aggregation
application-sets
applications
by-destination
by-pair
by-source
destination-address
destination-address-range
destination-prefix
destination-prefix-ipv6
destination-prefix-list
force-entry
from
ignore-entry
logging
match-direction
mss
rule
rule-set
services
session-limit
source-address
source-address-range
source-prefix
source-prefix-ipv6
source-prefix-list
syn-cookie
syslog
term
then
threshold

IPsec Services Configuration Guidelines

Minimum Security Association Configurations

Minimum Manual SA Configuration
Minimum Dynamic SA Configuration

Configuring Security Associations

Configuring Manual Security Associations

Configuring the Direction for IPsec Processing

Example: Using Different Configuration for the Inbound and Outbound Directions
Example: Using the Same Configuration for the Inbound and Outbound Directions

Configuring the Protocol for a Manual IPsec SA

Configuring the Security Parameter Index

Configuring the Auxiliary Security Parameter Index

Configuring Authentication for a Manual IPsec SA

Configuring Encryption for a Manual IPsec SA

Configuring Dynamic Security Associations

Clearing Security Associations

Configuring IKE Proposals

Configuring the Authentication Algorithm for an IKE Proposal
Configuring the Authentication Method for an IKE Proposal
Configuring the Diffie-Hellman Group for an IKE Proposal
Configuring the Encryption Algorithm for an IKE Proposal
Configuring the Lifetime for an IKE SA
Example: Configuring an IKE Proposal

Configuring IKE Policies

Configuring the Mode for an IKE Policy

Configuring the Proposals in an IKE Policy

Configuring the Preshared Key for an IKE Policy

Configuring the Local Certificate for an IKE Policy

Configuring a Certificate Revocation List

Configuring the Description for an IKE Policy

Configuring Local and Remote IDs for IKE Phase 1 Negotiation

Example: Configuring an IKE Policy

Configuring IPsec Proposals

Configuring the Authentication Algorithm for an IPsec Proposal
Configuring the Description for an IPsec Proposal
Configuring the Encryption Algorithm for an IPsec Proposal
Configuring the Lifetime for an IPsec SA
Configuring the Protocol for a Dynamic SA

Configuring IPsec Policies

Configuring the Description for an IPsec Policy
Configuring Perfect Forward Secrecy
Configuring the Proposals in an IPsec Policy
Example: Configuring an IPsec Policy

IPsec Policy for Dynamic Endpoints

Configuring IPsec Rules

Configuring Match Direction for IPsec Rules

Configuring Match Conditions in IPsec Rules

Configuring Actions in IPsec Rules

Enabling IPsec Packet Fragmentation
Configuring Destination Addresses for Dead Peer Detection
Configuring or Disabling IPsec Anti-Replay
Enabling System Log Messages
Specifying the MTU for IPsec Tunnels

Configuring IPsec Rule Sets

Configuring Dynamic Endpoints for IPsec Tunnels

Authentication Process
Implicit Dynamic Rules
Reverse Route Insertion
Configuring an IKE Access Profile
Referencing the IKE Access Profile in a Service Set
Configuring the Interface Identifier
Default IKE and IPsec Proposals

Tracing IPsec Operations

Disabling IPsec Tunnel Endpoint in Traceroute

Examples: Configuring IPsec Services

Example: Configuring Statically Assigned Tunnels

Example: Configuring Dynamically Assigned Tunnels

Multitask Example: Configuring IPsec Services

Configuring the IKE Proposal
Configuring the IKE Policy (and Referencing the IKE Proposal)
Configuring the IPsec Proposal
Configuring the IPsec Policy (and Referencing the IPsec Proposal)
Configuring the IPsec Rule (and Referencing the IKE and IPsec Policies)
Configuring IPsec Trace Options
Configuring the Access Profile (and Referencing the IKE and IPsec Policies)
Configuring the Service Set (and Referencing the IKE Profile and the IPsec Rule)

