Routing

Expand all | Collapse all

Command "set policy-options policy-statement IMPORT_POLICY term EXPLICIT_DENY then reject" in MX960

Jump to Best Answer
  • 1.  Command "set policy-options policy-statement IMPORT_POLICY term EXPLICIT_DENY then reject" in MX960

    Posted 04-19-2017 10:20

    Hi Anyone can explain the below command? The command is always at end of group of commands. The word "EXPLICIT_DENY" could be any word. Without this command, what would happen? Thank you

     

     

    set policy-options policy-statement IMPORT_POLICY term EXPLICIT_DENY then reject

     

     



  • 2.  RE: Command "set policy-options policy-statement IMPORT_POLICY term EXPLICIT_DENY then reject" in MX960

     
    Posted 04-19-2017 18:04

    There is a hierarchy to the policy setup.

     

    IMPORT_POLICY is the name of the entire policy which is made up of one or more terms

     

    EXPLICIT_DENY is the name of the last term in the policy you are looking at.

     

    Both the policy name and the term names are free form text that can be whatever the user wants.  And do not perform any action by themselves.  Only the active methods and match conditions of the policy have affect.



  • 3.  RE: Command "set policy-options policy-statement IMPORT_POLICY term EXPLICIT_DENY then reject" in MX960

    Posted 04-20-2017 00:23

    Hello there,


    @eesunj wrote:

    Without this command, what would happen? Thank you

     

     

    set policy-options policy-statement IMPORT_POLICY term EXPLICIT_DENY then reject

     

     


    It depends on where this policy is applied.

    Without this policy/term, the default protocol policy is the last one and it determines the end result.

    https://www.juniper.net/documentation/en_US/junos/topics/concept/policy-routing-policies-actions-defaults.html

    For instance, if this policy/term is NOT applied to BGP export, then ALL active BGP routes are exported.

    HTH

    Thx
    Alex



  • 4.  RE: Command "set policy-options policy-statement IMPORT_POLICY term EXPLICIT_DENY then reject" in MX960

    Posted 04-21-2017 06:54

    Hi aarseniev, You are answering my question. but I have not understood it completely. Can you give a little bit more explanation? thank you



  • 5.  RE: Command "set policy-options policy-statement IMPORT_POLICY term EXPLICIT_DENY then reject" in MX960
    Best Answer

     
    Posted 04-21-2017 11:44

    Hi, 

     

    This is an explicit default statement having no matching conditions but an action, hence traffic not matched by above terms would be processed this term.  In your case 'reject', hence EXPLICIT_DENY.

     

    An anology is 'if - elseif - else' conditions. The explicit_deny is similar to 'else' condition.

     

    If the explicit default term is not configured, each specific protocols have implicit/default policies with specific action as defined in:

    https://kb.juniper.net/InfoCenter/index?page=content&id=KB16502

     

    Cheers,

    Ashvin

     



  • 6.  RE: Command "set policy-options policy-statement IMPORT_POLICY term EXPLICIT_DENY then reject" in MX960

    Posted 04-28-2017 08:32

    Thank you for your explanation!