Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

policy-statement

Syntax (with terms)

Syntax (without terms)

The policy statement configuration can be used without terms. An example configuration is as below.

Hierarchy Level

Description

Define a routing policy, including subroutine policies.

A term is a named structure in which match conditions and actions are defined. Routing policies are made up of one or more terms. Each routing policy term is identified by a term name. The name can contain letters, numbers, and hyphens (-) and can be up to 255 characters long. To include spaces in the name, enclose the entire name in double quotation marks.

Each term contains a set of match conditions and a set of actions:

  • Match conditions are criteria that a route must match before the actions can be applied. If a route matches all criteria, one or more actions are applied to the route.

  • Actions specify whether to accept or reject the route, control how a series of policies are evaluated, and manipulate the characteristics associated with a route.

Generally, a router compares a route against the match conditions of each term in a routing policy, starting with the first and moving through the terms in the order in which they are defined, until a match is made and an explicitly configured or default action of accept or reject is taken. If none of the terms in the policy match the route, the router compares the route against the next policy, and so on, until either an action is taken or the default policy is evaluated.

If none of the match conditions of each term evaluates to true, the final action is executed. The final action is defined in an unnamed term. Additionally, you can define a default action (either accept or reject) that overrides any action intrinsic to the protocol.

The order of match conditions in a term is not relevant, because a route must match all match conditions in a term for an action to be taken.

To list the routing policies under the [edit policy-options] hierarchy level by policy-statement policy-name in alphabetical order, enter the show policy-options configuration command.

The statements are explained separately.

Options

actions—(Optional) One or more actions to take if the conditions match. The actions are described in Configuring Flow Control Actions.

family family-name—(Optional) Specify an address family protocol. Specify inet for IPv4. Specify inet6 for 128-bit IPv6, and to enable interpretation of IPv6 router filter addresses. For IS-IS traffic, specify iso. For IPv4 multicast VPN traffic, specify inet-mvpn. For IPv6 multicast VPN traffic, specify inet6-mvpn. For multicast-distribution-tree (MDT) IPv4 traffic, specify inet-mdt. For BGP route target VPN traffic, specify route-target. For traffic engineering, specify traffic-engineering.

Note:

When family is not specified, the routing device or routing instance uses the address family or families carried by BGP. If multiprotocol BGP (MP-BGP) is enabled, the policy defaults to the protocol family or families carried in the network layer reachability information (NLRI) as configured in the family statement for BGP. If MP-BGP is not enabled, the policy uses the default BGP address family unicast IPv4.

from—(Optional) Match a route based on its source address.

as-path-origins (as-list | as-list-group)—Compares the AS that originated the route. Evaluates if the right most AS number on the AS path belongs to the as-list or as-list-group specified in the as-path-origins configuration statement. In the case where the route has been aggregated, and the location of the originating AS contains an AS-set, the as-path-origins operator evaluates to true if any AS contained in the AS-set belongs to the as-list or as-list-group specified in the as-path-origins configuration statement.

as-path-neighbors (as-list | as-list-group)—Compares the neighbor AS in the AS path. Evaluates if the first AS number on the AS path matches the as-list or as-list-group specified in the as-path-neighbors configuration statement. If the neighboring AS location happens to be an AS-set, the as-path-neighbors operator evaluates to true if any AS contained in the AS-set belongs to the as-list or as-list-group specified in the as-path-neighbors configuration statement.

as-path-transits (as-list | as-list-group)—Compares any AS in the AS-Path. Evaluates when any AS belongs to the as-list or as-list-group specified in the as-path-transit configuration statement. In the case of AS-set, the as-path-transit operator compares all the ASes in the AS-set.

as-path-calc-length count (equal | orhigher | orlower)—(Optional) Specify a number from 0 through 1024 to filter routes based on the number of calculated autonomous systems (ASs) in the AS path.

Note:
  • ASs in a sequence count as 1.

  • AS sets count as 1.

  • BGP confederation segments count as 0.

as-path-unique-count count (equal | orhigher | orlower)—(Optional) Specify a number from 0 through 1024 to filter routes based on the total number of unique non-BGP confederation autonomous systems (ASs) in the AS path.

Note:

Duplicate AS numbers are ignored for the count.

advertise-locator—(Optional) Enable IS-IS to summarize and advertise locator prefixes.

Range: 0-255

aggregate-bandwidth [transitive | non-transitive]—(Optional) Enable BGP to advertise aggregate outbound link bandwidth for load balancing. By default, the aggregate link-bandwidth community is transitive. You can choose to use the BGP link-bandwidth community as a non-transitive attribute.

aggregate-bandwidth divide-equal—(Optional) Enable equal division of total link-bandwidth by number of peers in the advertising group. If you modify the BGP group, the updated aggregate bandwidth is sent to all peers.

dynamic-tunnel-attributes dynamic-tunnel-attributes—(Optional) Choose a set of defined dynamic tunnel attributes for forwarding traffic over V4oV6 tunnels.

match-conditions—(Optional in from statement; required in to statement) One or more conditions to use to make a match. The qualifiers are described in Routing Policy Match Conditions.

multipath-resolve multipath-resolve–(Optional) Enable the use of all paths for resolution over the specified prefix.

limit-bandwidth limit-bandwidth—(Optional) Specify the limit for advertised aggregate outbound link bandwidth for load balancing.