Summary of IPsec Services Configuration Statements

anti-replay-window-size

authentication

authentication-algorithm

authentication-algorithm (IKE)
authentication-algorithm (IPsec)

authentication-method

auxiliary-spi

backup-remote-gateway

clear-dont-fragment-bit

clear-ike-sas-on-pic-restart

clear-ipsec-sas-on-pic-restart

description

destination-address

encryption-algorithm

from

ike

initiate-dead-peer-detection

ipsec

ipsec-inside-interface

lifetime-seconds

local-certificate

no-ipsec-tunnel-in-traceroute

perfect-forward-secrecy

policy

policy (IKE)
policy (IPsec)

pre-shared-key

proposal

proposal (IKE)
proposal (IPsec)

Layer 2 Tunneling Protocol Services Configuration Guidelines

L2TP Services Configuration Overview

L2TP Minimum Configuration

Configuring L2TP Tunnel Groups

Configuring Access Profiles for L2TP Tunnel Groups
Configuring the Local Gateway Address and PIC
Configuring Window Size for L2TP Tunnels
Configuring Timers for L2TP Tunnels
Hiding Attribute-Value Pairs for L2TP Tunnels
Configuring System Logging of L2TP Tunnel Activity

Configuring the Identifier for Logical Interfaces that Provide L2TP Services

Example: Configuring Multilink PPP on a Shared Logical Interface

AS PIC Redundancy for L2TP Services

Tracing L2TP Operations

Examples: Configuring L2TP Services

Summary of Layer 2 Tunneling Protocol Configuration Statements

facility-override

hello-interval

hide-avps

host

l2tp-access-profile

local-gateway address

log-prefix

maximum-send-window

ppp-access-profile

receive-window

retransmit-interval

service-interface

services

services (Hierarchy)
services (L2TP System Logging)

Link Services IQ Interfaces Configuration Guidelines

Layer 2 Service Package Capabilities and Interfaces

Configuring LSQ Interface Redundancy Across Multiple Routers Using SONET APS

Configuring the Association between LSQ and SONET Interfaces
Configuring SONET APS Interoperability with Cisco Systems FRF.16
Restrictions on APS Redundancy for LSQ Interfaces

Configuring LSQ Interface Redundancy in a Single Router Using SONET APS

Configuring LSQ Interface Redundancy in a Single Router Using Virtual Interfaces

Configuring Redundant Paired LSQ Interfaces
Restrictions on Redundant LSQ Interfaces
Configuring Link State Replication for Redundant Link PICs
Examples: Configuring Redundant LSQ Interfaces for Failure Recovery

Configuring CoS Scheduling Queues on Logical LSQ Interfaces

Configuring Scheduler Buffer Size
Configuring Scheduler Priority
Configuring Scheduler Shaping Rate
Configuring Drop Profiles

Configuring CoS Fragmentation by Forwarding Class on LSQ Interfaces

Reserving Bundle Bandwidth for Link-Layer Overhead on LSQ Interfaces

Configuring Multiclass MLPPP on LSQ Interfaces

Oversubscribing Interface Bandwidth on LSQ Interfaces

Example: Oversubscribing an LSQ Interface

Configuring Guaranteed Minimum Rate on LSQ Interfaces

Example: Configuring Guaranteed Minimum Rate

Configuring Link Services and CoS on Services PICs

Configuring LSQ Interfaces as NxT1 or NxE1 Bundles Using MLPPP

Example: Configuring an LSQ Interface as an NxT1 Bundle Using MLPPP

Configuring LSQ Interfaces as NxT1 or NxE1 Bundles Using FRF.16

Example: Configuring an LSQ Interface as an NxT1 Bundle Using FRF.16

Configuring LSQ Interfaces for Single Fractional T1 or E1 Interfaces Using MLPPP and LFI

Example: Configuring an LSQ Interface for a Fractional T1 Interface Using MLPPP and LFI

Configuring LSQ Interfaces for Single Fractional T1 or E1 Interfaces Using FRF.12

Examples: Configuring an LSQ Interface for a Fractional T1 Interface Using FRF.12

