Thanks to everyone for the comments. In certain cases my comprehension was just plain broken. This has helped clear that up.
> On Feb 27, 2019, at 6:51 AM, Weber, Markus <markus.we...@kpn.de> wrote: > > Jason wrote: >> I’m having a hard time wrapping my head around behaviour with route >> policies that consist of nested subroutines. >> policy-options { >> policy-statement P-TEST1 { >> term SUB1 { >> from policy SUB1; >> then reject; >> } >> } >> policy-statement SUB1 { >> term SUB2 { >> from policy SUB2; >> } >> } >> policy-statement SUB2 { >> term NOMATCH { >> from route-filter 1.1.1.1/32 exact; >> } >> } >> } > > To my knowledge: > > Subroutines match if they accept and don't match if they reject. If you > don't specify an action, the default should be accept and thus results > in a match. > Accepts/rejects in subroutines aren't used for accepting/rejecting the > route, but used as condition for the from. > > As your SUB1 has no explicit action, it will return (default) "accept" > and thus in P-TEST1 "from policy SUB1" will always match. SUB2 adds > nothing here. > > It's best if you explicit add reject and accept in sub routines (unless > you just use the sub routine for route manipulation like adding communities, > changing local-pref, but even then it doesn't harm). > > https://www.juniper.net/documentation/en_US/junos/topics/usage-guidelines/policy-configuring-subroutines-in-routing-policy-match-conditions.html > > Markus > > _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp