 | Copyright © 2008, Juniper Networks, Inc. All rights reserved. Trademark Notice. | |
A flow route is an aggregation of match conditions for IP packets. Flow routes are propagated through the network using flow-specification network-layer reachability information (NLRI) messages and installed into the flow routing table instance-name.inetflow.0. Packets can travel through flow routes only if specific match conditions are met.
Flow routes and firewall filters are similar in that they filter packets based on their components and perform an action on the packets that match. Flow routes provide traffic filtering and rate-limiting capabilities much like firewall filters. In addition, you can propagate flow routes across different autonomous systems.
To configure a flow route, include the flow statement:
-
flow {
-
- route name {
-
- match {
-
match-conditions;
- }
-
- then {
-
actions;
- }
- }
-
- validation {
-
-
traceoptions {
- file name <size size> <files number> <world-readable | no-world-readable>;
- flag flag <flag-modifier> <disable>;
- }
- }
- }
For a list of hierarchy levels at which you can configure this statement, see the statement summary section for this statement.
Flow routes are propagated by BGP through flow-specification NLRI messages. You must enable BGP to propagate these NLRIs. For more information on configuring BGP, see BGP Configuration Guidelines.
The following sections describe the specified tasks:
| Copyright © 2008, Juniper Networks, Inc. All rights reserved. Trademark Notice. | |