Configuring LSQ Interfaces as NxT1 or NxE1 Bundles Using FRF.15

Configuring LSQ Interfaces for T3 Links Configured for Compressed RTP over MLPPP

Configuring LSQ Interfaces as T3 or OC3 Bundles Using FRF.12

Configuring LSQ Interfaces for ATM2 IQ Interfaces Using MLPPP

Summary of Link Services IQ Configuration Statements

cisco-interoperability
forwarding-class
fragment-threshold
fragmentation-map
fragmentation-maps
hot-standby
link-layer-overhead
lsq-failure-options
multilink-class
multilink-max-classes
no-fragmentation
no-termination-request
per-unit-scheduler
preserve-interface
primary
redundancy-options
secondary
trigger-link-failure
warm-standby

Voice Services Configuration Guidelines

Configuring Services Interfaces for Voice Services

Configuring the Logical Interface Address for the MLPPP Bundle
Configuring Compression of Voice Traffic
Configuring Delay-Sensitive Packet Interleaving
Example: Configuring Compression of Voice Traffic

Configuring Encapsulation for Voice Services

Configuring Network Interfaces for Voice Services

Configuring Voice Services Bundles with MLPPP Encapsulation
Configuring the Compression Interface with PPP Encapsulation

Examples: Configuring Voice Services

Summary of Voice Services Configuration Statements

address
bundle
compression
compression-device
encapsulation
f-max-period
family
fragment-threshold
interfaces
maximum-contexts
port
queues
rtp
unit

Class-of-Service Configuration Guidelines

Restrictions and Cautions for CoS Configuration on Services Interfaces

Configuring CoS Rules

Configuring Match Direction for CoS Rules

Configuring Match Conditions In CoS Rules

Configuring Actions in CoS Rules

Configuring Application Profiles for Use as CoS Rule Actions
Configuring Reflexive and Reverse CoS Rule Actions

Example: Configuring CoS Rules

Configuring CoS Rule Sets

Examples: Configuring CoS on Services Interfaces

Summary of Class-of-Service Configuration Statements

application-profile
application-sets
applications
destination-address
destination-prefix-list
dscp
forwarding-class
from
match-direction
(reflexive | reverse)
rule
rule-set
services
sip-text
sip-video
sip-voice
source-address
source-prefix-list
syslog
term
then

Service Set Configuration Guidelines

Configuring Service Sets to be Applied to Services Interfaces

Configuring Interface Service Sets

Configuring Next-Hop Service Sets

Determining Traffic Direction

Interface Style Service Sets
Next-Hop Style Service Sets

Configuring Service Rules

Configuring IPsec Service Sets

Configuring the Local Gateway Address for IPsec Service Sets

IKE Addresses in VRF Instances

Configuring IKE Access Profiles for IPsec Service Sets

Configuring Certification Authorities for IPsec Service Sets

Configuring or Disabling Antireplay Service

Clearing the Don’t-Fragment Bit

Configuring Passive-Mode Tunneling

Configuring the Tunnel MTU Value

Configuring Service Set Limitations

Configuring System Logging for Service Sets

Enabling Services PICs to Accept Multicast Traffic

Tracing Services PIC Operations

Configuring the Adaptive Services Log Filename
Configuring the Number and Size of Adaptive Services Log Files
Configuring Access to the Log File
Configuring a Regular Expression for Lines to Be Logged
Configuring the Trace Operations

Example: Configuring Service Sets

Summary of Service Set Configuration Statements

adaptive-services-pics

allow-multicast

anti-replay-window-size

bypass-traffic-on-exceeding-flow-limits

bypass-traffic-on-pic-failure

clear-dont-fragment-bit

facility-override

host

ids-rules

ike-access-profile

interface-service

ipsec-vpn-options

passive-mode-tunneling

pgcp-rules

ptsp-rules

service-interface

service-set

services

services (Hierarchy)
services (System Logging)

stateful-firewall-rules

Service Interface Configuration Guidelines

Services Interface Naming Overview

Configuring the Address and Domain for Services Interfaces

Configuring Default Timeout Settings for Services Interfaces

Configuring System Logging for Services Interfaces

Enabling Fragmentation on GRE Tunnels

Applying Filters and Services to Interfaces

Configuring Service Filters

Configuring AS or Multiservices PIC Redundancy

Examples: Configuring Services Interfaces

Summary of Service Interface Configuration Statements

address
clear-dont-fragment-bit
dial-options
facility-override
family
host
inactivity-timeout
input
interfaces
log-prefix
open-timeout
output
post-service-filter
primary
redundancy-options
secondary
service
service-domain
service-filter
service-set
services
services-options
syslog
unit

