Configuring the Match Condition

You specify conditions that the packet must match before the action in the then statement is taken for a flow route. All conditions in the from statement must match for the action to be taken. The order in which you specify match conditions is not important, because a packet must match all the conditions in a term for a match to occur.

To configure a match condition, include the match statement in the [edit routing-options flow] hierarchy level:

Table 6: Flow Route Match Conditions

Match Condition	Description
`destination` `prefix`	IP destination address field.
`destination-port` `number`	TCP or User Datagram Protocol (UDP) destination port field. You cannot specify both the `port` and `destination-port` match conditions in the same term. In place of the numeric value, you can specify one of the following text synonyms (the port numbers are also listed): `afs` , `bgp` , `biff` (512), `bootpc` (68), `bootps` (67), `cmd` (514), `cvspserver` (2401), `dhcp` (67), `domain` (53), `eklogin` (2105), `ekshell` (2106), `exec` (512), `finger` (79), `ftp` (21), `ftp-data` (20), `http` (80), `https` (443), `ident` , `imap` , `kerberos-sec` (88), `klogin` (543), `kpasswd` (761), `krb-prop` (754), `krbupdate` (760), `kshell` (544), `ldap` (389), `login` (513), `mobileip-agent` (434), `mobilip-mn` (435), `msdp` (639), `netbios-dgm` , `netbios-ns` , `netbios-ssn` , `nfsd` (2049), `nntp` , `ntalk` (518), `ntp` , `pop3` , `pptp` , `printer` (515), `radacct` , `radius` , `rip` (520), `rkinit` (2108), `smtp` (25), `snmp` , `snmptrap` , `snpp` (444), `socks` , `ssh` (22), `sunrpc` , `syslog` (514), `tacacs-ds` (65), `talk` (517), `telnet` (23), `tftp` (69), `timed` (525), `who` (513), `xdmcp` , `zephyr-clt` (2103), or `zephyr-hm` (2104).
`dscp` `number`	Differentiated Services code point (DSCP). The DiffServ protocol uses the type-of-service (ToS) byte in the IP header. The most significant six bits of this byte form the DSCP. You can specify DSCP in hexadecimal, binary, or decimal form.
`fragment` `type`	Fragment type field. The keywords are grouped by the fragment type with which they are associated: `dont-fragment` `first-fragment` `is-fragment` `last-fragment` `not-a-fragment`
`icmp-code` `number`	ICMP code field. This value or keyword provides more specific information than `icmp-type`. Because the value's meaning depends upon the associated `icmp-type` value, you must specify `icmp-type` along with `icmp-code`. In place of the numeric value, you can specify one of the following text synonyms (the field values are also listed). The keywords are grouped by the ICMP type with which they are associated: parameter-problem: `ip-header-bad` (0), `required-option-missing` redirect: `redirect-for-host` , `redirect-for-network` (0), `redirect-for-tos-and-host` (3), `redirect-for-tos-and-net` (2) time-exceeded: `ttl-eq-zero-during-reassembly` , `ttl-eq-zero-during-transit` (0) unreachable: `communication-prohibited-by-filtering` , `destination-host-prohibited` , `destination-host-unknown` (7), `destination-network-prohibited` (9), `destination-network-unknown` (6), `fragmentation-needed` (4), `host-precedence-violation` , `host-unreachable` , `host-unreachable-for-TOS` , `network-unreachable` (0), `network-unreachable-for-TOS` , `port-unreachable` (3), `precedence-cutoff-in-effect` , `protocol-unreachable` (2), `source-host-isolated` (8), `source-route-failed` (5)
`icmp-type` `number`	ICMP packet type field. Normally, you specify this match in conjunction with the `protocol` match statement to determine which protocol is being used on the port. In place of the numeric value, you can specify one of the following text synonyms (the field values are also listed): `echo-reply` (0), `echo-request` (8), `info-reply` , `info-request` , `mask-request` , `mask-reply` , `parameter-problem` , `redirect` (5), `router-advertisement` (9), `router-solicit` , `source-quench` (4), `time-exceeded` , `timestamp` , `timestamp-reply` , or `unreachable` (3).
`packet-length` `number`	Total IP packet length.
`port` `number`	TCP or UDP source or destination port field. You cannot specify both the `port` match and either the `destination-port` or `source-port` match condition in the same term. In place of the numeric value, you can specify one of the text synonyms listed under `destination-port`.
`protocol` `number`	IP protocol field. In place of the numeric value, you can specify one of the following text synonyms (the field values are also listed): `ah, egp` (8), `esp` (50), `gre` (47), `icmp` , `igmp` (2), `ipip` (4), `ipv6` (41), `ospf` (89), `pim` , `rsvp` (46), `tcp` (6), or `udp` .
`source` `prefix`	IP source address field.
`source-port` `number`	TCP or UDP source port field. You cannot specify the `port` and `source-port` match conditions in the same term. In place of the numeric field, you can specify one of the text synonyms listed under `destination-port`.
`tcp-flag type`	TCP header format.