Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Example: Configuring a Policy Subroutine

This example demonstrates the use of a policy subroutine in a routing policy match condition.

Requirements

No special configuration beyond device initialization is required before configuring this example.

Overview

On Device R1, a policy called main is configured.

This main policy calls a subroutine called subroutine.

The router evaluates the logic of main in a defined manner. The match criterion of from policy subroutine allows the routing device to locate the subroutine. All terms of the subroutine are evaluated, in order, following the normal policy processing rules. In this example, all static routes in the routing table match the subroutine with an action of accept. This returns a true result to the original, or calling, policy which informs the device that a positive match has occurred. The actions in the calling policy are executed and the route is accepted. All other routes in the routing table do not match the subroutine and return a false result to the calling policy. The device evaluates the second term of main and rejects the routes.

The actions in the subroutine do not actually accept or reject a specific route. The subroutine actions are only translated into a true or a false result. Actions that modify a route’s attributes, however, are applied to the route regardless of the outcome of the subroutine.

Device R1 in AS 64510 has multiple customer routes, some of which are static routes configured locally, and some of which are received from Device R2 and Device R3 through internal BGP (IBGP). AS 64510 is connected to Device R4 in AS 64511. The policy main is applied as an export policy in Device R1’s BGP peering session with Device R4. This causes Device R1 to send only its own static routes to Device R4. Because of the policy main, Device R1 does not send the routes received from its internal peers, Device R2 and Device R3.

When you are working with policy subroutines, it is important to remember that the default EBGP export policy is to advertise all learned BGP routes to all EBGP peers. This default policy is in effect in the main policy and also in the subroutine. Therefore, as shown in this example, if you do not want the default EBGP export policy to take effect, you must configure a then reject terminating action as the final term in both the main policy and in the policy subroutine. This example demonstrates what happens when the final then reject term is missing either from the main policy or from the policy subroutine.

Topology

Figure 1 shows the sample network.

Figure 1: BGP Topology for Policy SubroutineBGP Topology for Policy Subroutine

CLI Quick Configuration shows the configuration for all of the devices in Figure 1.

The section #configuration318__policy-subroutine-st describes the steps on Device R1.

Configuration

CLI Quick Configuration

To quickly configure this example, copy the following commands, paste them into a text file, remove any line breaks, change any details necessary to match your network configuration, and then copy and paste the commands into the CLI at the [edit] hierarchy level.

Device R1

Device R2

Device R3

Device R4

Procedure

Step-by-Step Procedure

The following example requires that you navigate various levels in the configuration hierarchy. For information about navigating the CLI, see Using the CLI Editor in Configuration Mode in the Junos OS CLI User Guide.

To configure Device R1:

  1. Configure the device interfaces.

  2. Configure the internal BGP (IBGP) connections to Device R2 and Device R3.

  3. Configure the EBGP connection to Device R4.

  4. Configure OSPF connections to Device R2 and Device R3.

  5. Configure the policy main.

  6. Configure the policy subroutine.

  7. Configure the static route to the 172.16.5.0/24 network.

  8. Configure the autonomous system (AS) number and router ID.

Results

From configuration mode, confirm your configuration by entering the show interfaces, show protocols, show policy-options, and show routing-options commands. If the output does not display the intended configuration, repeat the instructions in this example to correct the configuration.

If you are done configuring the device, enter commit from configuration mode.

Verification

Confirm that the configuration is working properly.

Verifying the Routes on Device R1

Purpose

On Device R1, check the static routes in the routing table.

Action

Meaning

Device R1 has four static routes.

Verifying the Route Advertisement to Device R4

Purpose

On Device R1, make sure that the static routes are advertised to Device R4.

Action

Meaning

As expected, Device R1 only advertises its static routes to Device R4.

Experimenting with the Default BGP Export Policy

Purpose

See what can happen when you remove the final then reject term from the policy main or the policy subroutine.

Action

  1. On Device R1, deactivate the final term in the policy main.

  2. On Device R1, check to see which routes are advertised to Device R4.

    Now, all the BGP routes from Device R1 are sent to Device R4. This is because after the processing is returned to policy main, the default BGP export policy takes effect.

  3. On Device R1, reactivate the final term in the policy main, and deactivate the final term in the policy subroutine.

  4. On Device R1, check to see which routes are advertised to Device R4.

    Now, all the BGP routes from Device R1 are sent to Device R4. This is because before the processing is returned to policy main, the default BGP export policy takes effect in the policy subroutine.

Meaning

To prevent the default BGP export policy from taking effect, you must include a final then reject term in the main policy and in all referenced subroutines.