Policy Framework Overview
Router Flows Affected by Policies
Policy Architecture
Control Points
Policy Components
Default Policies and Actions
Configuration Tasks
Policy Configuration Recommendations
Comparison of Routing Policies and Firewall Filters
Routing Policy Overview
Importing and Exporting Routes
Default Routing Policies and Actions
Creating Routing Policies
Configuring a Routing Policy
Routing Policy Named Match Conditions
Routing Policy Actions
Routing Policy Terms
Applying a Routing Policy
Routing Protocol Support for Import and Export Policies
Applying a Routing Policy to Routing Protocols
Applying Export Policies to the Forwarding Table
Evaluating a Routing Policy
How a Routing Policy Is Evaluated
How a Routing Policy Chain Is Evaluated
How a Routing Policy Expression Is Evaluated
How a Routing Policy Subroutine Is Evaluated
Routing Policy Tests
Overview of BGP Communities and Extended Communities as Routing Policy Match Conditions
How BGP Communities and Extended Communities Are Evaluated in Routing Policy Match Conditions
Overview of Per-Packet Load Balancing
Firewall Filter Overview
Firewall Filter Components
Firewall Filter Types
How Firewall Filters Are Evaluated
Overview of Match Conditions in Firewall Filter Terms
Overview of Protocol Match Conditions
Overview of Class-Based Match Conditions
How to Specify Firewall Filter Match Conditions
Overview of Firewall Filter Lists
Policer Overview
Policer Types
Policer Actions
Order of Policer and Firewall Filter Operations
Policer Levels
Rate Limiting
Color Modes for Three-Color Policers
Single-Rate Two-Color Policer Overview
Single-Rate Three-Color Policer Overview
Two-Rate Three-Color Policer Overview
Hierarchical Policer Overview
Physical Interface Policer Overview
Traffic Sampling, Forwarding, and Monitoring Overview
Per-Flow and Per-Prefix Load Balancing Overview
Minimum Routing Policy Configuration
Minimum Routing Policy Chain Configuration
Minimum Subroutine Configuration
Defining Routing Policies
Configuring Match Conditions in Routing Policy Terms
Configuring Actions in Routing Policy Terms
Applying Routing Policies and Policy Chains to Routing Protocols
Applying Policy Expressions to Routes Exported from Routing Tables
Applying Routing Policies to the Forwarding Table
Configuring Dynamic Routing Policies
Forwarding Packets to the Discard Interface
Testing Routing Policies
Routing Policy Examples
Example: Defining a Routing Policy from BGP to IS-IS
Example: Using Routing Policy to Set a Preference
Example: Importing and Exporting Access and Access-Internal Routes in a Routing Policy
Example: Exporting Routes to IS-IS
Example: Applying Export and Import Policies to BGP Peer Groups
Example: Applying a Prefix to Routes Learned from a Peer
Example: Redistributing BGP Routes with a Specific Community Tag into IS-IS
Example: Redistributing OSPF Routes into BGP
Example: Exporting Direct Routes Into IS-IS
Example: Exporting Internal IS-IS Level 1 Routes to Level 2
Example: Exporting IS-IS Level 2 Routes to Level 1
Example: Assigning Different Forwarding Next-Hop LSPs to Different Destination Prefixes
Example: Grouping Destination Prefixes
Example: Grouping Source Prefixes
Example: Grouping Source and Destination Prefixes in a Forwarding Class
Example: Accepting Routes with Specific Destination Prefixes
Example: Accepting Routes from BGP with a Specific Destination Prefix
Example: Using Routing Policy in an ISP Network
Configuring AS Path Regular Expressions to Use as Routing Policy Match Conditions
Defining BGP Communities and Extended Communities for Use in Routing Policy Match Conditions
Including BGP Communities and Extended Communities in Routing Policy Match Conditions
Using Routing Policies to Prevent Advertisement of BGP Communities to Neighbors
Examples: Configuring BGP Communities as Routing Policy Match Conditions
Configuring Prefix Lists for Use in Routing Policy Match Conditions
Example: Configuring a Prefix List
Configuring Route Lists for Use in Routing Policy Match Conditions
Configuring Subroutines in Routing Policy Match Conditions
Configuring Routing Policy Match Conditions Based on Routing Table Entries
Prepending AS Numbers to BGP AS Paths
Adding AS Numbers to BGP AS Paths
Using Routing Policies to Damp BGP Route Flapping
Configuring Per-Packet Load Balancing
Configuring Load Balancing Based on MPLS Labels
Configuring Load Balancing for Ethernet Pseudowires
Configuring Load Balancing Based on MAC Addresses
Configuring VPLS Load Balancing Based on IP and MPLS Information
Configuring VPLS Load Balancing on MX Series Ethernet Services Routers
Configuring Firewall Filters
Configuring Standard Firewall Filters
Configuring IPv4 Match Conditions
Configuring IPv6 Match Conditions
Configuring Protocol-Independent Match Conditions
Configuring Layer 2 Circuit Cross-Connect Match Conditions
Configuring MPLS Match Conditions
Configuring VPLS Match Conditions
Configuring Layer 2 Bridging Match Conditions for MX Series Ethernet Services Routers
Example: Matching on Destination Port and Protocol Fields
Configuring Actions in Firewall Filter Terms
Configuring Nested Firewall Filters
Applying Firewall Filters to Interfaces
Firewall Filter Examples
Example: Blocking Telnet and SSH Access
Example: Blocking TFTP Access
Example: Accepting DHCP Packets with Specific Addresses
Example: Defining a Policer for a Destination Class
Example: Counting IP Option Packets
Example: Counting and Discarding IP Options Packets
Example: Accepting OSPF Packets from Certain Addresses
Example: Matching Packets Based on Two Unrelated Criteria
Example: Counting Both Accepted and Rejected Packets
Example: Blocking TCP Connections to a Certain Port Except from BGP Peers
Example: Accepting Packets with Specific IPv6 TCP Flags
Example: Setting a Rate Limit for Incoming Layer 2 Control Packets
Configuring Service Filters
Configuring Simple Filters
Configuring Firewall Filters for Logical Systems
Configuring Accounting for Firewall Filters
Configuring Filter-Based Forwarding
Configuring Forwarding Table Filters
Configuring System Logging of Firewall Filter Operations
Configuring a Single-Rate Two-Color Policer
Configuring a Single-Rate Three-Color Policer
Configuring a Two-Rate Three-Color Policer
Configuring a Hierarchical Policer
Configuring Policers
Minimum Policer Configuration
Configuring Multifield Classifiers for Policing
Configuring Interface Sets
Applying Interface Policers
Configuring Aggregate Policers
Physical Interface Policers Configuration
Configuring Bandwidth Policers
Configuring Load-Balance Groups
Examples: Configuring Policing
Traffic Sampling Configuration
Minimum Traffic Sampling Configuration
Configuring Traffic Sampling
Disabling Traffic Sampling
Configuring the Output File for Traffic Sampling
Tracing Traffic-Sampling Operations
Configuring Flow Aggregation (cflowd)
Configuring Active Flow Monitoring Using Version 9
Example: Sampling a Single SONET/SDH Interface
Example: Sampling All Traffic from a Single IP Address
Example: Sampling All FTP Traffic
Configuring Traffic Forwarding and Monitoring
Applying Filters to Forwarding Tables
Configuring IPv6 Accounting
Configuring Discard Accounting
Configuring Flow Monitoring
Configuring Next-Hop Groups
Configuring Per-Prefix Load Balancing
Configuring Per-Flow Load Balancing Based on Hash Values
Configuring Routers, Switches, and Interfaces as DHCP and BOOTP Relay Agents
Configuring DNS and TFTP Packet Forwarding
Preventing DHCP Spoofing on MX Series Ethernet Services Routers
Configuring Port Mirroring
Configuring Packet Capture
Protocols That Can Be Imported to and Exported from the Routing Table
Routing Tables Affected by Routing Policies
Default Import and Export Policies for Protocols
Routing Policy Match Conditions
Protocol Support for Import and Export Policies
apply-path
as-path
as-path-group
community
condition
damping
dynamic-db
export
import
policy-options
policy-statement
prefix-list
prefix-list-filter
Supported Standards
accounting-profile
action
color-aware
color-blind
committed-burst-size
committed-information-rate
excess-burst-size
family
filter
filter-specific
firewall
if-exceeding
interface-set
interface-specific
load-balance-group
logical-bandwidth-policer
logical-interface-policer
loss-priority high then discard
peak-burst-size
peak-information-rate
physical-interface-filter
physical-interface-policer
policer
prefix-action
service-filter
simple-filter
single-rate
term
three-color-policer
two-rate
accounting
aggregation
autonomous-system-type
bootp
cflowd
client-response-ttl
description
dhcp-relay
disable
domain
export-format
family inet
family mpls
family multiservice
file
filename
files
flood
flow-active-timeout
flow-export-destination
flow-inactive-timeout
flow-server
forwarding-options
group
hash-key
helpers
indexed-next-hop
input
instance
interface
load-balance
local-dump
max-packets-per-second
maximum-capture-size
maximum-hop-count
maximum-packet-length
minimum-wait-time
mirror-once
monitoring
next-hop
next-hop-group
no-filter-check
no-listen
output
packet-capture
per-flow
per-prefix
port
port-mirroring
rate
route-accounting
run-length
sampling
server
size
stamp
tftp
traceoptions
version
version9
world-readable
http://kb.juniper.net/
