[Contents] [Prev] [Next] [Index] [Report an Error]

Configuring a Forwarding Table Filter

A forwarding table filter allows you to filter data packets based on their components and to perform an action on packets that match the filter.

To configure a forwarding table filter, do the following:

Define a forwarding table filter:
1. Configure the family address type: IPv4 (inet), IPv6 (inet6), Layer 2 traffic bridge, or MPLS (mpls).
2. Define one or more terms, which are named structures in which match conditions and actions are defined.
3. Define a match condition, which is the criterion against which a bearer packet is compared; for example, the IP address of a source device or a destination device. You can specify multiple criteria in a match condition.
4. Define an action, which is what happens if all criteria match; for example, the gateway GPRS support node (GGSN) accepting the bearer packet, performing a lookup in the forwarding table, and forwarding the packet to its destination; discarding the packet; and discarding the packet and returning a rejection message. In addition to an action, you can define one or more action modifiers, which are actions that are taken in addition to the GGSN accepting or discarding a packet when all criteria match; for example, counting the packets and logging a packet.
For more information about configuring firewall filters, see Configuring Firewall Filters.
Apply the forwarding table filter as an input filter to a forwarding table. The forwarding table filter controls which bearer packets the router accepts and forwards.

For more information about configuring firewall filters, see Configuring Firewall Filters.

To define a forwarding table filter, include the firewall statement at the [edit] hierarchy level:



[edit] 
firewall {


family family-name {


filter filter-name {


term term-name {


from {

match-conditions; 
}




then {

action; 

action-modifiers; 
}


}


}


}


}

To create a forwarding table, include the instance-type statement at the [edit routing-instance instance-name] hierarchy level:



[edit] 
routing-instance instance-name {
instance-type forwarding; 
}

To apply a forwarding table filter to a VPN routing and forwarding (VRF) table, include the filter input statement at the [edit routing-instance instance-name forwarding-options family family-name] hierarchy level:



[edit] 
routing-instance instance-name {
instance-type forwarding;


forwarding-options {


family family-name {


filter {
input filter-name; 
}


}


}


}

To apply a forwarding table filter to a forwarding table, include the filter input statement at the [edit forwarding-options family family-name] hierarchy level:



[edit forwarding-options family family-name] 
filter {
input filter-name;
}

To apply a forwarding table filter to the default forwarding table inet.0, which is not associated with a specific routing instance, include the filter input statement at the [edit forwarding-options family inet] hierarchy level:



[edit]
filter {
input filter-name; 
}

For information about the routing-instance and routing-options statements, see the JUNOS Routing Protocols Configuration Guide.

[Contents] [Prev] [Next] [Index] [Report an Error]