Technical Documentation

Junos® OS Firewall Filters and Traffic Policers, Release 11.2

Describes how to use Junos OS stateless firewall filters and traffic policers to control traffic flows on supported devices.

Stateless firewall filters enable you to control packets transiting the device to a network destination as well as packets destined for and sent by the device. You can configure a firewall filter to perform specified actions on packets of a particular protocol family, including fragmented packets, that match specified conditions based on Layer 3 or Layer 4 packet header fields.
Traffic policers enable you to control the maximum rate of IP traffic sent or received on a device interface. When a policed traffic flow exceeds the specified rate limit, the packets in the flow are either discarded or marked with a specified forwarding class, a specified packet loss priority (PLP) level, or both. You can configure the Junos OS class of service (CoS) features to take in a single flow of traffic entering at the edge of your network and provide multiple levels of service across the network —internal forwarding and scheduling (queuing) for output—based on the forwarding class assignments and PLP levels of the individual packets.