ON THIS PAGE
Example: Configuring Route Filter Lists
Junos OS has long supported route filters for use in policy statements. Whenever policies are changed, the route filters have to be processed inline with the policy. Policies that contain large numbers of route filters take time to load.
This example shows how to create a route filter list and use that list in a policy statement. Route filter lists reduce the amount of time needed to reload a given policy.
There is no speed benefit to using route filter lists in place of individual route filter entries when there are only a few route filters to process. The speed benefit is seen mainly in environments where there are hundreds or thousands of route filters listed within the policies.
Requirements
A router configured with a routing protocol such as BGP or OSPF that is actively exchanging route information with its peers.
The router that is configured with route filter lists must be running Junos OS Release 15.2 or later.
Overview
The route-filter-list
statement allows for the creation
of a pre-defined list of route filters for use in routing policies.
You configure the list at the [edit policy-options]
hierarchy
level. The configured route filter list is then referenced as a match
condition in the from
section of a policy statement at
the [edit policy-options policy-statement policy-statement-name term term-name from]
hierarchy level.
In this example, the router that you are configuring is receiving
some routes from its BGP neighbor 192.0.2.1. This is shown in the
output of the show route receive-protocol bgp 192.0.2.1
operational command.
user@router> show route receive-protocol bgp 192.0.2.1
inet.0: 17 destinations, 18 routes (16 active, 0 holddown, 1 hidden)
Prefix Nexthop MED Lclpref AS path
* 198.151.100.0/29 192.0.2.1 103 I
* 198.151.100.8/29 192.0.2.1 103 I
* 203.0.113.0/29 192.0.2.1 103 I
* 203.0.113.8/29 192.0.2.1 103 I
* 203.0.113.16/29 192.0.2.1 103 I
Configuration
CLI Quick Configuration
To quickly configure this example, copy the
following commands, paste them into a text file, remove any line breaks,
change any details necessary to match your network configuration,
and then copy and paste the commands into the CLI at the [edit]
hierarchy level.
set policy-options route-filter-list rf-list-1 203.0.113.0/29 exact set policy-options route-filter-list rf-list-1 203.0.113.8/29 exact set policy-options route-filter-list rf-list-1 203.0.113.16/29 orlonger accept set policy-options policy-statement rf-test-policy term term2 from route-filter 198.51.100.0/29 upto 198.51.100.0/30 set policy-options policy-statement rf-test-policy term term2 from route-filter 198.51.100.8/29 upto 198.51.100.8/30 accept set policy-options policy-statement rf-test-policy term term2 from route-filter-list rf-list-1 set policy-options policy-statement rf-test-policy then reject set protocols bgp group test-group import rf-test-policy
Procedure
Step-by-Step Procedure
The following example requires you to navigate various levels in the configuration hierarchy. For information about navigating the CLI, see Use the CLI Editor in Configuration Mode in the Junos OS CLI User Guide.
The following step-by-step procedure will lead you through the steps needed to:
Configure a route filter list named
rf-list-1
and populate the list for later use in a route policy.Configure a routing policy statement named
rf-test-policy
that uses route filters and the configured route filter list.Configure BGP to use
rf-test-policy
as an import filter.
Configure a route filter list named
rf-list-1
for later use in a route policy.[edit policy-options] user@router# set route-filter-list rf-list-1
Populate the list
rf-list-1
.Note that one of the statements in the list has an action configured. This action will be carried out immediately upon a match with a received destination prefix.
[edit policy-options] user@router# set route-filter-list rf-list-1 203.0.113.0/29 exact user@router# set route-filter-list rf-list-1 203.0.113.8/29 exact user@router# set route-filter-list rf-list-1 203.0.113.16/29 orlonger accept
Configure a routing policy statement named
rf-test-policy
that uses route filters and the configured route filter list.The overall action for this policy is
reject.
There are individual route filters and elements of the route filter list that have a configured action ofaccept
. The actions configured in the individual route filter statements and elements of the route filter list are carried out immediately upon matching a received destination prefix.[edit policy-options] user@router# set policy-statement rf-test-policy term term2 from route-filter 198.51.100.0/29 upto 198.51.100.0/30 user@router# set policy-statement rf-test-policy term term2 from route-filter 198.51.100.8/29 upto 198.51.100.8/30 accept user@router# set policy-statement rf-test-policy term term2 from route-filter-list rf-list-1 user@router# set policy-statement rf-test-policy then reject
Configure BGP to use the configured policy as an import filter to selectively allow some routes and reject other routes from being added to the routing table.
[edit protocols bgp group test-group] user@router# set import rf-test-policy
Verification
- Verifying the Configured Route Filter List
- Verifying the Configured Policy Statement
- Verifying That the Policy Statement Is Applied as an Import Policy in the BGP Protocol
- Verifying That the Route Filter List Is Operating as Expected
Verifying the Configured Route Filter List
Purpose
To confirm that the route filter list is properly configured,
issue the show policy-options route-filter-list route-filter-list-name
command at the [edit]
hierarchy level.
Action
[edit] user@routershow policy-options route-filter-list rf-list-1 203.0.113.0/29 exact; 203.0.113.8/29 exact; 203.0.113.16/29 orlonger accept;
Meaning
The output shows that the stored configuration is correct.
Verifying the Configured Policy Statement
Purpose
To confirm that the policy statement is properly configured,
issue the show policy-options policy-statement policy-statement-name
command at the [edit]
hierarchy level.
Action
[edit] user@router# show policy-options policy-statement rf-test-policy from { route-filter 198.51.100.0/29 upto 198.51.100.0/30; route-filter 198.51.100.8/29 upto 198.51.100.8/30 accept; route-filter-list rf-list-1; } then reject;
Meaning
The output confirms that the stored configuration is correct.
Verifying That the Policy Statement Is Applied as an Import Policy in the BGP Protocol
Purpose
To confirm that the configured policy statement is
applied as an import policy in the BGP Protocol, issue the show
protocols bgp import
command at the [edit]
hierarchy
level.
Action
[edit] user@router# show protocols bgp import import rf-test-policy;
Meaning
The outptut confirms that the stored configuration is correct.
If you have not already done so, you can issue the commit
command at the [edit]
hierarchy level so that the configuration
is made active.
Verifying That the Route Filter List Is Operating as Expected
Purpose
Now that the configuration has been verified and committed,
confirm the operation of the route filter list by issuing the show route receive-protocol bgp 192.0.2.1
operational command.
Action
If you compare this output with the output of the same command issued prior to configuring the route filter list and policy statement, you see that some routes are no longer installed in the routing table.
user@router> show route receive-protocol bgp 192.0.2.1
inet.0: 14 destinations, 15 routes (13 active, 0 holddown, 1 hidden)
Prefix Nexthop MED Lclpref AS path
* 198.151.100.8/29 192.0.2.1 103 I
* 203.0.113.16/29 192.0.2.1 103 I
Meaning
The output shows that three of the five previously
installed BGP routes have been rejected by the policy statement rf-test-policy
. The only routes that remain from the previous
list are the two that had accept
actions listed as part
of the filter definition. The other routes were rejected by the action
of the policy-statement
.