JunOS filter list ordering issue
Pekka Savola
pekkas at netcore.fi
Thu Feb 11 07:00:55 UTC 2010
On Mon, 1 Feb 2010, S.P.Zeidler wrote:
> Of course. Numerically larger address before smaller one,
> and longer mask before shorter one, so that eg:
>
> 10.2.1.0/24
> 10.2.0.0/24
> 10.2.0.0/22
>
> so when it hits a match, all more specifics have already been seen.
Does this work? At least in some initial tests we did, it seemed as
if JunOS would internally reorganize/optimize these and this would not
be sufficient. But we tested prefix-length-range instead of "simple"
route-filters, so the behaviour could be different there:
route-filter 2001:0678::/29 prefix-length-range /29-/48;
route-filter 2001:0c00::/23 prefix-length-range /48-/48;
route-filter 2001:13c7:6000::/36 prefix-length-range /36-/48;
route-filter 2001:13c7:7000::/36 prefix-length-range /36-/48;
route-filter 2001::/16 prefix-length-range /35-/35;
route-filter 2001::/16 prefix-length-range /19-/32;
--
Pekka Savola "You each name yourselves king, yet the
Netcore Oy kingdom bleeds."
Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings
More information about the irrtoolset
mailing list