With the requirement to use only "invert-match" community definitions let say: TEST1 = everything except 100:100 TEST2 = everything except 101:101 we have !TEST1 OR !TEST2 ( these are target routes you want to accept) = !(!!TEST1 && !!TEST2) = !(TEST1 && TEST2)
So define policies: policy-statement TEST1 { term 1 { from community TEST1; then accept; } term 2 { then reject; } } policy-statement TEST2 { term 1 { from community TEST2; then accept; } term 2 { then reject; } } then apply the following policy expression to BGP neighbor: "(!(TEST1 && TEST2))": group test { neighbor a.b.c.d { import ( ! ( TEST1 && TEST2 )); } } Best regards, Krasi On 31 March 2014 14:00, Andrew Khan <good1...@outlook.com> wrote: > Hello Krasi, > Thanks for the reply, appreciated. Sorry I did not mention in my first > email that I'm trying to find a workaround while using invert-match. Any > idea on achieving the same results when using invert-match. > > Kind regards, > > > ------------------------------ > Date: Mon, 31 Mar 2014 13:41:40 +0300 > Subject: Re: [j-nsp] Community matching policy > From: kr...@smartcom.bg > To: good1...@outlook.com > CC: juniper-nsp@puck.nether.net > > > A match 100:100 > B match 101:101 > Your TEST1 term match on !A OR !B <=> !(A AND B), so it effectively > rejects every route that has NO communities 100:100 AND 101:101 (at the > same time) > Your target is to accept A OR B, so you can first match and accept on > these communities (TEST1 OR TEST2 defined without invert-match) and then > reject everything else. > > Best Regards, > Krasi > > > On 31 March 2014 12:10, Andrew Khan <good1...@outlook.com> wrote: > > Hi - > > Let's say I want to reject everything except the following communities: > > Either 100:100 > OR 101:101 > OR both 100:100 101:100 > > Tried to setup something: > > [edit policy-options] > policy-statement TEST { > term TEST1 { > from community [ TEST1 TEST2 ]; ///////Is not it logical OR, and > matching everything except what I want because of invert-match////// > then reject; > } > term TEST2 { > then accept; //// And then this should accept what I wanted ///// > } > } > > [edit policy-options] > community TEST1 { > invert-match; > members 100:100; > } > community TEST2 { > invert-match; > members 101:101; > } > > However it is rejecting everything. Any thoughts what I'm missing here or > perhaps the approach is not correct. > > Thanks in advance. > > > _______________________________________________ > juniper-nsp mailing list juniper-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/juniper-nsp > > > _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp