Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Match Conditions and Actions in Fast Update Filters

 

To create a fast update filter, you use the term statement to specify conditions that a packet must have, and to specify the action the router performs when those conditions exist in the packet.

This section covers:

Match Conditions

Match conditions specify characteristics that a packet must have—if the conditions exist in the packet, the router then performs the specified action. You use the from keyword in the term statement to specify match conditions for the filter. The packet must match all conditions in the from specification for the action to be performed, which also means that their order in the from specification is not important.

An individual condition in a from specification can contain a single value or range. You can match a maximum of five match conditions in a filter.

Fast Update Filter Match Conditions lists the match conditions you can use in fast update filters.

Note

The router uses an implied wildcard for conditions that you include in the match-order statement. If you include a condition that is not configured in the from specification of a filter term, the router considers that a wildcard for the condition.

For example, if you include the dscp condition in the match-order statement, but do not configure a dscp value in the from specification of the filter term, the router performs the action configured in the then specification of the filter on all DSCP values.

Actions

Actions and action modifiers specify the operation the router performs when a particular match condition exists in a packet. You use the then keyword in the term statement to specify the actions to perform on packets whose characteristics match the conditions specified in the preceding from specification.

Action modifiers are actions taken in addition to the specified action. You can configure any combination of action modifiers. For the action or action modifier to take effect, all conditions in the from specification must match. If you specify log as one of the actions in a term, this constitutes a termination action; whether any additional terms in the filter are processed depends on the traffic through the filter. The action modifier operations carry a default accept action. For example, if you specify an action modifier and do not specify an action, the specified action modifier is implemented and the packet is accepted.

Fast Update Filter Actions and Action Modifiers lists the actions and action modifiers you can use in fast update filters.

Adding Terms Only Once

You can optionally specify that a term can be added only when the fast update filter is first created, and cannot be later changed by adding or removing conditions. We recommend that you only use the only-at-create option for terms that do not include subscriber-specific data in their match conditions, such as common or default terms (counting the default drop packet, for instance).