  • Range: 0 through 4,294,967,295 bytes

no-entropy-label-capability—(Optional) Disable the entropy label capability advertisement at egress or transit routes specified in the policy.

neighbor—(Optional) Specify a neighbor for route filtering.

priority (high | medium | low)—(Optional) Configure the priority for an IS-IS route to change the default order in which the routes are installed in the routing table, in the event of a network topology change.

policy subroutine-policy-name—Use another policy as a match condition within this policy. The name identifying the subroutine policy can contain letters, numbers, and hyphens (-) and can be up to 255 characters long. To include spaces in the name, enclose it in quotation marks (“ ”). Policy names cannot take the form __.*-internal__, as this form is reserved. For information about how to configure subroutines, see Understanding Policy Subroutines in Routing Policy Match Conditions.

policy-name—Name that identifies the policy. The name can contain letters, numbers, and hyphens (-) and can be up to 255 characters long. To include spaces in the name, enclose it in quotation marks (“ ”).

prefix-list prefix-list-name—Name of a list of IPv4 or IPv6 prefixes.

prefix-list-filter prefix-list-name—Name of a prefix list to evaluate using qualifiers; match-type is the type of match, and actions is the action to take if the prefixes match.

programmed—(Optional) Allow policy matches for routes injected by JET APIs.

protocol protocol-name—Name of the protocol used to control traffic engineering database import at the originating point. For example,

protocol srv6 matches SRv6 routes. Note that SRv6 routes are added to the routing infrastructure by BGP. To view all SRv6 routes, run show route protocol srv6.

Starting in Junos OS Release 19.1R1, you can specify options to match label IS-IS and label OSPF routes using the l-isis and l-ospf options, respectively. The isis options matches all IS-IS routes, excluding labelled IS-IS routes. The ospf option matches all OSPF routes, including OSPFv2, OSPFv3 and labelled OSPF routes.

resolution-map—(Optional) Set resolution map modes. A given resolution-map can be shared across multiple policy-statements.

route-filter destination-prefix match-type <actions>—(Optional) List of routes on which to perform an immediate match; destination-prefix is the IPv4 or IPv6 route prefix to match, match-type is the type of match (see Configuring Route Lists), and actions is the action to take if the destination-prefix matches.

When invert-match match-type is configured, it will return true if the route doesn't pass any prefixes defined in the route-filter-list. When you add the invert-match match-type, you only need to provide a list of prefixes it should not match instead of a list of prefixes it should.

source-address-filter source-prefix match-type <actions>—(Optional) Unicast source addresses in multiprotocol BGP (MBGP) and Multicast Source Discovery Protocol (MSDP) environments on which to perform an immediate match. source-prefix is the IPv4 or IPv6 route prefix to match, match-type is the type of match (see Configuring Route Lists), and actions is the action to take if the source-prefix matches.

tag value—(Optional) A numeric value that identifies a route. You can tag certain routes to prioritize them over other routes. In the event of a network topology change, Junos OS updates these routes in the routing table before updating other routes with lower priority. You can also tag some routes to identify and reject them based on your requirement.

term term-name—Name that identifies the term. The term name must be unique in the policy. It can contain letters, numbers, and hyphens (-) and can be up to 64 characters long. To include spaces in the name, enclose the entire name in quotation marks (“ ”). A policy statement can include multiple terms. We recommend that you name all terms. However, you do have the option to include an unnamed term which must be the final term in the policy. To configure an unnamed term, omit the term statement when defining match conditions and actions.

to—(Optional) Match a route based on its destination address or the protocols into which the route is being advertised.

then—(Optional) Actions to take on matching routes. The actions are described in Configuring Flow Control Actions and Configuring Actions That Manipulate Route Characteristics.

set-down-bit—(Optional) Configure this option to aggregate leaked locator routes using routing policies.

srv6 SID value - Enter the Segment Routing over IPv6 (SRv6) SID value. You use this configuration to define SID values for routes, which can also be SRv6 routes.

validation-database-instance—(Optional) Name to identify a validation-state with database name.database-name <database-name>—(Optional) Route Validation Database name to be looked at. state (valid|invalid|unknown)—(Optional) Name to identify a validation-state

Required Privilege Level

routing—To view this statement in the configuration.

routing-control—To add this statement to the configuration.

Release Information

Statement introduced before Junos OS Release 7.4.

Support for configuration in the dynamic database introduced in Junos OS Release 9.5.

Support for configuration in the dynamic database introduced in Junos OS Release 9.5 for EX Series switches.

inet-mdt option introduced in Junos OS Release 10.0R2.

route-target option introduced in Junos OS Release 12.2.

protocol and traffic-engineering options introduced in Junos OS Release 14.2.

no-entropy-label-capability option introduced in Junos OS Release 15.1.

priority and tag value options introduced in Junos OS Release 17.1.

as-path-unique-count option introduced in Junos OS Release 17.2R1.

prefix-segment option introduced in Junos OS Release 17.2R1 for MX Series routers, PTX Series routers, QFX5100 switches, and QFX10000 switches.

multipath-resolve and dynamic-tunnel-attributes options introduced in Junos OS Release 17.3R1.

aggregate-bandwidth and limit-bandwidth limit-bandwidth options introduced in Junos OS Release 17.4R1 for MX Series, PTX Series, and QFX Series.

l-isis and l-ospf keywords at the protocol option is introduced in Junos OS Release 19.1R1.

resolution-map statement introduced in Junos OS Release 19.2R1-S1 on MX and PTX Series routers.

lsp and lsp-regex options introduced in Junos OS Release 19.4R1.

as-path-neighbors, as-path-origins, and as-path-transits statements introduced in Junos OS Release 21.3R1.

advertise-locator and set-down-bit options introduced in Junos OS Release 22.2R1.