Example: Rejecting Known Invalid Routes

This example shows how to create route-based match conditions for a routing policy.

Requirements

Before you begin, configure router interfaces and configure routing protocols, as explained in Routing Policies Configuration Overview.

Overview

In this example, you create a policy called rejectpolicy1 that rejects routes with a mask of /8 and greater (/8, /9, /10, and so on) that have the first 8 bits set to 0. This policy also accepts routes less than 8 bits in length by creating a mask of 0/0 up to /7.

Configuration

CLI Quick Configuration

To quickly create a policy that rejects known invalid routes copy the following commands and paste them into the CLI.

[edit]set policy-options policy-statement rejectpolicy1 term rejectterm1 from route-filter 0.0.0.0/0 upto /7 accept set policy-options policy-statement rejectpolicy1 term rejectterm1 from route-filter 0.0.0.0/8 orlonger reject set policy-options policy-statement test term 1 from protocol direct

Step-by-Step Procedure

To create a policy that rejects known invalid routes:

  1. Create the routing policy.

    [edit]user@host# edit policy-options policy-statement rejectpolicy1

  2. Create the policy term.

    [edit policy-options policy-statement rejectpolicy1]user@host# edit term rejectterm1

  3. Create a mask that specifies which routes to accept.

    [edit policy-options policy-statement rejectpolicy1 term rejectterm1]user@host# set from route-filter 0/0 upto /7 accept

  4. Create a mask that specifies which routes to reject.

    [edit policy-options policy-statement rejectpolicy1 term rejectterm1] user@host# set from route-filter 0/8 orlonger reject

Results

Confirm your configuration by entering the show policy-options command from configuration mode. If the output does not display the intended configuration, repeat the configuration instructions in this example to correct it.

user@host# show policy-optionspolicy-statement rejectpolicy1 {term rejectterm1 {from {route-filter 0.0.0.0/0 upto /7 accept;route-filter 0.0.0.0/8 orlonger reject;}}}

If you are done configuring the device, enter commit from configuration mode.

Verification

To confirm that the configuration is working properly, perform these tasks:

Verifying the Route-Based Match Conditions

Purpose

Verify that the policy and term are configured on the device with the appropriate route-based match conditions.

Action

From operational mode, enter the show policy-options command.

Related Topics

Copyright© 1999-2010 Juniper Networks, Inc. All rights reserved.