Certified Internet Associate
Study Guide - Chapter 4
by Joseph M. Soricelli
with John L. Hammond, Galina Diker Pildush,
Thomas E. Van Meter, and Todd M. Warble
This book was originally developed by Juniper Networks Inc. in conjunction with
Sybex Inc. It is being offered in electronic format because the original book
(ISBN: 0-7821-4071-8) is now out of print. Every effort has been made to remove
the original publisher's name and references to the original bound book and its
accompanying CD. The original paper book may still be available in used book
stores or by contacting, John Wiley & Sons, Publishers. www.wiley.com.
Copyright © 2003-6 by Juniper Networks Inc. All rights reserved.
This publication may be used in assisting students to prepare for a Juniper
JNCIA exam but Juniper Networks Inc. cannot warrant that use of this
publication will ensure passing the relevant exam.
JNCIA EXAM OBJECTIVES COVERED IN
Describe JUNOS software routing policy design
considerations—import; export; terms; match
criteria; actions; default actions; policy evaluation
List the main reasons to create and apply policies
Define the locations within a BGP configuration where a
policy may be applied
Identify the components of a route filter and the various
Evaluate the outcome of a policy
In this chapter, we explore how you implement a basic routing
policy in a Juniper Networks router. We first examine why you
need a routing policy and when it would be appropriate to imple-
ment it. Then we see how to create policies and, finally, how to apply policies within the JUNOS
A routing policy is an integral part of any effective network. Without it, a network is subject
to the rules of its Interior Gateway Protocol (IGP) and Border Gateway Protocol (BGP) config-
uration. Using routing policies allows you to modify or ignore the default behavior of the rout-
ing protocols. This gives you a significant amount of control over the routing behavior of the
network. A complete understanding of how and when to use a routing policy is essential to run-
ning an optimal network, so let’s start there.
What Is a Routing Policy?
Although it is tempting to jump right into configuring routing policies, we first need to understand
why policies are needed and how they are implemented. In this section, we review the purpose of
routing tables, the selection process for active routes, and reasons for modifying the selection pro-
cess. After that, we consider how routing policies affect the router’s view of the network.
The Routing Table
If you think back to
, you will recall that a router is a Layer 3 device that utilizes
IP addresses to determine the best path to an end destination. The router works with the routing
protocols to learn about the network’s destinations. For the most part, the end goal of the rout-
ing protocols is the same—to learn about all possible routes and to send those routes to all pos-
sible neighbors. How this is actually accomplished varies, but the general goal remains the same.
A router stores all the routes (and paths) that it learns about in a routing table. The router
then references this table to make forwarding decisions. As you saw in Chapter 3, “Protocol-
Independent Routing,” a Juniper Networks router uses
as a selection process to
determine the active route for each destination. Once the network installs this route in the for-
warding table, it can simply forward all user packets out of the proper interface.
The active route plays another important role. The routing protocols will send the active
routes in the routing table to all their neighbors. Through this learn-and-send process, each
router is able to build its own map of the entire network. In a fully operational and converged
network, all routers should see a valid path to any destination. This simple process is highly
effective. In some cases, it works extremely well. So why change it?
What Is a Routing Policy?
Why Modify the Routing Table?
Using the default behavior of routing protocols is certainly enough to maintain connectivity in
a simple network, but what happens when the network grows in complexity? A single protocol
often cannot maintain enough information to ensure that all routers are utilizing the best paths
available. The key word in the previous sentence is
. In short, different protocols define the
best path differently. Making sure that the best path is taken, even in a small network, can be
a very tricky proposition.
The JUNOS software routing policy framework is your tool to guarantee that the best path
in your network is the one you want to use. It can override and alter the selections made by the
routing protocols and inject new information into the network. Let’s see how this might work.
Modifying the Default Protocol Route Selection
Distance-vector routing protocols rely on hop counts to determine the optimal path. This means
that the protocol has no knowledge of the physical network topology. Figure 4.1 shows a simple
distance-vector network. In the diagram, the router Shiraz sees Merlot via two distinct paths. The
path via Cabernet costs two hops, while the path via Riesling costs three hops. Since the protocol
selects the route with the fewest hops, Shiraz will install a route to Merlot via Cabernet. Of course,
99.9 percent of you would rather use the path via Riesling because of its larger bandwidth con-
nections. Clearly, the distance-vector protocol did not choose our best path through the network.
F I G U R E 4 . 1
A simple distance-vector network
While this is a simple and contrived example, it does prove an important point. The routing
protocols in your network will do only what they are configured to do, not what you want them
to do! You would like the ability to change, or even ignore, any information in your routing
table. This is a perfect situation for using a routing policy.
Chapter 4 �
You can also use routing policies to redistribute routes from one protocol into another. Remem-
ber, routing protocols advertise only routes that have been learned by that specific protocol. To
move routes from one protocol into another, a policy is again required.
Figure 4.2 shows a simple multiprotocol network. Here, Shiraz is connected to a server farm
that uses the Routing Information Protocol (RIP) for its network connectivity. Shiraz is also
running Open Shortest Path First (OSPF) to communicate with the backbone network of Cab-
ernet, Chardonnay, and Riesling. Without a policy, the RIP network will have no knowledge of
the OSPF backbone. Similarly, the OSPF backbone will have no knowledge of the RIP server
farm network. In essence, the networks are completely segmented from each other. One solu-
tion might be to use some default and static routes, but this is not scalable beyond our small net-
work here. The preferred solution is to have all routers in the two networks utilize the routing
protocols themselves for connectivity. After all, that’s what they’re there for!
F I G U R E 4 . 2
A simple multiprotocol network
is a much more dynamic and scalable solution because it will allow the
networks to expand without significant reconfiguration. To reach this goal, we place a routing
policy on Shiraz to modify the protocol’s default behavior. The policy allows the RIP process
to advertise the OSPF learned routes and vice versa.
You may have noticed a trend by now. It looks like we can use a routing policy when we
want to alter the default behavior of a protocol. In fact, you are right. With a policy, you can
modify or ignore routes that are advertised to you as well as routes that you advertise to other
neighbors. Don’t forget that we can also use a routing policy to redistribute routes from one
protocol into another.
Forming a Policy
Changing the Map
When you modify or ignore (suppress) the routes that are sent and received by the local router, you
change the network map. It is extremely important that you understand which router’s map you are
By changing a route’s properties prior to installing it into your routing table, you have mod-
ified how the local router perceives the network. If you change a route’s properties prior to send-
ing it to your neighbors, you will be modifying the remote router’s perception of the network.
So the question becomes, whose behavior do you want to modify? How might you apply a rout-
ing policy to accomplish that?
The application of a routing policy is always performed from the perspective of the routing
table. Routes being placed into the routing table are said to be “inbound.” Routes being extracted
from the routing table are said to be “outbound.” When your goal is to modify your view of the
network, you need to apply a policy to all inbound routes. If your goal is to modify your neigh-
bor’s view of the network, you apply a policy to all outbound routes. In the sect