PGCP Configuration Guidelines for the BGF Feature

Summary of PGCP Configuration Statements

administrative

administrative (Control Association)
administrative (Virtual Interface)

algorithm

application-data-inactivity-detection

audit-observed-events-returns

base-root

bgf-core

cancel-graceful

cancel-graceful (Control Association)
cancel-graceful (Virtual Interface)

cleanup-timeout

context-indications

control-association-indications

controller-address

controller-failure

controller-port

data-inactivity-detection

default

delivery-function

destination-address

destination-port

detect

diffserv

disable-session-mirroring

event-timestamp-notification

failover-cold

failover-warm

failure

fast-update-filters

gateway-controller

gateway-port

graceful

graceful (Control Association)
graceful (Virtual Interface)

hanging-termination-detection

inactivity-delay

inactivity-duration

inactivity-timeout

inactivity-timer

initial-average-ack-delay

interim-ah-scheme

ip-flow-stop-detection

ipsec-transport-security-association

latch-deadlock-delay

max-burst-size

max-burst-size (All Streams)
max-burst-size (RTCP Streams)

max-concurrent-calls

maximum-fuf-percentage

maximum-inactivity-time

maximum-net-propagation-delay

maximum-synchronization-mismatches

maximum-terms

maximum-waiting-delay

media

mg-maximum-pdu-size

mg-originated-pending-limit

mg-provisional-response-timer-value

mg-segmentation-timer

mgc-maximum-pdu-size

mgc-originated-pending-limit

mgc-provisional-response-timer-value

mgc-segmentation-timer

monitor

network-operator-id

no-dscp-bit-mirroring

no-rtcp-check

normal-mg-execution-time

normal-mgc-execution-time

notification-behavior

notification-rate-limit

notification-regulation

overload-control

peak-data-rate

peak-data-rate (All Streams)
peak-data-rate (RTCP)

platform

profile-name

profile-version

queue-limit-percentage

reconnect

reject-all-commands-threshold

reject-new-calls-threshold

report-service-change

request-timestamp

send-notification-on-delay

service-change

service-change-type

service-interface

service-state

service-state (Virtual BGF)
service-state (Virtual Interface)

services

session-mirroring

source-address

source-port

state-loss

stop-detection-on-drop

sustained-data-rate

sustained-data-rate (All Streams)
sustained-data-rate (RTCP Streams)

timerx

tmax-retransmission-delay

traceoptions

traffic-management

up

use-lower-case

use-wildcard-response

virtual-interface

virtual-interface-down

virtual-interface-indications

virtual-interface-up

warm

Service Interface Pools Configuration Guidelines

Configuring Service Interface Pools

Summary of Service Interface Pools Statements

interface
pool
service-interface-pools

Border Signaling Gateway Configuration Guidelines

Summary of Border Signaling Gateway Configuration Statements

actions

accelerations

admission-control

admission-control (Border Signaling Gateway)
admission-control (New Transaction Policy)

availability-check-profiles

blacklist-period

clusters

committed-burst-size

committed-information-rate

data-inactivity-detection

datastore

default-media-realm

dialogs

dscp

egress-service-point

embedded-spdf

file

flag

forward-manipulation

framework

from

from (New Call Usage Policy)
from (New Transaction Policy)
from (Service Class)

gateway

inactivity-duration

manipulation-rule

media-policy

media-type

message-manipulation

maximum-records-in-cache

maximum-time-in-cache

message-manipulation-rules

minimum

name-resolution-cache

new-call-usage-input-policies

new-call-usage-output-policies

new-call-usage-policy

new-call-usage-policy-set

new-transaction-input-policies

new-transaction-output-policies

new-transaction-policy

new-transaction-policy-set

next-hop

on-3xx-response

request-uri

reverse-manipulation

route

routing-destinations

sbc-utils

servers

service-class

service-interface

service-interface (Gateway)
service-interface (Service Point)

