Yes, u r right
but we in JNCIP book making this policies to prevent loops... R6 and R7
running OSPF and RIP and redis RIP - OSPF and vis versa...
so this produce loops..
as OSPF external routes will be redis to RIP router, and the accepted from him
as RIP routes coz RIP pref < OSPF ex pref
so 1st policy is ensuring that R6 not get RIP from R7 and vise versa
and 2nd one is ensuring to R6 and R7 not getting OSPF routes from RIP routetr
but my policy is target to prevent any non-RIP routs to be received
from RIP routers, in same time ensure that RIP routes is ONLY recieved
from RIP router!
am I correct ?
Thanks
Ahmad
________________________________
From: andy <n...@shady.org>
To: Ahmad Alhady <ahmad.alh...@yahoo.com>
Sent: Friday, December 19, 2008 9:57:01 AM
Subject: Re: [j-nsp] JNCIP book, OSPF policy
The first policy matches all routes, your policy only matches RIP routes within
the prefix 192.168.0.0/22 AND a next hop value.
So, there may be routes matched by the first policy that your policy fails to
accept.
Bear in mind that every condition is checked in order like a logical AND.
So, your policy states
from protocol RIP AND has a next hop of 172.16.40.1 AND within the prefix
192.168.0.0/22 or longer. so all 3 conditions have to be correct.
Id assume that not all prefixes within 192.168.0.0/22 have a next hop of
172.16.40.1 and still require to be matched. Or prefixes outwith 192.168.0.0/22
have a next hop value of 172.16.40.1 and require to be matched.
However, ive not read the book, but thats certainly what it looks like.
Cheers
On Thu, Dec 18, 2008 at 10:42:27PM -0800, Ahmad Alhady wrote:
> Hi all,
>
> in JNCIP book there are 2 diffrent rip import policies.
>
> l...@r6# show policy-options policy-statement rip-in
> term 1 {
> from {
> protocol rip;
> next-hop 172.16.40.1;
> }
> then accept;
> }
> term 2 {
> then reject;
> }
>
>
> l...@r7# show policy-options policy-statement rip-in
> term 1 {
> from {
> protocol rip;
> route-filter 192.168.0.0/22 orlonger;
> }
> then accept;
> }
> term 2 {
> then reject;
>
>
>
> 1st one is ensuring to not get RIP from R7
>
> and 2nd one is ensuring to not get OSPF routes from RIP routetr
>
> why we dont do like this
>
>
> l...@r7# show policy-options policy-statement rip-in
> term 1 {
> from {
> protocol rip;
> next-hop 172.16.40.1;
> route-filter 192.168.0.0/22 orlonger;
> }
> then accept;
> }
> term 2 {
> then reject;
>
> so Dont accept except ONLY RIP routes from RIP router....
>
>
> ?!!
>
>
> Ahmad
>
>
>
>
> _______________________________________________
> juniper-nsp mailing list juniper-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>
--
andy a...@shady.org
-----------------------------------------------
Never argue with an idiot. They drag you down
to their level, then beat you with experience.
-----------------------------------------------
_______________________________________________
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
