Table of Contents

About This Guide
Objectives
Supported Routing Platforms
Audience
Using the Indexes
Using the Examples in This Manual
Merging a Full Example
Merging a Snippet
Documentation Conventions
Related Juniper Networks Documentation
Documentation Feedback
Requesting Support
Policy Framework Overview
Router Flows Affected by Policies
Policy Architecture
Control Points
Policy Components
Default Policies and Actions
Configuration Tasks
Policy Configuration Recommendations
Comparison of Routing Policies and Firewall Filters
Routing Policy Framework Overview
Importing and Exporting
Routing Tables Affected by Routing Policies
Default Routing Policies and Actions
Creating Routing Policies
Configuring a Routing Policy
Match Conditions
Named Match Conditions
Actions
Terms
Routing Policy Application
Routing Protocols
Forwarding Table
Evaluating a Routing Policy
How a Routing Policy Is Evaluated
How a Routing Policy Chain Is Evaluated
How a Routing Policy Expression Is Evaluated
How a Routing Policy Subroutine Is Evaluated
Routing Policy Tests
Supported Standards and Drafts
Routing Policy Configuration Statements
Minimum Routing Policy Configuration
Minimum Routing Policy Chain Configuration
Minimum Subroutine Configuration
Routing Policy Configuration
Defining Routing Policies
Routing Policy Name
Terms
Match Conditions
Actions
Flow Control Actions
Actions That Manipulate Route Characteristics
Trace Action
Final Action
Default Action
Route List Actions
Examples: Defining Routing Policies
Defining a Routing Policy from BGP to IS-IS
Using Routing Policy to Set a Preference
Applying Routing Policies
Applying Routing Policies to a Routing Protocol
Applying a Routing Policy
Applying a Routing Policy Chain
Applying Policy Expressions
Side Effects of Omitting the "from" Statement from an Export Policy
Applying Routing Policies to the Forwarding Table
Examples: Applying Routing Policies
Examples: Routing Policy Configuration
Example 1
Example 2
Example 3
Example 4
Example 5
Example 6
Example 7
Example 8
Example 9
Example 10
Example 11
Example: ISP Network Case Study
Requesting a Single Default Route on the Customer 1 Router
Requesting Specific Routes on the Customer 2 Router
Configuring Peer Policy on ISP Router 3
Configuring Private and Exchange Peers on ISP Router 1 and 2
Configuring Locally Defined Static Routes on the Exchange Peer 2 Router
Configuring Outbound and Generated Routes on the Private Peer 2 Router
Configuring the Discard Interface
Testing Routing Policies
Example: Testing a Routing Policy
Extended Match Conditions Configuration
Configuring AS Path Regular Expressions
Defining AS Path Regular Expressions
Null AS Path
How AS Path Regular Expressions Are Evaluated
Examples: Configuring AS Path Regular Expressions
Configuring Communities
Defining Communities
Configuring the Community Attribute
Configuring the Extended Communities Attribute
Inverting Community Matches
Configuring Link Bandwidth
How Communities Are Evaluated
Configuring Prefix Lists
Prefix List and Route List Differences
Defining Prefix Lists
How a Prefix List Is Evaluated
Example: Configuring a Prefix List
Configuring a Prefix List Filter
Configuring Route Lists
Defining Route Lists
How a Route List Is Evaluated
How Prefix Order Affects Route List Evaluation
Common Configuration Problem with the Longest-Match Lookup
Examples: Configuring Route Lists
Example 1
Example 2
Example 3
Example 4
Example 5
Example 6
Example 7
Example 8
Example 9
Configuring Subroutines
Defining Subroutines
Termination Actions
Example: Configuring a Subroutine
Extended Actions Configuration
Configuring the AS Path Prepend Action
Configuring the AS Path Expand Action
Configuring the Class of Service Action
Configuring the Damping Action
Configuring Flap Damping Parameters
Defining Damping Action
Enabling BGP Route Flap Damping
Disabling Damping by Prefix
Example: Disabling by Prefix
Example: Configuring BGP Flap Damping
Configuring the Load-Balance Per-Packet Action
Load Balancing Based on the MPLS Label Information
Load Balancing Based on Layer 2 MAC Information
Examples: Configuring Per-Packet Load Balancing
Summary of Routing Policy Configuration Statements
apply-path
as-path
as-path-group
community
damping
export
import
policy-options
policy-statement
prefix-list
prefix-list-filter
Firewall Filter Overview
Firewall Filter Components
Supported Standards
Firewall Filter Configuration
Minimum Firewall Filter Configuration
Configuring Firewall Filters
Configuring the Family Address Type
Configuring the Filter Name
Configuring the Filter Terms
Configuring a Filter Match Statement
Configuring a Filter Action Statement
Example: Configure a Filter Action Statement
Example: Set the DSCP bit to 0
How Firewall Filters Are Evaluated
Filter Match Conditions
Specifying Numeric Range Filter Match Conditions
Specifying Address Filter Match Conditions
Specifying Bit-Field Filter Match Conditions
Specifying Class-Based Filter Match Conditions
Filtering Smaller Packets
How Firewall Filters Test a Packet's Protocol
