[Contents] [Prev] [Next] [Index] [Report an Error] [No Frames]

JUNOSe 9.1.x Policy Management Configuration Guide > Merging Policies > Merging Policies Configuration

Merging Policies Configuration

In the following example IP policy p1 and IP policy p2 are attached at interface atm5/0.1 as input attachments. Subsequently, policy p3 is attached at the same point. Then policies p1 and p2 are attached as output at atm 5/0.2.

  1. Create IP policy p1.
    2. host1(config)#ip classifier-list C1 tcp host 1.1.1.1 any eq 80

    host1(config)#ip classifier-list C2 icmp any any 8 0

    host1(config)#ip policy-list p1

    host1(config-policy)#classifier-group C1 precedence 90

    host1(config-policy-classifier-group)#forward next-hop 10.1.1.1

    host1(config-policy-classifier-group)#exit

    host1(config-policy)#classifier-group C2 precedence 10

    host1(config-policy-classifier-group)#filter

    host1(config-policy-classifier-group)#exit
  2. Create IP policy p2.
    3. host1(config)#ip classifier-list C1 tcp host 1.1.1.1 any eq 80

    host1(config)#ip classifier-list C3 ip any host 2.2.2.2

    host1(config)#ip policy-list p2

    host1(config-policy)#classifier-group C1 precedence 90

    host1(config-policy-classifier-group)#forward next-hop 20.1.1.1

    host1(config-policy-classifier-group)#exit

    host1(config-policy)#classifier-group C3 precedence 10

    host1(config-policy-classifier-group)#filter

    host1(config-policy-classifier-group)#exit

    host1(config-policy)#classifier-group * precedence 1000

    host1(config-policy-classifier-group)#forward

    host1(config-policy-classifier-group)#exit
  3. Attach IP policy p1 as input at interface atm5/0.1.
    4. host1(config)#Interface atm 5/0.1

    host1(config-subif)#ip policy input p1 statistics enable merge

    host1(config-subif)#exit
  4. Attach IP policy p2 as input at interface atm 5/0.1. A merged policy is created.
    5. host1(config)#Interface atm 5/0.1

    host1(config-subif)#ip policy input p2 statistics enable merge

    host1(config-subif)#exit
  5. Display the policy lists.
    6. host1#show policy-list

    

                                      Policy Table

                                      ------ -----

    IP Policy p1

       Administrative state: enable

       Reference count:      1

       Classifier control list: C2, precedence 10

          filter

       Classifier control list: C1, precedence 90

          forward

             Virtual-router: default

             List:

               next-hop 10.1.1.1, order 100, rule 2 (active)

    

       Referenced by interfaces: 

          None

    

       Referenced by profiles: 

          None

    

       Referenced by merge policies:

          mpl_5

    

    IP Policy p2

       Administrative state: enable

       Reference count:      1

       Classifier control list: C3, precedence 10

          filter

       Classifier control list: C1, precedence 90

          forward

             Virtual-router: default

             List:

               next-hop 20.1.1.1, order 100, rule 3 (active)

       Classifier control list: *, precedence 1000

          forward

    

       Referenced by interfaces: 

          None

    

       Referenced by profiles: 

          None

    

       Referenced by merge policies:

          mpl_5

    

    IP Policy mpl_5

       Administrative state: enable

       Reference count:      1

       Classifier control list: C2, precedence 10

          filter

       Classifier control list: C3, precedence 10

          filter

       Classifier control list: C1, precedence 90

          forward

             Virtual-router: default

             List:

               next-hop 10.1.1.1, order 100, rule 2 (active)

               next-hop 20.1.1.1, order 100, rule 3 (reachable)

       Classifier control list: *, precedence 1000

          forward

    

       Referenced by interfaces: 

          ATM5/0.1  input policy, statistics enabled, virtual-router default

    

       Referenced by profiles: 

          None

    

       Component policies:

          p1

          p2
  6. Show configuration.
    7. host1#show conf

    

    ! Configuration script being generated on TUE APR 26 2005 17:33:01 UTC

    ! Juniper Edge Routing Switch ERX-1440

    ! Version: 9.9.9 development-4.0 (April 4, 2005  15:39)

    ! Copyright (c) 1999-2005 Juniper Networks, Inc.  All rights reserved.

