ON THIS PAGE
Default Routing Policies
If an incoming or outgoing route or packet arrives and there is no explicitly configured policy related to the route or to the interface upon which the packet arrives, the action specified by the default policy is taken. A default policy is a rule or a set of rules that determine whether the route is placed in or advertised from the routing table, or whether the packet is accepted into or transmitted from the router interface.
You must be familiar with the default routing policies to know when you need to modify them to suit your needs. Table 1 summarizes the default routing policies for each routing protocol that imports and exports routes. The actions in the default routing policies are taken if you have not explicitly configured a routing policy. This table also shows direct and explicitly configured routes, which for the purposes of this table are considered a pseudoprotocol. Explicitly configured routes include aggregate, generated, and static routes.
On PTX Series Packet Transport Routers, the default BGP routing policy differs from that of other Junos OS routing devices. See Understanding the Default BGP Routing Policy on Packet Transport Routers (PTX Series).
Importing or Exporting Protocol |
Default Import Policy |
Default Export Policy |
---|---|---|
BGP |
Accept all received BGP IPv4 routes learned from configured neighbors and import into the inet.0 routing table. Accept all received BGP IPv6 routes learned from configured neighbors and import into the inet6.0 routing table. |
Readvertise all active BGP routes to all BGP speakers, while following protocol-specific rules that prohibit one IBGP speaker from readvertising routes learned from another IBGP speaker, unless it is functioning as a route reflector. |
DVMRP |
Accept all DVMRP routes and import into the inet.1 routing table. |
Accept and export active DVMRP routes. |
IGMP |
Import: accept all groups (regardless of being attached to an interface). In IGMP, there is no "export" from the routing table into IGMP. |
|
IS-IS |
Accept all IS-IS routes and import into the inet.0 and inet6.0 routing tables. More information is available here: import (Protocols IS-IS) |
Reject everything. (The protocol uses flooding to announce local routes and any learned routes.) |
LDP |
Accept all LDP routes and import into the inet.3 routing table. |
Reject everything. |
MPLS |
Accept all MPLS routes and import into the inet.3 routing table. |
Accept and export active MPLS routes. |
OSPF |
Accept all OSPF routes and import into the inet.0 routing table. (You cannot override or change this default policy.) |
Reject everything. (The protocol uses flooding to announce local routes and any learned routes.) |
PIM dense mode |
Accept all PIM dense mode routes and import into the inet.1 routing table. |
Accept active PIM dense mode routes. |
PIM sparse mode |
Accept all PIM sparse mode routes and import into the inet.1 routing table. |
Accept and export active PIM sparse mode routes. |
Pseudoprotocol:
|
Accept all direct and explicitly configured routes and import into the inet.0 routing table. |
The pseudoprotocol cannot export any routes from the routing table because it is not a routing protocol. Routing protocols can export these or any routes from the routing table. |
RIP |
Accept all RIP routes learned from configured neighbors and import into the inet.0 routing table. |
Reject everything. To export RIP routes, you must configure an export policy for RIP. |
RIPng |
Accept all RIPng routes learned from configured neighbors and import into the inet6.0 routing table. |
Reject everything. To export RIPng routes, you must configure an export policy for RIPng. |
Test policy |
Accept all routes. For additional information about test policy, see Example: Testing a Routing Policy with Complex Regular Expressions. |
OSPF and IS-IS Import Policies
For OSPF, import policies apply to external routes only. An external route is a route that is outside the OSPF autonomous system (AS). For internal routes (routes learned from OSPF), you cannot change the default import policy for OSPF. As link-state protocols, IS-IS and OSPF exchange routes between systems within an autonomous system (AS). All routers and systems within an AS must share the same link-state database, which includes routes to reachable prefixes and the metrics associated with the prefixes. If an import policy is configured and applied to IS-IS or OSPF, some routes might not be learned or advertised or the metrics for learned routes might be altered, which would make a consistent link-state database impossible.
The default export policy for IS-IS and OSPF protocols is to reject everything. These protocols do not actually export their internally learned routes (the directly connected routes on interfaces that are running the protocol). Both IS-IS and OSPF protocols use a procedure called flooding to announce local routes and any routes learned by the protocol. The flooding procedure is internal to the protocol, and is unaffected by the policy framework. Exporting can be used only to announce information from other protocols, and the default is not to do so.
Automatic Export
For Layer 3 VPNs, the automatic export feature can be configured to overcome the limitation of local prefix leaking and automatically export routes between local VPN routing and forwarding (VRF) routing instances.
In Layer 3 VPNs, multiple CE routers can belong to a single VRF routing instance on a
PE router. A PE router can have multiple VRF routing instances. In some cases,
shared services might require routes to be written to multiple VRF routing tables,
both at the local and remote PE router. This requires the PE router to share route
information among each configured VRF routing instance. This exchange of route
information is accomplished with custom vrf-export
and
vrf-import
policies that utilize BGP extended community
attributes to create hub-and-spoke topologies. This exchange of routing information,
such as route prefixes, is known as prefix leaking.
The automatic export feature leaks prefixes between VRF routing instances that are
locally configured on a given PE router. The automatic export feature is enabled by
using the auto-export
statement.
Automatic export is always applied on the local PE router, because it takes care of only local prefix leaking by evaluating the export policy of each VRF and determining which route targets can be leaked locally. The standard VRF import and export policies still affect only the remote PE prefix leaking.
If the vrf-export
policy examined by the automatic
export does not have an explicit then accept
action, the automatic
export essentially ignores the policy and, therefore, does not leak the route
targets specified within it.