Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

Example: Dynamic-Profile Parsing

 

The following example shows the basic dynamic-profile parsing steps for parameterized filters.

  1. Read dynamic-profiles my-svc-prof interface ge-1/0/0 unit 7 family inet filter input and get the value my-filt-1gw_UID1022. The my-in-filter variable received the name of the UID (my-filt-1gw) from the first service parameter. The name my-filt-1gw_UID1022 comes from the value of the my-filt-1gw UID.
  2. Determine whether a static filter called my-filt-1gw_UID1022 exists. If so, this is the existing classic filter case and not a parameterized filter.
  3. Try to read dynamic-profile my-svc-prof firewall family inet fast-update-filter my-filt-1gw_UID1022’. If this exists, this is a fast update filter, not a parameterized filter.
  4. Try to read dynamic-profile my-svc-prof firewall family inet filter my-filt-1gw_UID1022. If this does not exist, return a “filter not found” error.
  5. Search for a template named my-filt-1gw_UID1022. If it does not exist:
    1. Read the parameterized filter configuration. This adds the match destination address 198.51.100.239 and the policer my-policer_UID1005 as the action.

    2. Determine whether my-policer_UID1005 exists. If it does not, read the dynamic-profile my-svc-prof firewall policer my-policer_UID1005 configuration and create the my-policer_UID1005 policer.

    3. Compile the my-filt-1gw_UID1022 filter.

    4. Install my-filt-1gw_UID1022 as a filter template.

  6. Create and install an interface-specific filter reference named my-filt-1gw_UID1022-ge-1/0/0.7-in with my-filt-1gw_UID1022 as its template.
  7. Attach my-filt-1gw_UID1022-ge-1/0/0.7-in to interface ge-1/0/0.7.

When subsequent sessions are created with the same parameters, the system returns the same my-filt-1gw_UID1022 filter name. In this case, Step 5 finds the existing filter template and proceeds directly to Step 6.