Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

TechLibrary
Navigation

Example: Applying Policies to RIP Routes Imported from Neighbors

Understanding RIP Import Policy

The default RIP import policy is to accept all received RIP routes that pass a sanity check. To filter routes being imported by the local routing device from its neighbors, include the import statement, and list the names of one or more policies to be evaluated. If you specify more than one policy, they are evaluated in order (first to last) and the first matching policy is applied to the route. If no match is found, the local routing device does not import any routes.

Example: Applying Policies to RIP Routes Imported from Neighbors

This example shows how to configure an import policy in a RIP network.

Requirements

No special configuration beyond device initialization is required before configuring this example.

Overview

In this example, Device R1 has an import policy that accepts the 10/8 and 192.168/16 RIP routes and rejects all other RIP routes. This means that the 172.16/16 RIP routes are excluded from Device R1’s routing table.

An export policy is also shown because an export policy is required as part of the minimum configuration for RIP.

Figure 1 shows the topology used in this example.

Figure 1: RIP Import Policy Network Topology

RIP Import Policy Network Topology

CLI Quick Configuration shows the configuration for all of the devices in Figure 1. The section Step-by-Step Procedure describes the steps on Device R1.

Configuration

CLI Quick Configuration

To quickly configure this example, copy the following commands, paste them into a text file, remove any line breaks, change any details necessary to match your network configuration, and then copy and paste the commands into the CLI at the [edit] hierarchy level.

Device R1

set interfaces fe-1/2/0 unit 1 family inet address 10.0.0.1/30set interfaces lo0 unit 1 family inet address 172.16.0.1/32set interfaces lo0 unit 1 family inet address 192.168.1.1/32set protocols rip import rip-importset protocols rip group rip-group export advertise-routes-through-ripset protocols rip group rip-group neighbor fe-1/2/0.1set policy-options policy-statement advertise-routes-through-rip term 1 from protocol directset policy-options policy-statement advertise-routes-through-rip term 1 from protocol ripset policy-options policy-statement advertise-routes-through-rip term 1 then acceptset policy-options policy-statement rip-import term 1 from protocol ripset policy-options policy-statement rip-import term 1 from route-filter 10.0.0.0/8 orlongerset policy-options policy-statement rip-import term 1 from route-filter 192.168.0.0/16 orlongerset policy-options policy-statement rip-import term 1 then acceptset policy-options policy-statement rip-import term 2 then reject

Device R2

set interfaces fe-1/2/0 unit 2 family inet address 10.0.0.2/30set interfaces fe-1/2/1 unit 5 family inet address 10.0.0.5/30set interfaces lo0 unit 2 family inet address 192.168.2.2/32set interfaces lo0 unit 2 family inet address 172.16.2.2/32set protocols rip group rip-group export advertise-routes-through-ripset protocols rip group rip-group neighbor fe-1/2/0.2set protocols rip group rip-group neighbor fe-1/2/1.5set policy-options policy-statement advertise-routes-through-rip term 1 from protocol directset policy-options policy-statement advertise-routes-through-rip term 1 from protocol ripset policy-options policy-statement advertise-routes-through-rip term 1 then accept

Device R3

set interfaces fe-1/2/0 unit 6 family inet address 10.0.0.6/30set interfaces lo0 unit 3 family inet address 192.168.3.3/32set interfaces lo0 unit 3 family inet address 172.16.3.3/32set protocols rip group rip-group export advertise-routes-through-ripset protocols rip group rip-group neighbor fe-1/2/0.6set policy-options policy-statement advertise-routes-through-rip term 1 from protocol directset policy-options policy-statement advertise-routes-through-rip term 1 from protocol ripset policy-options policy-statement advertise-routes-through-rip term 1 then accept

Step-by-Step Procedure

The following example requires you to navigate various levels in the configuration hierarchy. For information about navigating the CLI, see Using the CLI Editor in Configuration Mode in the CLI User Guide.

To configure a RIP import policy:

  1. Configure the network interfaces.

    This example shows multiple loopback interface addresses to simulate attached networks.

    [edit interfaces]user@R1# set fe-1/2/0 unit 1 family inet address 10.0.0.1/30
    user@R1# set lo0 unit 1 family inet address 172.16.0.1/32user@R1# set lo0 unit 1 family inet address 192.168.1.1/32
  2. Create the RIP group and add the interface.

    To configure RIP in Junos OS, you must configure a group that contains the interfaces on which RIP is enabled.

    You do not need to enable RIP on the loopback interface.

    [edit protocols rip group rip-group]user@R1# set neighbor fe-1/2/0.1
  3. Create the routing policy to advertise both direct and RIP-learned routes.
    [edit policy-options policy-statement advertise-routes-through-rip term 1]user@R1# set from protocol directuser@R1# set from protocol ripuser@R1# set then accept
  4. Apply the routing policy.

