Policy Match Conditions

Policy Match Conditions lists the possible policy entry match conditions.

Click to expand in new window

Policy Match Conditions

Match Condition Description

as-path [<as-number> | <as-path-regular-expression>];

Where <as-number> is a valid 2-byte AS number in the range of 1 to 65535 or a 4-byte AS number in the range of 65536 to 4294967294.

Where <as-path-regular-expression> is a multi-character regular expression (with 2-byte unsigned Integer being an Atom). Regular expression will consist of the AS-Numbers and various regular expression symbols. Regular expressions must be enclosed in double quotes ("").

community [no-advertise | no-export | no-export-subconfed | number <community_num> | <community_regular_expression> | <as_num> : <num>];

Where no-advertise, no-export and no-export-subconfed are the standard communities defined by RFC. <community_num> is a four-byte unsigned integer, <as_num> is a two-byte or four-byte AS-Number and <num> is the 2‑bytes community number.

Community regular expression is a multi-character regular expression (with four byte unsigned integer being an Atom). Regular expression is enclosed in double quotes ("").

med <number>;

Where <number> is a 4-byte unsigned integer.

next-hop [<ipaddress> | <ipaddress-regular-expression>];

Where <ipaddress> is a valid IP address in dotted decimal format.

nlri [ ipaddress | any ] mask-length {exact}; nlri [ipaddress | any] mask mask {exact}; nlri [ ipv6address | any-ipv6 ]/ mask-length {exact};

Where ipaddress and mask are IPv4 addresses and masks, mask-length is an integer with maximum value of 32 for IPv4 addresses. The keyword any matches any IPv4 address with a given (or larger) mask/mask-length.

Similarly ipv6address is an IPv6 address and masklength is an integer with a maximum value of 128 for IPv6 addresses. The keyword any-ipv6 matches any IPv6 address with a given (or larger) mask-length.

origin [igp | egp | incomplete];

Where igp, egp and incomplete are the BGP (Border Gateway Protocol) route origin values.

tag <number>;

Where <number> is a 4-byte unsigned number.

Note: The tag match condition only works with export policy.

route-origin [direct | static | icmp | egp | ggp | hello | rip | isis | esis | cisco-igrp | ospf | bgp | idrp | dvmrp | mospf | pim-dm | pim-sm | ospf-intra | ospf-inter | ospf-extern1 | ospf-extern2 | bootp | e-bgp | i-bgp | mbgp | i-mbgp | e-mbgp | isis-level-1 | isis-level-2 | isis-level-1-external | isis-level-2-external];

Matches the origin (different from BGP route origin) of a route.

A match statement "route-origin bgp" will match routes whose origin are "I-bgp" or "e-bgp" or "I-mbgp" or "e-mbgp". Similarly, the match statement "route-origin ospf" will match routes whose origin is "ospf-inta" or "ospf-inter" or "ospf-as-external" or "ospf-extern-1" or "ospf-extern-2"

Note

Note

When entering an AS number in a policy file, you must enter a unique 2-byte or 4-byte AS number. The transition AS number, AS 23456, is not supported in policy files.