Resolving Policy Merge Conflicts - Juniper JUNOSE SOFTWARE FOR E SERIES 11.3.X - POLICY MANAGEMENT CONFIGURATION GUIDE 2010-10-04 Configuration Manual
Software for e series broadband services routers policy management configuration guide
Hide thumbs
Also See for JUNOSE SOFTWARE FOR E SERIES 11.3.X - POLICY MANAGEMENT CONFIGURATION GUIDE 2010-10-04:
- Reference manual (284 pages) ,
- Configuration manual (632 pages)
Table of Contents
Advertisement
Resolving Policy Merge Conflicts
Copyright © 2010, Juniper Networks, Inc.
Existing policy VSAs in RADIUS are not changed; attachments created by this method
cannot be merged. Ascend data filter policies can be attached at input and output
attachment points.
SNMP support for polling statistics based on component policy attachments is not
available.
The merge policy naming convention is not configurable.
The set of component policies are first ordered by their name to form the final merged
policy. For example, if the component policies sets contain cp_1, cp_3, cp_9, cp_2, the
order in which these policies are merged is cp_1, cp_2, cp_3, and cp_9. The merge order
is important for resolving merge conflicts.
Various conflicting combinations of component policies can result in a merged policy
that is not a perfect union of the component policies. These conflicts are resolved as
they currently are in policy CLI context, where, in any conflict, the most recently executed
command takes precedence.
More than one component policy can contain the same classifier group. If the precedence
does not match, the precedence of the classifier group defined in the last component
policy becomes the final precedence for this classifier group in the merged policy, as in
the following example:
host1(config)#ip policy-list p1
host1(config-policy)#classifier-group C1 precedence 90
host1(config-classifier-group)#forward
host1(config-classifier-group)#exit
host1(config)#ip policy-list p2
host1(config-policy)#classifier-group C1 precedence 100
host1(config-classifier-group)#forward
host1(config-classifier-group)#exit
host1(config)#ip policy-list p3
host1(config-policy)#classifier-group C1 precedence 130
host1(config-classifier-group)#forward
host1(config-classifier-group)#exit
If you combine p1, p2, and p3, you get the following with p1, p2, p3 as the merge order for
the set of component policies.
ip policy-list mpl_10
classifier-group C1 precedence 130
forward
exit
For IP, the forward, filter, next-hop, and next-interface rules are mutually exclusive within
a classifier group. For all other types, filter and forward rules are mutually exclusive.
A conflict arises when more than one component policy has the same classifier group
and when the rule sets defined in these classifier groups conflict. To resolve the merge
conflict, the last command entered replaces any previous conflicting commands for a
classifier group, as in the following example:
Chapter 6: Merging Policies
99
Advertisement
Table of Contents