    ! 

    ! Commands displayed are limited to those available at privilege level 15

    !

    ...

    interface atm 5/0.1

     ip policy input p1 statistics enabled merge

     ip policy input p2 statistics enabled merge

     exit

    ...

    ...

    ip policy-list p1

     classifier-group C2 precedence 10

      filter

     classifier-group C1 precedence 90

      forward next-hop 10.1.1.1

    !

    ip policy-list p2

     classifier-group C3 precedence 10

      filter

     classifier-group C1 precedence 90

      forward next-hop 20.1.1.1

     classifier-group * precedence 1000

      forward

    !

    ...

    ...

    ! End of generated configuration script.
  7. Display interface statistics.
    8. host1#show ip interface atm 5/0.1

    

    ATM5/0.1 line protocol Atm1483 is up, ip is up

      Network Protocols: IP

      Internet address is 99.99.99.2/255.255.255.0

      Broadcast address is 255.255.255.255

      Operational MTU = 9180  Administrative MTU = 0

      Operational speed = 155520000  Administrative speed = 0

      Discontinuity Time = 721112

      Router advertisement = disabled

      Proxy Arp = disabled

      Network Address Translation is disabled

      TCP MSS Adjustment = disabled

      Administrative debounce-time = disabled 

      Operational debounce-time    = disabled 

      Access routing = disabled 

      Multipath mode = hashed

      Auto Configure = disabled

      Auto Detect = disabled

      Inactivity Timer = disabled

    

      In Received Packets 0, Bytes 0

        Unicast Packets 0, Bytes 0

        Multicast Packets 0, Bytes 0

      In Policed Packets 0, Bytes 0

      In Error Packets 0

      In Invalid Source Address Packets 0

      In Discarded Packets 0

      Out Forwarded Packets 0, Bytes 0

        Unicast Packets 0, Bytes 0

        Multicast Routed Packets 0, Bytes 0

      Out Scheduler Dropped Packets 0, Bytes 0

      Out Policed Packets 0, Bytes 0

      Out Discarded Packets 0

    

      IP policy input mpl_5

        classifier-group C2 entry 1

          0 packets, 0 bytes

          filter

        classifier-group C3 entry 1

          0 packets, 0 bytes

          filter

        classifier-group C1 entry 1

          0 packets, 0 bytes

          forward

        classifier-group * 

          0 packets, 0 bytes

          forward

      queue 0: traffic class best-effort, bound to ip ATM5/0.1

        Queue length 0 bytes 

        Forwarded packets 0, bytes 0

        Dropped committed packets 0, bytes 0

        Dropped conformed packets 0, bytes 0

        Dropped exceeded packets 0, bytes 0
  8. Attach IP policy p1 at atm 5/0.2 as output.
    9. host1(config)#interface atm 5/0.2

    host1(config-subif)#ip policy output p1 statistics enable merge

    host1(config-subif)#exit
  9. Attach IP policy p2 at atm 5/0.2 as output. Merge policy mpl_5 is now attached.
    10. host1(config)#interface atm 5/0.2

    host1(config-subif)#ip policy output p2 merge

    host1(config-subif)#exit
  10. Display policies to verify that mpl_5 is created.
    11. host1#show policy-list

    

                                      Policy Table

                                      ------ -----

    IP Policy p1

       Administrative state: enable

       Reference count:      1

       Classifier control list: C2, precedence 10

          filter

       Classifier control list: C1, precedence 90

          forward

             Virtual-router: default

             List:

               next-hop 10.1.1.1, order 100, rule 2 (active)

    

       Referenced by interfaces: 

          None

    

       Referenced by profiles: 

          None

    

       Referenced by merge policies:

          mpl_5

    