Example: Do Not Test Packet Protocol
Configuring a Filter Within a Filter
Example: Configure a Filter Within A Filter
Examples: Defining Firewall Filters
Example 1
Example 2
Example 3
Example 4
Example 5
Example 6
Example 7
Example 8
Example 9
Example 10
Example 11
Configuring Service Filters
Configuring Simple Filters
Example: Configuring a Simple Filter
Applying Firewall Filters to Interfaces
Configuring Interface-Specific Counters
Example: Configuring Interface-Specific Counters
Defining Interface Groups
Example: Defining Interface Groups
Configuring Accounting
Configuring a Firewall Filter Accounting Profile
Configuring Filter-Based Forwarding
Examples: Configuring Filter-Based Forwarding
Configuring Forwarding Table Filters
Overview
Configuring a Forwarding Table Filter
Configuring Firewall Filter System Logging
Example: Configuring Firewall Filter System Logging
Policer Overview
Policer Configuration
Minimum Policer Configuration
Configuring Policers
Configuring Rate Limiting
Configuring a Policer Action
Example: Configuring a Policer Action
Configuring Multifield Classification and Policing
Configuring Filter-Specific Policers
Configuring Prefix-Specific Actions
Examples: Configuring Prefix-Specific Actions
Examples: Classifying Traffic
Configuring an Interface Set
Applying an Interface Policer
Example: Applying an Interface Policer
Configuring an Aggregate Policer
Example: Configuring an Aggregate Policer
Configuring a Bandwidth Policer
Example: Configuring a Bandwidth Policer
Configuring a Load-Balance Group
Configuring a Tricolor Marking Policer
Configuring a Tricolor Marking Policer
Example: Configuring a Tricolor Marking Policer
Configuring an Interface Policer Using Tricolor Marking Policing
Example: Rate-Limiting Bandwidth Using Tricolor Marking Policing
Examples: Configuring Policing
Summary of Firewall Filter and Policer Configuration Statements
accounting-profile
action
family
filter
filter-specific
firewall
if-exceeding
interface-set
interface-specific
load-balance-group
logical-bandwidth-policer
logical-interface-policer
policer
prefix-action
service-filter
simple-filter
term
three-color-policer
virtual-channel
Traffic Sampling and Forwarding Overview
Traffic Sampling and Forwarding Configuration
Minimum Traffic Sampling or Forwarding Configuration
Configuring a Forwarding Table Filter
Configuring Traffic Sampling
Configuring Discard Accounting
Configuring Flow Monitoring
Configuring a Next-Hop Group
Configuring Per-Flow Load-Balancing Information
Configuring the Router or Interface to Act as a DHCP/BOOTP Relay Agent
Configuring DNS and TFTP Packet Forwarding
Tracing BOOTP, DNS, and TFTP Forwarding Operations
Configuring the Log Filename
Configuring the Number and Size of Log Files
Configuring Access to the Log File
Configuring a Regular Expression for Lines to Be Logged
Configuring the Trace Operations
Example: Configuring DNS Packet Forwarding
Disabling Traffic Sampling
Examples: Configuring Traffic Sampling
Sampling a Single SONET/SDH Interface
Sampling All Traffic from a Single IP Address
Sampling All FTP Traffic
Configuring Traffic Sampling Output
Traffic Sampling Output Files
Tracing Traffic Sampling Operations
Configuring Flow Aggregation (cflowd)
Debugging cflowd Flow Aggregation
Configuring Port Mirroring
Configuring Packet Capture
Summary of Traffic Sampling and Forwarding Options Configuration Statements
accounting
aggregation
autonomous-system-type
bootp
cflowd
cflowd (Discard Accounting)
cflowd (Flow Monitoring)
cflowd (Sampling)
client-response-ttl
description
description (Interface)
description (Service)
disable
disable (Packet Capture)
disable (Sampling)
domain
export-format
family
family inet
family inet (Load Balancing)
family inet (Sampling)
family mpls
family multiservice
file
file (Helpers Trace Options)
file (Packet Capture)
file (Sampling)
file (Trace Options)
filename
filename (Packet Capture)
filename (Sampling)
files
files (Packet Capture)
files (Sampling)
filter
flood
flow-active-timeout
flow-export-destination
flow-inactive-timeout
forwarding-options
hash-key
helpers
input
input (Forwarding Table)
input (Port Mirroring)
input (Sampling)
interface
interface (Accounting or Sampling)
interface (BOOTP)
interface (DNS and TFTP Packet Forwarding or Relay Agent)
interface (Monitoring)
interface (Next-Hop Group)
interface (Port Mirroring)
local-dump
maximum-capture-size
maximum-hop-count
max-packets-per-second
minimum-wait-time
monitoring
next-hop
next-hop-group
no-filter-check
no-listen
no-local-dump
no-stamp
no-world-readable
output
output (Accounting)
output (Forwarding Table)
output (Monitoring)
output (Port Mirroring)
output (Sampling)
packet-capture
port
port-mirroring
rate
routing-instance
run-length
sampling
server
server (DHCP or BOOTP Service)
server (DNS and TFTP Service)
size
size (Packet Capture)
size (Sampling)
stamp
tftp
traceoptions
traceoptions (DNS and TFTP Packet Forwarding)
traceoptions (Port Mirroring and Traffic Sampling)
version
world-readable
Index
Index of Statements and Commands