[Contents] [Prev] [Next] [Index] [Report an Error]

Example: Evaluating Policy Expressions

The following sample routing policy uses three policy expressions:



[edit]
policy-options {


policy-statement policy-A {


from {
route-filter 10.10.0.0/16 orlonger;
}


then reject;
}


}
policy-options {


policy-statement policy-B {


from {
route-filter 10.20.0.0/16 orlonger;
}


then accept;
}


}
protocols {


bgp {


neighbor 192.168.1.1 {
export (policy-A && policy-B);
}




neighbor 192.168.2.1 {
export (policy-A || policy-B);
}




neighbor 192.168.3.1 {
export (!policy-A);
}


}


}

The policy framework software evaluates the transit BGP route 10.10.1.0/24 against the three policy expressions specified in the sample routing policy as follows:

(policy-A && policy-B)—10.10.1.0/24 is evaluated against policy-A. 10.10.1.0/24 matches the route list specified in policy-A, so the specified action of reject is returned. reject is converted to a value of FALSE, and FALSE is evaluated against the specified logical AND. Because the result of FALSE is certain no matter what the results of the evaluation of policy-B are (in policy expression logic, any result AND a value of FALSE produces the output of FALSE), policy-B is not evaluated and the output of FALSE is produced. The FALSE output is converted to reject, and 10.10.1.0/24 is rejected.
(policy-A || policy-B)—10.10.1.0/24 is evaluated against policy-A. 10.10.1.0/24 matches the route list specified in policy-A, so the specified action of reject is returned. reject is converted to a value of FALSE, then FALSE is evaluated against the specified logical OR. Because logical OR requires at least one value of TRUE to produce an output of TRUE, 10.10.1.0/24 is evaluated against policy-B. 10.10.1.0/24 does not match policy-B, so the default action of next-policy is returned. The next-policy is converted to a value of TRUE, then the value of FALSE (for policy-A evaluation) and TRUE (for policy-B evaluation) are evaluated against the specified logical OR. In policy expression logic, FALSE OR TRUE produce an output of TRUE. The output of TRUE is converted to next-policy. (TRUE is converted to next-policy because next-policy was the last action retained by the policy framework software.) policy-B is the last routing policy in the policy expression, so the action specified by the default export policy for BGP, accept, is taken.
(!policy-A)—10.10.1.0/24 is evaluated against policy-A. 10.10.1.0/24 matches the route list specified in policy-A, so the specified action of reject is returned. reject is converted to a value of FALSE, and FALSE is evaluated against the specified logical NOT. The value of FALSE is reversed to an output of TRUE based on the rules of logical NOT. The output of TRUE is converted to accept, and route 10.10.1.0/24 is accepted.

[Contents] [Prev] [Next] [Index] [Report an Error]