policy based routing summarize

  • 0
  • 1
  • Question
  • Updated 1 year ago
  • Answered
Hi,
i have a question about policy based Routing!

I wirte the Poliy like this:


entry REDIRECT80 {
if {
    source-address 192.168.81.0/24;
    destination-address 192.168.100.0/24;
} then {
    redirect 10.10.50.1;
}
}
entry REDIRECT220 {
if {
    source-address 192.168.81.0/24;
    destination-address 192.168.101.0/24
} then {
    redirect 10.10.50.1;
}
}

is there a poibility to write this like that?

entry REDIRECT {
if match any {
    source-address 192.168.81.0/24;
    destination-address 192.168.100.0/24;
    destination-address 192.168.101.0/24
} then {
    redirect 10.10.50.1;
}
}

Cheers Alex
Photo of Alexander

Alexander

  • 200 Points 100 badge 2x thumb

Posted 1 year ago

  • 0
  • 1
Photo of KD

KD

  • 150 Points 100 badge 2x thumb
hi. 
i think that it was wrong summarize.

because " if match any" is "or" option.

summarize policy match condition is
 
source-address 192.168.81.0/24; or  destination-address 192.168.100.0/24; or destination-address 192.168.101.0/24

it does not mean "src 192.168.81.0/24 and dst 192.168.100.0/24 "

////////////////////// this policy mean //////////////
entry REDIRECT {
if match any {
    source-address 192.168.81.0/24;
    destination-address 192.168.100.0/24;
    destination-address 192.168.101.0/24
} then {
    redirect 10.10.50.1;
}
}

>>>>>>>> If one of the three match condition is true, it will be redirected.
Photo of Grosjean, Stephane

Grosjean, Stephane, Employee

  • 13,676 Points 10k badge 2x thumb
Before considering if you could do some logical AND and OR in the match condition, please note that your last entry is not the equivalent of the first two. The first two match a flow with specific source and destination, while the last would match (in your theory) a single condition.

But I don't think this is allowed, anyway, your policy would be rejected.