Specifications

ManualsBrandsExtreme Networks ManualsSoftwareExtremeWare Command

121

122

123

124

125

126

127

128

129

130

Switch Protection

ExtremeWare XOS 10.1 Concepts Guide 121

origin egp;

}

Policy entries are evaluated in order, from the beginning of the file to the end, as follows:

• If a match occurs, the action in the then statement is taken

— if the action contains an explicit permit or deny, the evaluation process terminates.

— if the action does not contain an explicit permit or deny, then the action is an implicit permit, and

the evaluation process terminates.

• If a match does not occur, then the next policy entry is evaluated.

• If no match has occurred after evalutating all policy entries, the default action is deny.

Often a policy will have a rule entry at the end of the policy with no match conditions. This entry will

match anything not otherwise processed, so that user can specify an action to override the default deny

action.

Table 23 lists the possible policy entry match conditions. Table 24 lists the regular expressions that can

be used in the match conditions for BGP AS path and community along with examples in Table 25.

Table 26 lists the possible action statements.

Table 23: Policy Match Conditions

Match Condition Description

as-path [<as-number>

| <as-path-regular-expression>];

Where <as-number> is a valid Autonomous system number

in the range [1 - 65535].

<as-path-regular-expression> is a multi-character regular

expression (with 2-byte unsigned Integer being an Atom).

Regular expression will consist of the AS-Numbers and

various regular expression symbols. Regular expressions

must be enclosed in double quotes ("").

community [no-advertise | no-export |

no-export-subconfed | number <community_num> |

<community_regular_expression> |

<as_num> : <num>];

"no-advertise", "no-export" and "no-export-subconfed" are

the standard communities defined by RFC.

<community_num> is a four byte unsigned integer,

<as_num> is a two byte AS-Number and <num> is the

2-bytes community number.

Community regular expression is a multi-character regular

expression (with four byte unsigned integer being an Atom).

Regular expression is enclosed in double quotes ("").

med <number>; <number> is a four byte unsigned integer.

next-hop [<ipaddress> {<ipaddress1> <ipaddress2>

<ipaddress3> ..} | <ipaddress-regular-expression>];

<ipaddress> is a valid IP address in dotted decimal format.

User can supply multiple IP addresses (separated by

space) to match against the next hop.

nlri [<ipaddress> | any]/<mask-length> {exact};

nlri [<ipaddress> | any] mask <mask> {exact};

Where, <ipaddress> and <mask> are in dotted decimal

format, <mask-length> is an integer in the range [0 - 32].

Keyword any matches any IP address with a given (or

larger) mask/mask-length.

origin [igp | egp | incomplete]; IGP, EGP and incomplete are the BGP route origin values.

tag <number>; <number> is a four byte unsigned number.