service-point

service-point-type

term (New Call Usage Policy)
term (New Transaction Policy)
term (Service Class)

then

then (New Call Usage Policy)
then (New Transaction Policy)
then (Service Class)

transport-details

PTSP Configuration Guidelines

Summary of PTSP Configuration Statements

application-group-any
application-groups
applications
count-type
demux
forward-rule (Configuring)
forward-rule (Including in Rule)
from (Forward Rule)
from (Rule)
local-address
local-address-range
local-port-range
local-ports
local-prefix-list
match-direction
protocol
remote-address
remote-address-range
remote-port-range
remote-ports
remote-prefix-list
rule (Configuring)
rule (Including in Rule Set)
rule-set
services
term (Forward Rule)
term (Rule)
then (Forward Rule)
then (Rule)

Dynamic Application Awareness for Junos OS

Dynamic Application Awareness for Junos OS Overview

Best-Effort Application Identification of DPI-Serviced Flows

Features that Support Application-Level Filtering

Best-Effort Application Determination

APPID, AACL, and L-PDF Processing in Preconvergence Scenarios

Prior to a Final or Best-Effort Application Identification
Upon Best-Effort Application Identification
While Application Identification Is on a Best-Effort Basis
If a Flow Ends Before an Application Identification Is Made
If a Flow Ends While Application Identification on a Best-Effort Basis

Application Identification Configuration Guidelines

Defining an Application Identification

Configuring APPID Rules

Using Stateful Firewall Rules to Identify Data Sessions

Configuring Application Profiles

Configuring Application Groups

Configuring Global APPID Properties

Configuring Automatic Download of Application Package Updates

Tracing APPID Operations

Configuring the APPID Log Filename
Configuring the Number and Size of APPID Log Files
Configuring Access to the Log File
Configuring a Regular Expression for Lines to Be Logged
Configuring the Tracing Flags

Examples: Configuring Application Identification Properties

Summary of Application Identification Configuration Statements

address

application

application (Defining)
application (Including in Rule)

application-group

application-groups

application-system-cache-timeout

disable (APPID Application)
disable (APPID Application Group)
disable (APPID Port Mapping)

disable-global-timeout-override

download

idle-timeout

ignore-errors

inactivity-non-tcp-timeout

inactivity-tcp-timeout

index

ip

max-checked-bytes

min-checked-bytes

no-application-identification

no-application-system-cache

no-clear-application-system-cache

no-protocol-method

no-signature-based

rule (Configuring)
rule (Including in Rule Set)

rule-set

services

session-timeout

session-timeout (Interfaces)
session-timeout (Application Identification)

Application-Aware Access List Configuration Guidelines

Configuring AACL Rules

Configuring Match Direction for AACL Rules
Configuring Match Conditions in AACL Rules
Configuring Actions in AACL Rules

Configuring AACL Rule Sets

Example: Configuring AACL Rules

Summary of AACL Configuration Statements

applications
application-groups
application-group-any
destination-address
destination-address-range
destination-prefix-list
from
match-direction
rule
rule-set
services
source-address
source-address-range
source-prefix-list
term
then

Local Policy Decision Function Configuration Guidelines

Configuring Statistics Profiles

Configuring an L-PDF Statistics Profile
Configuring an AACL Statistics Profile

Applying L-PDF Profiles to Service Sets

Tracing L-PDF Operations

Summary of L-PDF Configuration Statements

aacl-fields
aacl-statistics-profile
application-aware-access-list-fields
file
local-policy-decision-function
policy-decision-statistics-profile
statistics
traceoptions

Encryption Services

Encryption Overview

Encryption Overview

Encryption Interfaces Configuration Guidelines

Configuring Encryption Interfaces

Specifying the Security Association Name for Encryption Interfaces
Configuring the MTU for Encryption Interfaces
Example: Configuring an Encryption Interface

