Junos OS

 View Only
last person joined: 2 days ago 

Ask questions and share experiences about Junos OS.

  • 1.  Question about Configuration Groups

    Posted 02-16-2024 09:51

    Hello Experts, 

    I am new to configuration groups and I am testing it in my lab. I have an existing group named "CUSTOMER" with bgp group and import policy.  I have created another group named " MAINTENANCE"  with a bgp group and import policy. I assumed the new group import policy would overwrite the existing group import policy. Can you please tell me if I am doing anything wrong here or if it is not possible to overwrite the existing group statement with a new group statement? I appreciate your advice. 

    set groups CUSTOMER routing-instances TEST protocols bgp group CUSTOMER-EBGP import IMPORT-BGP-ROUTES

     

    set groups MAINTENANCE policy-options policy-statement REJECT-ROUTES then reject

    set groups MAINTENANCE routing-instances TEST protocols bgp group CUSTOMER-EBGP import REJECT-ROUTES

    set apply-groups MAINTENANCE



    ------------------------------
    Ahsan Khan
    ------------------------------



  • 2.  RE: Question about Configuration Groups

    Posted 02-18-2024 19:11
    Edited by GAVIN WHITE 02-18-2024 19:13

    Hi Ahsan,

    There is an extensive inheritance policy for apply groups and the configuration the is applied will ultimately depend on the location and order of those apply-groups that you have configured. For Example, Let say for BGP, an apply-groups configured at the BGP Peer level will override an apply-groups at the protocol bgp level and this will override apply-groups at the root level. Additionally, in the example "apply-groups [BGP1 BGP2]", BGP1 is applied first then BGP2 is applied over the top, therefore overriding any similar settings and merging the rest. If you do not want the Merge operation, you will need to remove your "CUSTOMER" apply-groups using the delete command before applying the new group.

    You can verify the configuration that is applied through groups, using the `show configuration | display inheritance` command

     If I didn't make sense, you can review this article...

    https://www.juniper.net/documentation/us/en/software/junos/cli/topics/topic-map/configuration-groups-usage.html#id-applying-a-junos-os-configuration-group

    Let me know if you have any more questions.



    ------------------------------
    GAVIN WHITE
    ------------------------------

    Original Message


  • 3.  RE: Question about Configuration Groups

    Posted 02-19-2024 05:07

    Hi, 

    The idea of a group is not to contrast them each other, but doing configuration compact and apply general statements using wildcards. 
    If try, you will see that you can't use wildcards right in configuration, but you can use them in groups, avoiding repetition of the statements every time. 

    For example, you create this kind of a group:

    PE-1> show configuration groups ce-ebgp-attr                            
    routing-instances {
        <*> {
            protocols {
                bgp {
                    group <ce-*> {
                        type external;
                        metric-out 200;
                        log-updown;
                        family inet {
                            unicast {
                                prefix-limit {
                                    maximum 100;
                                    teardown {
                                        idle-timeout 10;
                                    }
                                }
                            }
                        }
                    }
                }
            }
        }
    }

    PE-1> show configuration routing-instances vpn-b                        
    apply-groups ce-ebgp-attr;
    instance-type vrf;
    protocols {
        bgp {
            group ce-ebgp {
                type external;
                peer-as 65532;
                as-override;
                neighbor 10.2.0.1;
            }
        }
    }
    interface ge-0/0/3.0;
    route-distinguisher 172.17.20.1:2;
    vrf-target target:65512:2;
    vrf-table-label;

    PE-1> show configuration  routing-instances vpn-b | display inheritance no-comments    
    instance-type vrf;
    protocols {
        bgp {
            group ce-ebgp {
                type external;
                metric-out 200;
                log-updown;
                family inet {
                    unicast {
                        prefix-limit {
                            maximum 100;
                            teardown {
                                idle-timeout 10;
                            }
                        }
                    }
                }
                peer-as 65532;
                as-override;
                neighbor 10.2.0.1;
            }
        }
    }
    interface ge-0/0/3.0;                   
    route-distinguisher 172.17.20.1:2;
    vrf-target target:65512:2;
    vrf-table-label;

    WBW,

    Dmitry 



    ------------------------------
    Dmitry Maksimov
    ------------------------------

    Original Message