Dynamic Application Awareness for Junos OS Overview

This chapter describes several related features that support application-level filtering and per-subscriber, per-application group bandwidth control as an extension of Intrusion Detection and Prevention (IDP). In addition to IDP, the main components are application identification (APPID), application-aware access list (AACL) services, and local policy decision functionality for application-related services (L-PDF).

Note: Because the MP-SDK framework lacks aggressive constraint checks, you should not set the policy-db-size statement at the [edit chassis fpc slot-number pic pic-number adaptive-services service-package extension-provider] hierarchy level to a high value. For dynamic application awareness configurations, the recommended values for the MP-SDK options at this hierarchy level are as follows:

  • control-cores = 1
  • data-cores = 7
  • object-cache-size = 1280 (for Multiservices 400 PIC and Multiservices DPC)
  • policy-db-size = 200
  • Include these package values: jservices-idp, jservices-appid, jservices-llpdf, jservices-aacl

For more information about this configuration, see the following topics in the SDK Applications Configuration Guide and Command Reference:

This chapter includes the following:

Copyright© 1999-2010 Juniper Networks, Inc. All rights reserved.