Configuring Filters for Traffic Transiting the ES PIC

Traffic Overview

Configuring the Security Association

Configuring an Outbound Traffic Filter

Example: Configuring an Outbound Traffic Filter

Applying the Outbound Traffic Filter

Example: Applying the Outbound Traffic Filter

Configuring an Inbound Traffic Filter

Example: Configuring an Inbound Traffic Filter

Applying the Inbound Traffic Filter to the Encryption Interface

Example: Applying the Inbound Traffic Filter to the Encryption Interface

Configuring an ES Tunnel Interface for a Layer 3 VPN

Configuring ES PIC Redundancy

Example: Configuring ES PIC Redundancy

Configuring IPsec Tunnel Redundancy

Summary of Encryption Configuration Statements

address
backup-destination
backup-interface
destination
es-options
family
filter
interfaces
ipsec-sa
source
tunnel
unit

Flow Monitoring and Discard Accounting Services

Flow Monitoring and Discard Accounting Overview

Passive Flow Monitoring Overview
Active Flow Monitoring Overview

Flow Monitoring and Discard Accounting Configuration Guidelines

Configuring Traffic Sampling

Minimum Configuration for Traffic Sampling

Configuring Traffic Sampling

Disabling Traffic Sampling

Sampling Once

Configuring Traffic Sampling Output

Traffic Sampling Output Format

Tracing Traffic Sampling Operations

Traffic Sampling Examples

Example: Sampling a Single SONET/SDH Interface
Example: Sampling All Traffic from a Single IP Address
Example: Sampling All FTP Traffic

Configuring Flow Monitoring

Configuring Flow-Monitoring Interfaces

Configuring Flow-Monitoring Properties

Directing Traffic to Flow-Monitoring Interfaces
Exporting Flows
Configuring Time Periods when Flow Monitoring is Active and Inactive

Example: Configuring Flow Monitoring

Enabling Flow Aggregation

Configuring Flow Aggregation to Use Version 5 or Version 8 cflowd

Configuring Flow Aggregation to Use Version 9 Flow Templates

Configuring the Traffic to be Sampled
Configuring the Version 9 Template Properties
Restrictions
Fields Included in Each Template Type
MPLS Sampling Behavior
Verification
Examples: Configuring Version 9 Flow Templates

Configuring Sampling Instances

Directing Replicated Flows to Multiple Flow Servers

Directing Replicated Routing Engine–Based Sampling Flows to Multiple Servers
Directing Replicated Version 9 Flow Aggregates to Multiple Servers

Logging cflowd Flows Before Export

Configuring Port Mirroring

Configuring Tunnels
Port Mirroring with Next-Hop Groups
Filter-Based Forwarding with Multiple Monitoring Interfaces
Restrictions
Configuring Port Mirroring on Services Interfaces
Examples: Configuring Port Mirroring

Load Balancing Among Multiple Monitoring Interfaces

Configuring Discard Accounting

Enabling Passive Flow Monitoring

Passive Flow Monitoring for MPLS Encapsulated Packets

Removing MPLS Labels from Incoming Packets

Example: Enabling Passive Flow Monitoring

Configuring Services Interface Redundancy with Flow Monitoring

Summary of Flow-Monitoring Configuration Statements

accounting

address

aggregate-export-interval

aggregation

autonomous-system-type

cflowd

cflowd (Discard Accounting and Sampling)
cflowd (Flow Monitoring)

core-dump

destination

disable

disable-all-instances

family (Interfaces)
family (Monitoring)
family (Port Mirroring)
family (Sampling)

file

file (Sampling)
file (Trace Options)

filename

files

filter

flow-active-timeout

flow-export-destination

flow-inactive-timeout

flow-monitoring

forwarding-options

input

input (Port Mirroring)
input (Sampling)

input-interface-index

instance

instance (Port Mirroring)
instance (Sampling)

interface

interface (Accounting or Sampling)
interface (Monitoring)
interface (Port Mirroring)