    In Junos OS, you can only apply RIP export policies at the group level.

    [edit protocols rip group rip-group]user@R1# set export advertise-routes-through-rip
  5. Configure the import policy.
    [edit policy-options policy-statement rip-import]user@R1# set term 1 from protocol ripuser@R1# set term 1 from route-filter 10.0.0.0/8 orlongeruser@R1# set term 1 from route-filter 192.168.0.0/16 orlongeruser@R1# set term 1 then acceptuser@R1# set term 2 then reject
  6. Apply the import policy.
    [edit protocols rip]user@R1# set import rip-import

Results

From configuration mode, confirm your configuration by entering the show interfaces, show protocols, and show policy-options commands. If the output does not display the intended configuration, repeat the configuration instructions in this example to correct it.

user@R1# show interfaces
fe-1/2/0 {unit 1 {family inet {address 10.0.0.1/30;}}}
lo0 {unit 1 {family inet {address 172.16.0.1/32;address 192.168.1.1/32;}}}
user@R1# show protocols
rip {import rip-import;group rip-group {export advertise-routes-through-rip;neighbor fe-1/2/0.1;}}
user@R1# show policy-options
policy-statement advertise-routes-through-rip {term 1 {from protocol [ direct rip ];then accept;}}
policy-statement rip-import {term 1 {from {protocol rip;route-filter 10.0.0.0/8 orlonger;route-filter 192.168.0.0/16 orlonger;}then accept;}term 2 {then reject;}}

If you are done configuring the device, enter commit from configuration mode.

Verification

Confirm that the configuration is working properly.

Looking at the Routes That Device R2 Is Advertising to Device R1

Purpose

Verify that Device R2 is sending the expected routes.

Action

From operational mode, enter the show route advertising-protocol rip command.

user@R2> show route advertising-protocol rip 10.0.0.2
inet.0: 11 destinations, 11 routes (11 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

10.0.0.4/30        *[Direct/0] 2d 01:17:44
                    >    via fe-1/2/0.5
172.16.2.2/32      *[Direct/0] 2d 04:09:52
                    >    via lo0.2
172.16.3.3/32      *[RIP/100] 23:40:02, metric 2, tag 0
                    > to 10.0.0.6 via fe-1/2/0.5
192.168.2.2/32     *[Direct/0] 2d 04:09:52
                    >    via lo0.2
192.168.3.3/32     *[RIP/100] 23:40:02, metric 2, tag 0
                    > to 10.0.0.6 via fe-1/2/0.5

Meaning

Device R2 is sending 172.16/16 routes to Device R1.

Looking at the Routes That Device R1 Is Receiving from Device R2

Purpose

Verify that Device R1 is receiving the expected routes.

Action

From operational mode, enter the show route receive-protocol rip command.

user@R1> show route receive-protocol rip 10.0.0.2
inet.0: 8 destinations, 8 routes (8 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

10.0.0.4/30        *[RIP/100] 01:06:03, metric 2, tag 0
                    > to 10.0.0.2 via fe-1/2/0.1
192.168.2.2/32     *[RIP/100] 01:06:03, metric 2, tag 0
                    > to 10.0.0.2 via fe-1/2/0.1
192.168.3.3/32     *[RIP/100] 01:06:03, metric 3, tag 0
                    > to 10.0.0.2 via fe-1/2/0.1

Meaning

The output shows that the 172.16/16 routes are excluded.

Checking the Routing Table

Purpose

Verify that the routing table is populated with the expected routes.

Action

From operational mode, enter the show route protocol rip command.

user@R1> show route protocol rip
inet.0: 8 destinations, 8 routes (8 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

10.0.0.4/30        *[RIP/100] 00:54:34, metric 2, tag 0
                    > to 10.0.0.2 via fe-1/2/0.1
192.168.2.2/32     *[RIP/100] 00:54:34, metric 2, tag 0
                    > to 10.0.0.2 via fe-1/2/0.1
192.168.3.3/32     *[RIP/100] 00:54:34, metric 3, tag 0
                    > to 10.0.0.2 via fe-1/2/0.1
224.0.0.9/32       *[RIP/100] 00:49:00, metric 1
                         MultiRecv

Meaning

The output shows that the routes have been learned from Device R2 and Device R3.

If you delete or deactivate the import policy, the routing table contains the 172.16/16 routes.

Testing the Import Policy

Purpose

By using the test policy command, monitor the number of rejected prefixes.

Action

From operational mode, enter the test policy rip-import 172.16/16 command.

user@R1> test policy rip-import 172.16/16 
Policy rip-import: 0 prefix accepted, 1 prefix rejected

Meaning

The output shows that the policy rejected one prefix.

 

Related Documentation

 

Published: 2013-04-01

Supported Platforms

 

Related Documentation

 

Published: 2013-04-01

Previous Page Next Page