[Xorp-users] Fwd: from and to blocks of policy terms

Pavlin Radoslavov pavlin at ICSI.Berkeley.EDU
Mon Feb 11 21:35:22 PST 2008 

> > A small piece of information that might be helpful for you: for
> > export policy the "from" block must have the "protocol" set. I.e.,
> > you can't export routes if the protocol is not specified.
> 
> 
> Is the "protocol" attribute required in the "from" clause in every export
> policy, or only in those which are redistributing routes from another
> protocol?

It should be in all export policy. In the special case where you are
using an export policy inside BGP itself, and it should be applied
to the BGP routes that come from a BGP neighbor, then the "protocol"
attribute in the "from" clause should be set to "bgp".

Note that this was a relatively recent change to the XORP code
itself so it might not be in the original policy framework
documentation (or the policy paper itself).

> > For example, "from {} to {neighbor: 192.168.1.2} then {accept}"
> > can't be used as an export policy, but can be used as an import
> > policy. As an import policy, when the routes reach the outbound
> > evaluation, only the routes to neighbor 192.168.1.2 will be
> > accepted (i.e., transmitted).
> 
> 
> I am still a bit confused. Would it be a valid export policy if it had a
> protocol attribute in the from clause, i.e. if it was like this: "from
> {protocol: bgp} to {neighbor: 192.168.1.2} then {accept}"?

Yes. See above.

> If I understand you correctly, you are saying that if "from {} to {neighbor:
> 192.168.1.2} then {accept}" were an IMPORT policy, then it would be
> equivalent to the following EXPORT policy "from {protocol: bgp} to
> {neighbor: 192.168.1.2} then {accept}"?

I believe the answer is yes.
However, I should also say that it has been a while since I looked
into the policy framework details so I could be wrong.

> > Similarly, "from {neighbor: 192.168.1.2} to {} then {accept}" also
> > cannot be used as an export policy. As an import policy it will
> > accept only the routes coming from neighbor 192.168.1.2.
> >
> 
> Again, would it be a valid export policy if it were modified to "from
> {protocol: bgp; neighbor: 192.168.1.2} to {} then {accept}"?

Yes (with the same disclamer as above).

Regards,
Pavlin

More information about the Xorp-users mailing list