max-packets-per-second

monitoring

mpls-ipv4-template

mpls-template

multiservice-options

next-hop

next-hop-group

next-hop-group (Forwarding Options)
next-hop-group (Port Mirroring)

no-world-readable

option-refresh-rate

output

output (Accounting)
output (Monitoring)
output (Port Mirroring)
output (Sampling)

output-interface-index

passive-monitor-mode

receive-options-packets

receive-ttl-exceeded

sampling (Forwarding Options)
sampling (Interfaces)

template (Forwarding Options)
template (Services)

template-refresh-rate

version9 (Forwarding Options)
version9 (Services)

world-readable

Flow Collection Configuration Guidelines

Configuring Flow Collection

Configuring Destination FTP Servers for Flow Records
Configuring a Packet Analyzer
Configuring File Formats
Configuring Interface Mappings
Configuring Transfer Logs
Configuring Retry Attempts

Sending cflowd Records to Flow Collector Interfaces

Configuring Flow Collection Mode and Interfaces on Services PICs

Example: Configuring Flow Collection

Summary of Flow Collection Configuration Statements

file-specification

file-specification (File Format)
file-specification (Interface Mapping)

flow-collector

ftp

ftp (Flow Collector Files)
ftp (Transfer Log Files)

password (Flow Collector File Servers)
password (Transfer Log File Servers)

retry

retry-delay

transfer

transfer-log-archive

username

variant

Dynamic Flow Capture Configuration Guidelines

Dynamic Flow Capture Architecture

Liberal Sequence Windowing

Configuring Dynamic Flow Capture

Configuring the Capture Group
Configuring the Content Destination
Configuring the Control Source
Configuring the DFC PIC Interface
Configuring System Logging
Configuring Thresholds
Limiting the Number of Duplicates of a Packet

Example: Configuring Dynamic Flow Capture

Flow-Tap Configuration Guidelines

Flow-Tap Architecture

Configuring the Flow-Tap Service

Configuring the Flow-Tap Interface
Strengthening Flow-Tap Security
Restrictions on Flow-Tap Services

Configuring FlowTapLite

Examples: Configuring Flow-Tap Services

Summary of Dynamic Flow Capture and Flow-Tap Configuration Statements

address
allowed-destinations
capture-group
content-destination
control-source
duplicates-dropped-periodicity
dynamic-flow-capture
flow-tap
g-duplicates-dropped-periodicity
g-max-duplicates
hard-limit
hard-limit-target
input-packet-rate-threshold
interface
interfaces
max-duplicates
minimum-priority
no-syslog
notification-targets
pic-memory-threshold
service-port
services
shared-key
soft-limit
soft-limit-clear
source-addresses
ttl

Link and Multilink Services

Link and Multilink Services Overview

Link and Multilink Services Overview

Link and Multilink Services Configuration Guidelines

Multilink and Link Services PICs Overview

Configuring the Number of Bundles on Link Services PICs

Configuring the Links in a Multilink or Link Services Bundle

Multilink and Link Services Logical Interface Configuration Overview

Default Settings for Multilink and Link Services Logical Interfaces

Configuring Encapsulation for Multilink and Link Services Logical Interfaces

Configuring the Drop Timeout Period on Multilink and Link Services Logical Interfaces

Limiting Packet Payload Size on Multilink and Link Services Logical Interfaces

Configuring the Minimum Number of Active Links on Multilink and Link Services Logical Interfaces

Configuring MRRU on Multilink and Link Services Logical Interfaces

Configuring the Sequence Header Format on Multilink and Link Services Logical Interfaces

Configuring DLCIs on Link Services Logical Interfaces

Configuring Point-to-Point DLCIs for MLFR FRF.16 and MLPPP Bundles
Configuring Multicast-Capable DLCIs for MLFR FRF.16 Bundles

Configuring Delay-Sensitive Packet Interleaving on Link Services Logical Interfaces

Configuring LFI with DLCI Scheduling

Example: Configuring LFI with DLCI Scheduling

Configuring Link Services Physical Interfaces

Default Settings for Link Services Interfaces
Configuring Encapsulation for Link Services Physical Interfaces
Configuring Acknowledgment Timers on Link Services Physical Interfaces
Configuring Differential Delay Alarms on Link Services Physical Interfaces with MLFR FRF.16
Configuring Keepalives on Link Services Physical Interfaces

