[Contents] [Prev] [Next] [Index] [Report an Error]

Supported Packet Filtering Standards and Features

The JUNOS software provides a packet-filtering language that enables you control the flow of packets being forwarded to a network destination, as well as packets destined for and sent by the routing platform. It substantially supports the following standards:

RFC 792, INTERNET CONTROL MESSAGE PROTOCOL - DARPA INTERNET PROGRAM PROTOCOL SPECIFICATION
RFC 2460, Internet Protocol, Version 6 (IPv6) Specification
RFC 2474, Definition of the Differentiated Services Field (DS Field) in the IPv4 and IPv6 Headers
RFC 2475, An Architecture for Differentiated Services
RFC 2597, Assured Forwarding PHB Group
RFC 2598, An Expedited Forwarding PHB

You can configure filters that examine characteristics of incoming and outgoing packets, including the following:

Bit fields in the packet header, including IP fragmentation flags, IP options, and TCP flags
IPv4 numeric range, including destination port, DSCP value, fragment offset, ICMP code, ICMP packet type, interface group, IP precedence, packet length, protocol, and TCP and UDP source and destination port
IPv6 numeric range, including CoS priority, destination address, destination port, ICMP code, ICMP packet type, interface group, IP address, next header, packet length, source address, source port, and TCP and UDP source and destination port
Source and destination address and prefix list

You can configure filters to perform certain actions when packets match specified characteristics, including the following actions:

Accept the packets
Apply a policer
Classify the packets based on their source address
Discard the packets
Evaluate the next term in the filter
Increment a packet counter
Reject the packets
Sample the packets
Set the packets’ loss priority
Specify a forwarding class
Specify an IPsec SA
Specify the forwarding path that the packets follow within the routing platform
Write an alert or message to the system log

[Contents] [Prev] [Next] [Index] [Report an Error]