 | Copyright © 2009, Juniper Networks, Inc. All rights reserved. Trademark Notice. | |
When a VoIP flow configured through the packet gateway violates the SDR by three times the configured rate, fast update filters are installed on the gate to allow the rate-limiting drop action to occur on the PFE instead of the PIC.
A fast update filter is similar to a regular filter that is defined in the [edit firewall] hierarchy, except that the system can incrementally add or update terms.
For fast update filters, a term equals a gate definition. You can see gate definitions in the show services pgcp extensive command output.
The fast update filter match is performed based on the most specific defined term. For each filter, a default term is installed to allow traffic to pass through (otherwise, all traffic is dropped because it is the default firewall action). For example, two terms are listed when there are two filters.
Filters are in effect until the gate is destroyed. If the client loses its connection for over 30 seconds, the existing filters are deleted, and default fast update filters are installed.
| Copyright © 2009, Juniper Networks, Inc. All rights reserved. Trademark Notice. | |