Policy中的route-filter查找过程

junos_baby

组别中级会员
性别
生日0000-00-00
积分365
帖子92
注册时间 2009-05-24

个人空间
相册

junos_baby 2009-11-23 00:10 | 只看楼主 树型| 收藏| 小中大 1 ^#

Policy中的route-filter查找过程

我在看路由策略时，有一段不明白：
policy-options {
policy-statement bgp-export {
term coming-from-neighborA {
from {
route-filter 192.168.0.0/16 orlonger;
route-filter 192.168.0.0/24 exact;
}
then accept;
}
}
When evaluating the 192.168.0.128 /25 route against this policy, we first perform our
longest-match lookup on the configured route filters. The 192.168.0.0 /16 route filter and our
candidate route share only the first 16 bits in common while the 192.168.0.0 /24 route filter
shares 24 bits in common with our candidate route. Because 24 bits is clearly greater than 16,
the second configured route filter will be the one we use as a match criterion for this term.
Now it’s time to worry about the match type. The 192.168.0.0 /24 route filter specifies the
exact match type and our candidate route of 192.168.0.128 /25 is not an exact match. Therefore,
192.168.0.128 /25 does not match the criterion in the policy term, and it will be evaluated
by the next policy in the policy chain. It is not evaluated against the first route filter in
the policy.
我理解成：当我们去评估192.168.0.128/25这条路由时，我们首先执行在路由过滤配置中最长匹配匹配查询。
由于/24显然要比/16位长，所以第二条配置的路由过滤将被我们用于匹配条件。因此192.168.0.128/25路由并
不符合匹配条件，将用Policy chain中的下一个Policy去评估。
但这不反对Policy中的第一条路由过滤去评估。
我的问题是：这里没有必要用什么最长匹配来找条件呀，前面已经提到Policy中route-filter的匹配是logical OR 算法。
只要一个有任何一个条件匹配就可以了。案例中192.168.0.128 /25 显然符合第一条过滤条件。干嘛要先看第二个呢？
问题可能比较菜，还请大侠不吝赐教》》》》》谢谢！！！

TOP

devil601

乖乖小笨蛋

组别超级版主
性别
积分304
帖子72
注册时间 2009-07-24

个人空间
相册

devil601 2009-11-23 10:57 树型| 收藏| 小中大 2 ^#

你的问题来自于JNCIA-M教材168页的例子。关于你的问题，请把教材往上翻两页到166页末尾，

引用:

Using Multiple Route Filters
In the “from and to” section earlier in this chapter, we saw that the application of multiple
match conditions in a term results in a logical AND operation. When multiple route filters are
used in a single term, this process is changed somewhat. In this situation, the multiple route
filters are evaluated much like a logical OR in that only one of the route filters will actually be
the match criteria used. This one route filter is found by performing a longest-match lookup
on the configured prefix/prefix-length within each route filter. Only after this longest-
match lookup is completed will the match type be considered to see if a candidate route actu-
ally matches the policy term.

解释如下：
在一般情况下，同一term中的多个匹配条件（match conditions ）之间是逻辑与关系，但在同一term中使用多个路由过滤器（ route filters）作为匹配条件的时候，情况有所改变，更像是一种逻辑或关系，但不完全是逻辑或。在这种情况下，多个路由过滤器都会被检查但只有一个会被当作匹配标准使用。

哪一个路由过滤器会被当作匹配标准呢？This one route filter is found by performing a longest-match lookup
on the configured prefix/prefix-length within each route filter，说得很清楚，对term里所列出的所有路由过滤器进行longest-match lookup最长匹配查找，最长匹配的那一条就是用于进行匹配与否判断的，只有最长匹配结束，选择出了最长匹配的过滤器，才通过该过滤器的匹配类型match-type来判断候选路由是否匹配，如果匹配则执行本term的action，如果不符合，则直接进入下一term（如果有）或者下一policy，而不是逐步缩短掩码检查本term的其他过滤器。

尘归尘，土归土……

TOP