    IP Policy p2

       Administrative state: enable

       Reference count:      1

       Classifier control list: C3, precedence 10

          filter

       Classifier control list: C1, precedence 90

          forward

             Virtual-router: default

             List:

               next-hop 20.1.1.1, order 100, rule 3 (active)

       Classifier control list: *, precedence 1000

          forward

    

       Referenced by interfaces: 

          None

    

       Referenced by profiles: 

          None

    

       Referenced by merge policies:

          mpl_5

    

    IP Policy mpl_5

       Administrative state: enable

       Reference count:      2

       Classifier control list: C2, precedence 10

          filter

       Classifier control list: C3, precedence 10

          filter

       Classifier control list: C1, precedence 90

          forward

             Virtual-router: default

             List:

               next-hop 10.1.1.1, order 100, rule 2 (active)

               next-hop 20.1.1.1, order 100, rule 3 (reachable)

       Classifier control list: *, precedence 1000

          forward

    

       Referenced by interfaces: 

          ATM5/0.1  input policy, statistics enabled, virtual-router default

          ATM5/0.2  output policy, statistics enabled, virtual-router default

    

       Referenced by profiles: 

          None

    

       Component policies:

          p1

          p2
  11. Create and attach IP policy p3 at atm 5/0.1. A new merge policy mpl_7 is created, which is a combination of p1, p2, and p3. The previous merge policy attachment is removed.
    12. host1(config)#ip classifier-list C4 udp host 1.1.1.1 any eq 900

    host1(config)#ip policy-list p3

    host1(config-policy)#classifier-group C4 precedence 900

    host1(config-policy-classifier-group)#color red

    host1(config-policy-classifier-group)#exit

    host1(config-policy)#classifier-group C1 precedence 80

    host1(config-policy-classifier-group)#color yellow

    host1(config-policy-classifier-group)#exit

    host1(config-policy)#exit

    host1(config)#interface atm 5/0.1

    host1(config-subif)#ip policy input p3 statistics enable merge

    host1(config-subif)#exit
  12. Display policies to verify that mpl_5 and mpl_7 have been created.
    13. host1#show policy-list

    

                                      Policy Table

                                      ------ -----

    IP Policy p1

       Administrative state: enable

       Reference count:      2

       Classifier control list: C2, precedence 10

          filter

       Classifier control list: C1, precedence 90

          forward

             Virtual-router: default

             List:

               next-hop 10.1.1.1, order 100, rule 2 (active)

    

       Referenced by interfaces: 

          None

    

       Referenced by profiles: 

          None

    

       Referenced by merge policies:

          mpl_5

          mpl_7

    

    IP Policy p2

       Administrative state: enable

       Reference count:      2

       Classifier control list: C3, precedence 10

          filter

       Classifier control list: C1, precedence 90

          forward

             Virtual-router: default

             List:

               next-hop 20.1.1.1, order 100, rule 3 (active)

       Classifier control list: *, precedence 1000

          forward

    

       Referenced by interfaces: 

          None

    

       Referenced by profiles: 

          None

    

       Referenced by merge policies:

          mpl_5

          mpl_7

    

    IP Policy p3

       Administrative state: enable

       Reference count:      1

       Classifier control list: C1, precedence 80

          color yellow

       Classifier control list: C4, precedence 900

          color red

    

       Referenced by interfaces: 

          None

    

       Referenced by profiles: 

          None

    

       Referenced by merge policies:

          mpl_7

    

    IP Policy mpl_5

       Administrative state: enable

       Reference count:      1

       Classifier control list: C2, precedence 10

          filter

       Classifier control list: C3, precedence 10

          filter

       Classifier control list: C1, precedence 90

          forward

             Virtual-router: default

             List:

               next-hop 10.1.1.1, order 100, rule 2 (active)

               next-hop 20.1.1.1, order 100, rule 3 (reachable)

       Classifier control list: *, precedence 1000

          forward

    

       Referenced by interfaces: 

          ATM5/0.2  output policy, statistics enabled, virtual-router default

    