Configuring CoS on Link Services Interfaces

CoS for Link Services Interfaces on M Series and T Series Routers
Example: Configuring CoS on Link Services Interfaces

Examples: Configuring Multilink Interfaces

Example: Configuring a Multilink Interface with MLPPP
Example: Configuring a Multilink Interface with MLPPP over ATM 2 Interfaces
Example: Configuring a Multilink Interface with MLFR FRF.15

Examples: Configuring Link Interfaces

Example: Configuring a Link Services Interface with Two Links
Example: Configuring a Link Services Interface with MLPPP
Example: Configuring a Link Services Interface with MLFR FRF.15
Example: Configuring a Link Services PIC with MLFR FRF.16
Example: Configuring Link and Voice Services Interfaces with a Combination of Bundle Types

Summary of Multilink and Link Services Configuration Statements

acknowledge-retries

acknowledge-timer

action-red-differential-delay

address

bundle

destination

disable-mlppp-inner-ppp-pfc

dlci

drop-timeout

encapsulation

encapsulation (Logical Interface)
encapsulation (Physical Interface)

family

fragment-threshold

hello-timer

interfaces

interleave-fragments

lmi-type

minimum-links

mlfr-uni-nni-bundle-options

red-differential-delay

yellow-differential-delay

Real-Time Performance Monitoring Services

Real-Time Performance Monitoring Services Overview

Real-Time Performance Monitoring Services Overview

Real-Time Performance Monitoring Configuration Guidelines

Configuring BGP Neighbor Discovery Through RPM

Configuring Real-Time Performance Monitoring

Configuring RPM Probes

Configuring RPM Receiver Servers

Limiting the Number of Concurrent RPM Probes

Configuring RPM Timestamping

Configuring TWAMP

Configuring TWAMP Interfaces
Configuring TWAMP Servers

Examples: Configuring BGP Neighbor Discovery Through RPM

Examples: Configuring Real-Time Performance Monitoring

Summary of Real-Time Performance Monitoring Configuration Statements

authentication-mode

client-list

data-fill

data-size

destination-interface

destination-port

dscp-code-point

hardware-timestamp

history-size

inactivity-timeout

logical-system

maximum-connections

maximum-connections-per-client

maximum-sessions

maximum-sessions-per-connection

moving-average-size

one-way-hardware-timestamp

port

port (RPM)
port (TWAMP)

routing-instances

Tunnel Services Overview

Tunnel Services Overview
GRE Keepalive Time Overview

Tunnel Interfaces Configuration Guidelines

Configuring Unicast Tunnels

Configuring a Key Number on GRE Tunnels
Enabling Fragmentation on GRE Tunnels
Specifying an MTU Setting for the Tunnel
Configuring a GRE Tunnel to Copy ToS Bits to the Outer IP Header
Configuring Packet Reassembly

Configuring GRE Keepalive Time

Restricting Tunnels to Multicast Traffic

Configuring Logical Tunnel Interfaces

Connecting Logical Systems

Configuring Tunnel Interfaces for Routing Table Lookup

Configuring Virtual Loopback Tunnels for VRF Table Lookup

Configuring PIM Tunnels

Configuring IPv6-over-IPv4 Tunnels

Configuring Dynamic Tunnels

Configuring Tunnel Interfaces on MX Series Routers

Examples: Configuring Unicast Tunnels

Example: Configuring a Virtual Loopback Tunnel for VRF Table Lookup

Example: Configuring an IPv6-over-IPv4 Tunnel

Example: Configuring Logical Tunnels

Example: Configuring Keepalive for a GRE Interface

Summary of Tunnel Services Configuration Statements

allow-fragmentation

backup-destination

copy-tos-to-outer-ip-header

destination

destination (Tunnel Remote End)
destination (Routing Instance)

destination-networks

reassemble-packets

routing-instance

routing-instances

Index
Index of Statements and Commands

Table of Contents