[Contents] [Prev] [Next] [Index] [Report an Error]

How a Route List Is Evaluated

During route list evaluation, the policy framework software compares each route’s source address with the destination prefixes in the route list. The evaluation occurs in two steps:

The policy framework software performs a longest-match lookup, which means that the software searches for the prefix in the list with the longest length.
The longest-match lookup considers the prefix and prefix length only and not the match type. The following sample route list illustrates this point:
from { route-filter 192.168.0.0/14 upto /24 reject; route-filter 192.168.0.0/15 exact; } then accept;
The longest match is the second route-filter, 192.168.0.0/15, which is based on prefix and prefix length only.
Once an incoming route matches a prefix (longest first), the following occur:
- The route filter stops evaluating other prefixes, even if the match type fails.
- The software examines the match type and action associated with that prefix.

In Step 1, if route 192.168.1.0/24 were evaluated, it would fail to match. It matches the longest prefix of 192.168.0.0/15, but it does not match exact. The route filter is finished because it matched a prefix, but the result is a failed match because the match type failed.

If a match occurs, the action specified with the prefix is taken. If an action is not specified with the prefix, the action in the then statement is taken. If neither action is specified, the software evaluates the next term or routing policy, if present, or takes the accept or reject action specified by the default policy. For more information about the default routing policies, see Default Routing Policies and Actions.

Note: If you specify multiple prefixes in the route list, only one prefix needs to match for a match to occur. The route list matching is effectively a logical OR operation.

If a match does not occur, the software evaluates the next term or routing policy, if present, or takes the accept or reject action specified by the default policy.

For example, compare the prefix 192.168.254.0/24 against the following route list:



route-filter 192.168.0.0/16 orlonger;
route-filter 192.168.254.0/23 exact;

The prefix 192.168.254.0/23 is determined to be the longest prefix. When the software evaluates 192.168.254.0/24 against the longest prefix, a match occurs (192.168.254.0/24 is a subset of 192.168.254.0/23). Because of the match between 192.168.254.0/24 and the longest prefix, the evaluation continues. However, when the software evaluates the match type, a match does not occur between 192.168.254.0/24 and 192.168.254.0/23 exact. The software concludes that the term does not match and goes on to the next term or routing policy, if present, or takes the accept or reject action specified by the default policy.

The following sections describe the following topics:

[Contents] [Prev] [Next] [Index] [Report an Error]