       Referenced by profiles: 

          None

    

       Component policies:

          p1

          p2

    

    IP Policy mpl_7

       Administrative state: enable

       Reference count:      1

       Classifier control list: C2, precedence 10

          filter

       Classifier control list: C3, precedence 10

          filter

       Classifier control list: C1, precedence 80

          forward

             Virtual-router: default

             List:

               next-hop 10.1.1.1, order 100, rule 2 (active)

               next-hop 20.1.1.1, order 100, rule 3 (reachable)

          color yellow

       Classifier control list: C4, precedence 900

          color red

       Classifier control list: *, precedence 1000

          forward

    

       Referenced by interfaces: 

          ATM5/0.1  input policy, statistics enabled, virtual-router default

    

       Referenced by profiles: 

          None

    

       Component policies:

          p1

          p2

          p3
  13. Detach p2 from atm 5/0.1. A new merge policy mpl_8 is created, which is a combination of p1 and p3. The previous merge policy mpl_7 is detached and, because this policy has no attachments, it is deleted.
    14. host1(config)#interface atm 5/0.1

    host1(config-subif)#no ip policy input p2

    host1(config-subif)#exit
  14. Display policies to verify that the mpl_7 is removed and the new merge policy mpl_8 is created.
    15. host1#show policy-list

    

                                      Policy Table

                                      ------ -----

    IP Policy p1

       Administrative state: enable

       Reference count:      2

       Classifier control list: C2, precedence 10

          filter

       Classifier control list: C1, precedence 90

          forward

             Virtual-router: default

             List:

               next-hop 10.1.1.1, order 100, rule 2 (active)

    

       Referenced by interfaces: 

          None

    

       Referenced by profiles: 

          None

    

       Referenced by merge policies:

          mpl_5

          mpl_8

    

    IP Policy p2

       Administrative state: enable

       Reference count:      1

       Classifier control list: C3, precedence 10

          filter

       Classifier control list: C1, precedence 90

          forward

             Virtual-router: default

             List:

               next-hop 20.1.1.1, order 100, rule 3 (active)

       Classifier control list: *, precedence 1000

          forward

    

       Referenced by interfaces: 

          None

    

       Referenced by profiles: 

          None

    

       Referenced by merge policies:

          mpl_5

    

    IP Policy p3

       Administrative state: enable

       Reference count:      1

       Classifier control list: C1, precedence 80

          color yellow

       Classifier control list: C4, precedence 900

          color red

    

       Referenced by interfaces: 

          None

    

       Referenced by profiles: 

          None

    

       Referenced by merge policies:

          mpl_8

    

    IP Policy mpl_5

       Administrative state: enable

       Reference count:      1

       Classifier control list: C2, precedence 10

          filter

       Classifier control list: C3, precedence 10

          filter

       Classifier control list: C1, precedence 90

          forward

             Virtual-router: default

             List:

               next-hop 10.1.1.1, order 100, rule 2 (active)

               next-hop 20.1.1.1, order 100, rule 3 (reachable)

       Classifier control list: *, precedence 1000

          forward

    

       Referenced by interfaces: 

          ATM5/0.2  output policy, statistics enabled, virtual-router default

    

       Referenced by profiles: 

          None

    

       Component policies:

          p1

          p2

    

    IP Policy mpl_8

       Administrative state: enable

       Reference count:      1

       Classifier control list: C2, precedence 10

          filter

       Classifier control list: C1, precedence 80

          forward

             Virtual-router: default

             List:

               next-hop 10.1.1.1, order 100, rule 2 (active)

               next-hop 20.1.1.1, order 100, rule 3 (reachable)

          color yellow

       Classifier control list: C4, precedence 900

          color red

    

       Referenced by interfaces: 

          ATM5/0.1  input policy, statistics enabled, virtual-router default

    

       Referenced by profiles: 

          None

    

