Next Gen Services Feature Configuration Overview
To configure services with Next Gen Services, you need to configure the following objects:
Service Rules and Rule Sets
Service rules specify a set of matching conditions and a set of actions to apply to traffic when it matches the conditions. For example, a stateful firewall rule can specify a destination address that must be matched, and take the action of dropping packets that have that destination address.
Service rule sets consist of a group of services rules that belong to the same category. For example, a stateful firewall rule set consists of stateful firewall rules.
A service set specifies one or more service rules or rule sets to apply to traffic. The service set also specifies a services interface, which indicates where the services processing is performed.
A service set is either an interface-style service set or a next-hop-style service set.
Interface-Style Service Set
The service set applies the service rules to all traffic that flows through a particular interface.
Next-Hop-Style Service Set
The service set applies the service rules to traffic that is destined for a particular next hop. You must redirect the next-hop traffic to the services interface that the service set uses.
A services interface indicates where a service is applied to traffic. Services interfaces are not physical links to external devices.
If a service is performed on an MX-SPC3 services card, the service interface has the format:
If a service is performed on a line card’s PFE (inline services), the service interface has the format si-slot-number/pic-number/0.