 | Copyright © 2008, Juniper Networks, Inc. All rights reserved. Trademark Notice. | |
The set of component policies are first ordered by their name to form the final merged policy. For example, if the component policies sets contain cp_1, cp_3, cp_9, cp_2, the order in which these policies are merged is cp_1, cp_2, cp_3, and cp_9. The merge order is important for resolving merge conflicts.
Various conflicting combinations of component policies can result in a merged policy that is not a perfect union of the component policies. These conflicts are resolved as they currently are in policy CLI context, where, in any conflict, the most recently executed command takes precedence.
More than one component policy can contain the same classifier group. If the precedence does not match, the precedence of the classifier group defined in the last component policy becomes the final precedence for this classifier group in the merged policy, as in the following example:
- host1(config)#ip policy-list p1
- host1(config-policy)#classifier-group C1 precedence
90
- host1(config-classifier-group)#forward
- host1(config-classifier-group)#exit
- host1(config)#ip policy-list p2
- host1(config-policy)#classifier-group C1 precedence
100
- host1(config-classifier-group)#forward
- host1(config-classifier-group)#exit
- host1(config)#ip policy-list p3
- host1(config-policy)#classifier-group C1 precedence
130
- host1(config-classifier-group)#forward
- host1(config-classifier-group)#exit
If you combine p1, p2, and p3, you get the following with p1, p2, p3 as the merge order for the set of component policies.
- ip policy-list mpl_10
- classifier-group C1 precedence 130
- forward
- exit
For IP, the forward, filter, next-hop, and next-interface rules are mutually exclusive within a classifier group. For all other types, filter and forward rules are mutually exclusive.
A conflict arises when more than one component policy has the same classifier group and when the rule sets defined in these classifier groups conflict. To resolve the merge conflict, the last command entered replaces any previous conflicting commands for a classifier group, as in the following example:
- host1(config)#ip policy-list p1
- host1(config-policy)#classifier-group C1 precedence
90
- host1(config-classifier-group)#forward
- host1(config-classifier-group)#exit
- host1(config)#ip policy-list p2
- host1(config-policy)#classifier-group C1 precedence
90
- host1(config-classifier-group)#next-hop 1.1.1.1
- host1(config-classifier-group)#exit
- host1(config)#ip policy-list p3
- host1(config-policy)#classifier-group C1 precedence
90
- host1(config-classifier-group)#filter
- host1(config-classifier-group)#exit
Combining p1 and p2 internally results in:
- ip policy-list mpl_20
- classifier-group C1 precedence 90
- next-hop 1.1.1.1
- exit
Combining p2 and p3 internally results in:
- ip policy-list mpl_21
- classifier-group C1 precedence 90
- filter
- exit
Combining p1, p2, and p3 internally results in:
ip policy-list mpl_22
- classifier-group C1 precedence 90
- filter
- exit
If you have the same policy rule with different parameters, the parameter of the last rule entered with the same type is used, with the exception of IP forward rule, to resolve the conflict, as in the following example:
- host1(config)#ip policy-list p1
- host1(config-policy)#classifier-group C1 precedence
90
- host1(config-classifier-group)#color red
- host1(config-classifier-group)#exit
- host1(config)#ip policy-list p2
- host1(config-policy)#classifier-group C1 precedence
90
- host1(config-classifier-group)#color yellow
- host1(config-classifier-group)#exit
Combining p1 and p2 internally results in:
- ip policy-list mpl_20
- classifier-group C1 precedence 90
- color yellow
- exit
With the IP policy forward rule, when more forward rules are added to an existing classifier group, the list of forward rules is created. This is also true during merging, as in the following example:
- host1(config)#ip policy-list p1
- host1(config-policy)#classifier-group C1 precedence
90
- host1(config-classifier-group)#forward next-hop
1.1.1.1
- host1(config-classifier-group)#exit
- host1(config)#ip policy-list p2
- host1(config-policy)#classifier-group C1 precedence
90
- host1(config-classifier-group)#forward next-interface
atm 5/0.1
- host1(config-classifier-group)#exit
- host1(config)#ip policy-list p2
- host1(config-policy)#classifier-group C1 precedence
90
- host1(config-classifier-group)#forward next-interface
fastEthernet 4/0.1
next-hop
1.1.1.2
- host1(config-classifier-group)#exit
Combining p1, p2, and p3, internally results in the following:
- ip policy-list mpl_10
- classifier-group C1 precedence 90
- forward next-hop 1.1.1.1
- forward next-interface atm 5/0.1
- forward next-interface fastEthernet 4/0.1 next-hop 1.1.1.2
- exit
Policy management enables multiple policy attachments at the same attachment point, which results in a merged policy that is created and attached at the specified attachment point. The logical OR of the statistics and baseline keywords of all attachments are used as the statistics and baseline keyword for the merged policy attachment, as in the following example:
- host1(config)#interface atm 5/0.1
- host1(config-subif)#ip policy input p1 statistics
enable baseline enable merge
- host1(config-subif)#ip policy input p2 merge
- host1(config-subif)#ip policy input p3 statistics
enable merge
- host1(config-subif)#exit
Results in the following:
- interface atm 5/0.1
- ip policy input mpl_5 statistics enable baseline enable
merge
- exit
| Copyright © 2008, Juniper Networks, Inc. All rights reserved. Trademark Notice. | |