precedence 10 filter Classifier control list: C1, precedence 90 forward Virtual-router: default List: next-hop 20.1.1.1, order 100, rule 3 (active) Classifier control list: *, precedence 1000 forwardReferenced by interfaces: NoneReferenced by profiles: NoneReferenced by merge policies: mpl_5IP Policy p3 Administrative state: enable Reference count: 1 Classifier control list: C1, precedence 80 color yellow Classifier control list: C4, precedence 900 color redReferenced by interfaces: NoneReferenced by profiles: NoneReferenced by merge policies: mpl_8IP Policy mpl_5 Administrative state: enable Reference count: 1 Classifier control list: C2, precedence 10 filter Classifier control list: C3, precedence 10 filter Classifier control list: C1, precedence 90 forward Virtual-router: default List: next-hop 10.1.1.1, order 100, rule 2 (active) next-hop 20.1.1.1, order 100, rule 3 (reachable) Classifier control list: *, precedence 1000 forwardReferenced by interfaces: ATM5/0.2 output policy, statistics enabled, virtual-router defaultReferenced by profiles: NoneComponent policies: p1 p2IP Policy mpl_8 Administrative state: enable Reference count: 1 Classifier control list: C2, precedence 10 filter Classifier control list: C1, precedence 80 forward Virtual-router: default List: next-hop 10.1.1.1, order 100, rule 2 (active) next-hop 20.1.1.1, order 100, rule 3 (reachable) color yellow Classifier control list: C4, precedence 900 color redReferenced by interfaces: ATM5/0.1 input policy, statistics enabled, virtual-router defaultReferenced by profiles: NoneComponent policies: p1 p3 - Detach p1 from atm 5/0.1. Merge policy mpl_8 is detached
and deleted, and only p3 is attached to this interface.host1(config)#interface atm 5/0.1 host1(config-subif)#no ip policy input p1 host1(config-subif)#exit
- Display policies to verify that p3 is attached to atm
5/0.1 and mpl_8 is removed.
host1#show policy-list
Policy Table ------ ----- IP Policy p1 Administrative state: enable Reference count: 1 Classifier control list: C2, precedence 10 filter Classifier control list: C1, precedence 90 forward Virtual-router: default List: next-hop 10.1.1.1, order 100, rule 2 (active)Referenced by interfaces: NoneReferenced by profiles: NoneReferenced by merge policies: mpl_5IP Policy p2 Administrative state: enable Reference count: 1 Classifier control list: C3, precedence 10 filter Classifier control list: C1, precedence 90 forward Virtual-router: default List: next-hop 20.1.1.1, order 100, rule 3 (active) Classifier control list: *, precedence 1000 forwardReferenced by interfaces: NoneReferenced by profiles: NoneReferenced by merge policies: mpl_5IP Policy p3 Administrative state: enable Reference count: 1 Classifier control list: C1, precedence 80 color yellow Classifier control list: C4, precedence 900 color redReferenced by interfaces: ATM5/0.1 input policy, statistics disabled, virtual-router defaultReferenced by profiles: NoneReferenced by merge policies: NoneIP Policy mpl_5 Administrative state: enable Reference count: 1 Classifier control list: C2, precedence 10 filter Classifier control list: C3, precedence 10 filter Classifier control list: C1, precedence 90 forward Virtual-router: default List: next-hop 10.1.1.1, order 100, rule 2 (active) next-hop 20.1.1.1, order 100, rule 3 (reachable) Classifier control list: *, precedence 1000 forwardReferenced by interfaces: ATM5/0.2 output policy, statistics enabled, virtual-router defaultReferenced by profiles: NoneComponent policies: p1 p2 - Detach p3 from atm 5/0.1.host1(config)#interface atm 5/0.1 host1(config-subif)#no ip policy input p3 host1(config-subif)#exit
- Detach p1 from atm 5/0.2. Merge policy mpl_5 is detached
and deleted and only p2 is now attached.host1(config)#interface atm 5/0.2 host1(config-subif)#no ip policy output p1 host1(config-subif)#exit
- Detach p2 from atm 5/0.2. host1(config)#interface atm 5/0.2 host1(config-subif)#no ip policy output p2 host1(config-subif)#exit
- Display policies to verify that no merge policies exist
and that all other policies have a 0 reference count because they
are not attached anywhere.
host1#show policy-list
Policy Table ------ ----- IP Policy p1 Administrative state: enable Reference count: 0 Classifier control list: C2, precedence 10 filter Classifier control list: C1, precedence 90 forward Virtual-router: default List: next-hop 10.1.1.1, order 100, rule 2 (active)IP Policy p2 Administrative state: enable Reference count: 0 Classifier control list: C3, precedence 10 filter Classifier control list: C1, precedence 90 forward Virtual-router: default List: next-hop 20.1.1.1, order 100, rule 3 (active) Classifier control list: *, precedence 1000 forwardIP Policy p3 Administrative state: enable Reference count: 0 Classifier control list: C1, precedence 80 color yellow Classifier control list: C4, precedence 900 color red