       Component policies:

          p1

          p3
  15. Detach p1 from atm 5/0.1. Merge policy mpl_8 is detached and deleted, and only p3 is attached to this interface.
    16. host1(config)#interface atm 5/0.1

    host1(config-subif)#no ip policy input p1

    host1(config-subif)#exit
  16. Display policies to verify that p3 is attached to atm 5/0.1 and mpl_8 is removed.
    17. host1#show policy-list

    

                                      Policy Table

                                      ------ -----

    IP Policy p1

       Administrative state: enable

       Reference count:      1

       Classifier control list: C2, precedence 10

          filter

       Classifier control list: C1, precedence 90

          forward

             Virtual-router: default

             List:

               next-hop 10.1.1.1, order 100, rule 2 (active)

    

       Referenced by interfaces: 

          None

    

       Referenced by profiles: 

          None

    

       Referenced by merge policies:

          mpl_5

    

    IP Policy p2

       Administrative state: enable

       Reference count:      1

       Classifier control list: C3, precedence 10

          filter

       Classifier control list: C1, precedence 90

          forward

             Virtual-router: default

             List:

               next-hop 20.1.1.1, order 100, rule 3 (active)

       Classifier control list: *, precedence 1000

          forward

    

       Referenced by interfaces: 

          None

    

       Referenced by profiles: 

          None

    

       Referenced by merge policies:

          mpl_5

    

    IP Policy p3

       Administrative state: enable

       Reference count:      1

       Classifier control list: C1, precedence 80

          color yellow

       Classifier control list: C4, precedence 900

          color red

    

       Referenced by interfaces: 

          ATM5/0.1  input policy, statistics disabled, virtual-router default

    

       Referenced by profiles: 

          None

    

       Referenced by merge policies:

          None

    

    IP Policy mpl_5

       Administrative state: enable

       Reference count:      1

       Classifier control list: C2, precedence 10

          filter

       Classifier control list: C3, precedence 10

          filter

       Classifier control list: C1, precedence 90

          forward

             Virtual-router: default

             List:

               next-hop 10.1.1.1, order 100, rule 2 (active)

               next-hop 20.1.1.1, order 100, rule 3 (reachable)

       Classifier control list: *, precedence 1000

          forward

    

       Referenced by interfaces: 

          ATM5/0.2  output policy, statistics enabled, virtual-router default

    

       Referenced by profiles: 

          None

    

       Component policies:

          p1

          p2
  17. Detach p3 from atm 5/0.1.
    18. host1(config)#interface atm 5/0.1

    host1(config-subif)#no ip policy input p3

    host1(config-subif)#exit
  18. Detach p1 from atm 5/0.2. Merge policy mpl_5 is detached and deleted and only p2 is now attached.
    19. host1(config)#interface atm 5/0.2

    host1(config-subif)#no ip policy output p1

    host1(config-subif)#exit
  19. Detach p2 from atm 5/0.2. 
    20. host1(config)#interface atm 5/0.2

    host1(config-subif)#no ip policy output p2

    host1(config-subif)#exit
  20. Display policies to verify that no merge policies exist and that all other policies have a 0 reference count because they are not attached anywhere.
    21. host1#show policy-list

    

                                      Policy Table

                                      ------ -----

    IP Policy p1

       Administrative state: enable

       Reference count:      0

       Classifier control list: C2, precedence 10

          filter

       Classifier control list: C1, precedence 90

          forward

             Virtual-router: default

             List:

               next-hop 10.1.1.1, order 100, rule 2 (active)

    

    IP Policy p2

       Administrative state: enable

       Reference count:      0

       Classifier control list: C3, precedence 10

          filter

       Classifier control list: C1, precedence 90

          forward

             Virtual-router: default

             List:

               next-hop 20.1.1.1, order 100, rule 3 (active)

       Classifier control list: *, precedence 1000

          forward

    

    IP Policy p3

       Administrative state: enable

       Reference count:      0

       Classifier control list: C1, precedence 80

          color yellow

       Classifier control list: C4, precedence 900

          color red

Related Topics

[Contents] [Prev] [Next] [Index] [Report an Error] [No Frames]