[Contents] [Prev] [Next] [Index] [Report an Error] [No Frames]

JUNOSe 9.1.x Policy Management Configuration Guide > Merging Policies > Resolving Policy Merge Conflicts

Resolving Policy Merge Conflicts

The set of component policies are first ordered by their name to form the final merged policy. For example, if the component policies sets contain cp_1, cp_3, cp_9, cp_2, the order in which these policies are merged is cp_1, cp_2, cp_3, and cp_9. The merge order is important for resolving merge conflicts.

Various conflicting combinations of component policies can result in a merged policy that is not a perfect union of the component policies. These conflicts are resolved as they currently are in policy CLI context, where, in any conflict, the most recently executed command takes precedence.

More than one component policy can contain the same classifier group. If the precedence does not match, the precedence of the classifier group defined in the last component policy becomes the final precedence for this classifier group in the merged policy, as in the following example:

host1(config)#ip policy-list p1

host1(config-policy)#classifier-group C1 precedence 90

host1(config-classifier-group)#forward

host1(config-classifier-group)#exit

host1(config)#ip policy-list p2

host1(config-policy)#classifier-group C1 precedence 100

host1(config-classifier-group)#forward

host1(config-classifier-group)#exit

host1(config)#ip policy-list p3

host1(config-policy)#classifier-group C1 precedence 130

host1(config-classifier-group)#forward

host1(config-classifier-group)#exit

If you combine p1, p2, and p3, you get the following with p1, p2, p3 as the merge order for the set of component policies.

ip policy-list mpl_10

classifier-group C1 precedence 130

forward

exit

For IP, the forward, filter, next-hop, and next-interface rules are mutually exclusive within a classifier group. For all other types, filter and forward rules are mutually exclusive.

A conflict arises when more than one component policy has the same classifier group and when the rule sets defined in these classifier groups conflict. To resolve the merge conflict, the last command entered replaces any previous conflicting commands for a classifier group, as in the following example:

host1(config)#ip policy-list p1

host1(config-policy)#classifier-group C1 precedence 90

host1(config-classifier-group)#forward

host1(config-classifier-group)#exit

host1(config)#ip policy-list p2

host1(config-policy)#classifier-group C1 precedence 90

host1(config-classifier-group)#next-hop 1.1.1.1

host1(config-classifier-group)#exit

host1(config)#ip policy-list p3

host1(config-policy)#classifier-group C1 precedence 90

host1(config-classifier-group)#filter

host1(config-classifier-group)#exit

Combining p1 and p2 internally results in:

ip policy-list mpl_20

classifier-group C1 precedence 90

next-hop 1.1.1.1

exit

Combining p2 and p3 internally results in:

ip policy-list mpl_21

classifier-group C1 precedence 90

filter

exit

Combining p1, p2, and p3 internally results in:

ip policy-list mpl_22

classifier-group C1 precedence 90

filter

exit

If you have the same policy rule with different parameters, the parameter of the last rule entered with the same type is used, with the exception of IP forward rule, to resolve the conflict, as in the following example:

host1(config)#ip policy-list p1

host1(config-policy)#classifier-group C1 precedence 90

host1(config-classifier-group)#color red

host1(config-classifier-group)#exit

host1(config)#ip policy-list p2

host1(config-policy)#classifier-group C1 precedence 90

host1(config-classifier-group)#color yellow

host1(config-classifier-group)#exit

Combining p1 and p2 internally results in:

ip policy-list mpl_20

classifier-group C1 precedence 90

color yellow

exit

With the IP policy forward rule, when more forward rules are added to an existing classifier group, the list of forward rules is created. This is also true during merging, as in the following example:

host1(config)#ip policy-list p1

host1(config-policy)#classifier-group C1 precedence 90

host1(config-classifier-group)#forward next-hop 1.1.1.1

host1(config-classifier-group)#exit

host1(config)#ip policy-list p2

host1(config-policy)#classifier-group C1 precedence 90

host1(config-classifier-group)#forward next-interface atm 5/0.1

host1(config-classifier-group)#exit

host1(config)#ip policy-list p2

host1(config-policy)#classifier-group C1 precedence 90

host1(config-classifier-group)#forward next-interface fastEthernet 4/0.1 

next-hop 1.1.1.2

host1(config-classifier-group)#exit

Combining p1, p2, and p3, internally results in the following:

ip policy-list mpl_10

classifier-group C1 precedence 90

forward next-hop 1.1.1.1

forward next-interface atm 5/0.1

forward next-interface fastEthernet 4/0.1 next-hop 1.1.1.2

exit

Policy management enables multiple policy attachments at the same attachment point, which results in a merged policy that is created and attached at the specified attachment point. The logical OR of the statistics and baseline keywords of all attachments are used as the statistics and baseline keyword for the merged policy attachment, as in the following example:

host1(config)#interface atm 5/0.1

host1(config-subif)#ip policy input p1 statistics enable baseline enable merge

host1(config-subif)#ip policy input p2 merge

host1(config-subif)#ip policy input p3 statistics enable merge

host1(config-subif)#exit

Results in the following:

interface atm 5/0.1

ip policy input mpl_5 statistics enable baseline enable merge

exit
[Contents] [Prev] [Next] [Index] [Report an Error] [No Frames]