From 93d1dca70aa0ae3b34050d24ad7462b8757213bf Mon Sep 17 00:00:00 2001 From: Wataru Ishida Date: Wed, 16 Nov 2016 21:45:27 -0500 Subject: config: simplify route-disposition configuration before: ```yaml actions: route-disposition: accept-route: true reject-route: false ``` after ```yaml action: router-disposition: accept-route ``` Signed-off-by: Wataru Ishida --- docs/sources/policy.md | 86 +++++++++++++++++++++++++++++++++++--------------- 1 file changed, 61 insertions(+), 25 deletions(-) (limited to 'docs/sources/policy.md') diff --git a/docs/sources/policy.md b/docs/sources/policy.md index e9d4b8be..0d7f5a05 100644 --- a/docs/sources/policy.md +++ b/docs/sources/policy.md @@ -493,8 +493,8 @@ policy-definitions consists of condition and action. Condition part is used to e [policy-definitions.statements.conditions.bgp-conditions.as-path-length] operator = "eq" value = 2 - [policy-definitions.statements.actions.route-disposition] - accept-route = true + [policy-definitions.statements.actions] + route-disposition = "accept-route" [policy-definitions.statements.actions.bgp-actions] set-med = "-200" [policy-definitions.statements.actions.bgp-actions.set-as-path-prepend] @@ -562,11 +562,11 @@ policy-definitions consists of condition and action. Condition part is used to e | operator | operator to compare the length of AS number in AS_PATH attribute.
"eq","ge","le" can be used.
"eq" means that length of AS number is equal to Value element
"ge" means that length of AS number is equal or greater than the Value element
"le" means that length of AS number is equal or smaller than the Value element| "eq" | | value | value used to compare with the length of AS number in AS_PATH attribute | 2 | - - policy-definitions.statements.actions.route-disposition + - policy-definitions.statements.actions - | Element | Description | Example | - |--------------|-----------------------------------------------------------------------------------|---------| - | accept-route | action to accept the route if matches conditions. If true, this route is accepted | true | + | Element | Description | Example | + |-------------------|---------------------------------------------------------------------------------------------------------------|----------------| + | route-disposition | stop following policy/statement evaluation and accept/reject the route:
"accept-route" or "reject-route" | "accept-route" | - policy-definitions.statements.actions.bgp-actions @@ -618,8 +618,8 @@ policy-definitions consists of condition and action. Condition part is used to e prefix-set = "ps1" [policy-definitions.statements.conditions.match-neighbor-set] neighbor-set = "ns1" - [policy-definitions.statements.actions.route-disposition] - reject-route = true + [policy-definitions.statements.actions] + route-disposition = "reject-route" ``` - example 2 @@ -636,8 +636,8 @@ policy-definitions consists of condition and action. Condition part is used to e prefix-set = "ps1" [policy-definitions.statements.conditions.match-neighbor-set] neighbor-set = "ns1" - [policy-definitions.statements.actions.route-disposition] - reject-route = true + [policy-definitions.statements.actions] + route-disposition = "reject-route" # second statement - (2) [[policy-definitions.statements]] name = "statement2" @@ -645,8 +645,8 @@ policy-definitions consists of condition and action. Condition part is used to e prefix-set = "ps2" [policy-definitions.statements.conditions.match-neighbor-set] neighbor-set = "ns2" - [policy-definitions.statements.actions.route-disposition] - reject-route = true + [policy-definitions.statements.actions] + route-disposition = "reject-route" ``` - if a route matches the condition inside the first statement(1), GoBGP applies its action and quits the policy evaluation. @@ -665,8 +665,8 @@ policy-definitions consists of condition and action. Condition part is used to e prefix-set = "ps1" [policy-definitions.statements.conditions.match-neighbor-set] neighbor-set = "ns1" - [policy-definitions.statements.actions.route-disposition] - reject-route = true + [policy-definitions.statements.actions] + route-disposition = "reject-route" # second policy [[policy-definitions]] name = "policy2" @@ -676,8 +676,8 @@ policy-definitions consists of condition and action. Condition part is used to e prefix-set = "ps2" [policy-definitions.statements.conditions.match-neighbor-set] neighbor-set = "ns2" - [policy-definitions.statements.actions.route-disposition] - reject-route = true + [policy-definitions.statements.actions] + route-disposition = "reject-route" ``` - example 4 @@ -710,8 +710,8 @@ policy-definitions consists of condition and action. Condition part is used to e [policy-definitions.statements.conditions.bgp-conditions.as-path-length] operator = "eq" value = 2 - [policy-definitions.statements.actions.route-disposition] - accept-route = true + [policy-definitions.statements.actions] + route-disposition = "accept-route" [policy-definitions.statements.actions.bgp-actions] set-med = "-200" set-next-hop = "10.0.0.1" @@ -725,6 +725,42 @@ policy-definitions consists of condition and action. Condition part is used to e communities-list = ["65100:20"] ``` + - example 5 + - example of multiple statement + + ```toml + # example 5 + [[policy-definitions]] + name = "policy1" + [[policy-definitions.statements]] + # statement without route-disposition continues to the next statement + [policy-definitions.statements.actions.bgp-actions] + set-med = "+100" + [[policy-definitions.statements]] + # if matched with "ps1", reject the route and stop evaluating + # following statements + [policy-definitions.statements.conditions.match-prefix-set] + prefix-set = "ps1" + [policy-definitions.statements.actions] + route-disposition = "reject-route" + [[policy-definitions.statements]] + # if matched with "ps2", accept the route and stop evaluating + # following statements + [policy-definitions.statements.conditions.match-prefix-set] + prefix-set = "ps2" + [policy-definitions.statements.actions] + route-disposition = "accept-route" + [[policy-definitions.statements]] + # since this is the last statement, if the route matched with "ps3", + # add 10 to MED value and continue to the next policy if exists. + # If not, default-policy is applied. + [policy-definitions.statements.conditions.match-prefix-set] + prefix-set = "ps3" + [policy-definitions.statements.actions.bgp-actions] + set-med = "+10" + ``` + + --- @@ -749,8 +785,8 @@ default-export-policy = "accept-route" |-------------------------|---------------------------------------------------------------------------------------------|----------------| | import-policy | policy-definitions.name for Import policy | "policy1" | | export-policy | policy-definitions.name for Export policy | "policy2" | -| default-import-policy | action when the route doesn't match any policy:
"accept-route" or "reject-route". default is "accept-route" | "accept-route" | -| default-export-policy | action when the route doesn't match any policy:
"accept-route" or "reject-route". default is "accept-route" | "accept-route" | +| default-import-policy | action when the route doesn't match any policy or none of the matched policy specifies `route-disposition`:
"accept-route" or "reject-route". default is "accept-route" | "accept-route" | +| default-export-policy | action when the route doesn't match any policy or none of the matched policy specifies `route-disposition`:
"accept-route" or "reject-route". default is "accept-route" | "accept-route" | #### 4.2. Attach policy to route-server-client @@ -785,9 +821,9 @@ The apply-policy has 6 elements. | import-policy | policy-definitions.name for Import policy | "policy1" | | export-policy | policy-definitions.name for Export policy | "policy2" | | in-policy | policy-definitions.name for In policy | "policy3" | -| default-import-policy | action when the route doesn't match any policy:
"accept-route" or "reject-route". default is "accept-route" | "accept-route" | -| default-export-policy | action when the route doesn't match any policy:
"accept-route" or "reject-route". default is "accept-route" | "accept-route" | -| default-in-policy | action when the route doesn't match any policy:
"accept-route" or "reject-route". default is "accept-route" | "reject-route" | +| default-import-policy | action when the route doesn't match any policy or none of the matched policy specifies `route-disposition`:
"accept-route" or "reject-route". default is "accept-route" | "accept-route" | +| default-export-policy | action when the route doesn't match any policy or none of the matched policy specifies `route-disposition`:
"accept-route" or "reject-route". default is "accept-route" | "accept-route" | +| default-in-policy | action when the route doesn't match any policy or none of the matched policy specifies `route-disposition`:
"accept-route" or "reject-route". default is "accept-route" | "accept-route" | @@ -847,8 +883,8 @@ define an import policy for neighbor 10.0.255.2 that drops [policy-definitions.statements.conditions.match-neighbor-set] neighbor-set = "ns1" match-set-options = "any" - [policy-definitions.statements.actions.route-disposition] - reject-route = true + [policy-definitions.statements.actions] + route-disposition = "reject-route" ``` Neighbor 10.0.255.2 has pd2 policy. The pd2 policy consists of ps2 prefix match and ns1 neighbor match. The ps2 specifies 10.33.0.0 and 10.50.0.0 address. The ps2 specifies the mask with **MASK** keyword. **masklength-range** keyword can specify the range of mask length like ```masklength-range 24..26```. The *ns1* specifies neighbor 10.0.255.1. -- cgit v1.2.3