Configuring a Forwarding Table Filter

A forwarding table filter allows you to filter data packets based on their components and to perform an action on packets that match the filter.

To configure a forwarding table filter, do the following:

1. Define a forwarding table filter:

1. Configure the family address type: IPv4 (inet), IPv6 (inet6), or MPLS (mpls).
2. Define one or more terms, which are named structures in which match conditions and actions are defined.
3. Define a match condition, which is the criterion against which a bearer packet is compared; for example, the IP address of a source device or a destination device. You can specify multiple criteria in a match condition.
4. Define an action, which is what happens if all criteria match; for example, the gateway GPRS support node (GGSN) accepting the bearer packet, performing a lookup in the forwarding table, and forwarding the packet to its destination; discarding the packet; and discarding the packet and returning a rejection message. In addition to an action, you can define one or more action modifiers, which are actions that are taken in addition to the GGSN accepting or discarding a packet when all criteria match; for example, counting the packets and logging a packet.

For more information about configuring firewall filters, see Configuring Firewall Filters.

2. Apply the forwarding table filter as an input filter to a forwarding table. The forwarding table filter controls which bearer packets the router accepts and forwards.

To define a forwarding table filter, include the firewall statement at the [edit] hierarchy level:

[edit] 

firewall {

    family family-name {

        filter filter-name {

            term term-name {

                from {

                    match-conditions; 

                } 

                then {

                    action; 

                    action-modifiers; 

                } 

            } 

        } 

    } 

}

To create a forwarding table, include the instance-type statement at the [edit routing-instance instance-name] hierarchy level:

[edit] 

routing-instance instance-name {

    instance-type forwarding; 

}

To apply a forwarding table filter to a VPN routing and forwarding (VRF) table, include the filter input statement at the [edit routing-instance instance-name forwarding-options family family-name] hierarchy level:

[edit] 

routing-instance routing-instance-name {

    instance-type forwarding;

    forwarding-options {

        family family-name {

            filter {

                input filter-name; 

            } 

        } 

    } 

} 

To apply a forwarding table filter to a forwarding table, include the filter input statement at the [edit forwarding-options family family-name] hierarchy level:

[edit forwarding-options family family-name] 

filter {

    input filter-name;

}

To apply a forwarding table filter to the default forwarding table inet.0, which is not associated with a specific routing instance, include the filter input statement at the [edit forwarding-options family inet] hierarchy level:

[edit]

filter {

    input filter-name; 

} 

For information about the routing-instance and routing-options statements, see the JUNOS Routing Protocols Configuration Guide.