Policy Rule Precedence - Juniper JUNOSE SOFTWARE FOR E SERIES 11.3.X - POLICY MANAGEMENT CONFIGURATION GUIDE 2010-10-04 Configuration Manual

JunosE 11.3.x Policy Management Configuration Guide

Policy Rule Precedence

28
lowest precedence value. Classifier groups with equal precedence are evaluated in the
order of creation.
NOTE: For IP policies, the forward command supports the order keyword,
which enables you to order multiple forward rules within a single classifier
group. (See "Using Policy Rules to Provide Routing Solutions" on page 31.)
From Policy Configuration mode, you can assign a precedence value to a CLACL by using
the precedence keyword when you create a classifier group. The default precedence
value is 100. For example:
host1(config-policy-list)#classifier-group ipCLACL25 precedence 21
host1(config-policy-list-classifier-group)#
The classifier-group command puts you in Classifier Group Configuration mode. In this
mode you configure the policy rules that make up the policy list. For example:
host1(config-policy-list-classifier-group)#forward next-hop 172.18.20.54
To stop and start a policy rule without losing statistics, you can suspend the rule.
Suspending a rule maintains the policy rule with its current statistics, but the rule no
longer affects packets in the forwarding path.
From Classifier Group Configuration mode, you can suspend a rule by using the suspend
version of that policy rule command. The no suspend version reactivates a suspended
rule. For example:
host1(config-policy-list-classifier-group)#suspend forward next-hop 172.18.20.54
host1(config-policy-list-classifier-group)#no suspend forward next-hop 172.18.20.54
You can add, remove, or suspend policy rules while the policy is attached to one or more
interfaces. The modified policy takes effect once you exit Policy Configuration mode.
Because of the flexibility in creating policy lists and classifier groups, you can configure
a classifier group that has multiple policy rules.
If a classifier group has multiple rules, the router uses the rules according to their
precedence—not in the order in which you created the rules. The first rule listed (the
forward rule) for a policy list type has the highest precedence and the last rule has the
lowest. The precedence is based on the order in which the router performs rules. Rules
are performed in order from lower to higher precedence. In the event of a conflict, a higher
precedence rule overrides the lower precedent rule.
The precedence of rules is important if you want a specific rule to be applied. For example,
if an IP policy list has both a rate-limit-profile rule (which specifies a color) and a color
rule in the same classifier-group, the color specified by the color rule is always used rather
than the color implied in the rate-limit-profile rule (the color rule has a higher precedence).
Table 4 on page 29 lists the policy rule commands that you can use for each type of
policy list. The table lists the rules in their order of precedence.
Copyright © 2010, Juniper Networks, Inc.