 | Copyright © 2008, Juniper Networks, Inc. All rights reserved. Trademark Notice. | |
You can configure and apply a simple filter to perform multifield (MF) classification on the ingress interfaces of an MX-series router with Enhanced Queuing DPCs. These simple filters can be used to override default CoS classification parameters such as forwarding class or loss priority. Simple filters, in contrast to other firewall filters, only support a subset of the full firewall filter syntax. For more information about configuring simple filters, see Example: Configuring a Simple Filter.
The following example configures a simple filter to detect ingress packets from various source addresses (10.1.1.1/32, 10.10.10.10/32, and 10.4.0.0/8), destination addresses (10.6.6.6/32), protocols (tcp), and source ports (400-500, http). The filter then assigns various forwarding classes and loss priorities to the filtered traffic. Finally, the filter is applied to the input side of an Enhanced Queuing DPC interface (ge-2/3/3).
- firewall {
-
- family inet {
-
- simple-filter sf-for-eq-dpc {
-
- term 1 {
-
- from {
- source-address 10.1.1.1/32;
- protocol tcp;
- }
- then loss-priority low;
- }
-
- term 2 {
-
- from {
- source-address 10.4.0.0/8;
- source-port http;
- }
- then loss-priority high;
- }
-
- term 3 {
-
- from {
- destination-address 10.6.6.6/32;
- source-port 400-500;
- }
-
- then {
- loss-priority low;
- forwarding-class best-effort;
- }
- }
-
- term 4 {
-
- from {
- forwarding-class expedited-forwarding;
- source-address 10.10.10.10/32;
- }
- then loss-priority low;
- }
-
- term 5 {
-
- from {
- source-address 10.10.10.10/32;
- }
- then loss-priority low;
- }
- }
- }
- }
- interfaces { # Apply the simple filter above to the input
side of the interface.
- ge-2/3/3 {
-
- unit 0 {
-
- family inet {
-
- simple-filter {
- input sf-for-eq-dpc;
- }
- }
- }
- }
| Copyright © 2008, Juniper Networks, Inc. All rights reserved. Trademark Notice. | |