As-list is designed to be removed when empty. While I realize this may violate principle of least astonishment vs. similar features you highlight that take empty match elements, if I could go back in time I'd similarly make those fail as well. The semantics of such empty matching elements have resulted in outages because they themselves fail POLA. Do they match everything? Nothing? Bah.
-- Jeff On 4/20/25, 13:20, "juniper-nsp on behalf of Alexandre Snarskii via juniper-nsp" <[email protected] <mailto:[email protected]> on behalf of [email protected] <mailto:[email protected]>> wrote: [External Email. Be cautious of content] Hi! Somewhat stupid question: are there any way to configure as-list that does not contain any member ? With prefix-lists/route-filter-lists it's trivial (delete policy-options prefix-list NNN; set policy-options prefix-list NNN;), with classic as-path filters it's possible albeit a bit tricky (set policy-options as-path none "!.*"), but I don't see any way to create empty as-list or empty current one: on emptying it gets fully removed from configuration and policy-options referencing it are not valid anymore :( Test scenario: create as-list with some members, reference it in policy: [edit policy-options] + policy-statement as-test { + term ok { + from { + as-path-origins as-list-group as0; + } + then accept; + } + then reject; + } [edit policy-options] + as-list-group as0 { + as-list as0 members [ 65533 65534 ]; + } so far so good, commit check succeeds. Now, some days/weeks/years after as-set becomes empty or nonexistant for whatever reason, generated as-list becomes empty, and attempt to upload it on router results in warning and commit check failure: load replace terminal relative [Type ^D at a new line to end input] policy-options { replace: as-list-group as0 { } } [edit policy-options] 'as-list-group as0' warning: statement has no contents; ignored load complete commit check [edit] 'policy-options' Policy error: as0 as-list-group referenced (in term ok) but not defined error: configuration check-out failed Ok, let's try to generate "not that empty" as-list, indicating that "yes, it's empty, but it is deliberately": [Type ^D at a new line to end input] policy-options { replace: as-list-group as0 { as-list aNone members [ ]; } } load complete ok, warning is not here anymore, but commit check still fails with the same error.. Are there any other options better than encoding some fake ASN into empty as-list ? PS: tested with 22.4R3-S3.3 and 23.4R2-S2.1 if that matters. _______________________________________________ juniper-nsp mailing list [email protected] <mailto:[email protected]> https://urldefense.com/v3/__https://puck.nether.net/mailman/listinfo/juniper-nsp__;!!NEt6yMaO-gk!H4GUzT7gmQOzKucMtNlwqposcLAWgUZKEtSdhqivSY69DQD2pxhmXHwSg0tpKlTvgwSs4wqV7Zs55pbMoiNSr_Y$ <https://urldefense.com/v3/__https://puck.nether.net/mailman/listinfo/juniper-nsp__;!!NEt6yMaO-gk!H4GUzT7gmQOzKucMtNlwqposcLAWgUZKEtSdhqivSY69DQD2pxhmXHwSg0tpKlTvgwSs4wqV7Zs55pbMoiNSr_Y$> Juniper Business Use Only _______________________________________________ juniper-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/juniper-nsp
