IP Profiles

IP Profiles Overview

You can configure an IP interface dynamically by creating a profile. A profile is a set of characteristics that acts as a pattern that can be dynamically assigned to an IP interface. You can manage a large number of IP interfaces efficiently by creating a profile with a specific set of characteristics. In addition, you can create a profile to assign an IP interface to a virtual router.

A profile can contain one or more of the following characteristics:

• access-route—Enables the creation of host access routes on an interface
• address—Configures an IP address on an interface
• auto-configure—Configures the interface for auto-configure mode
• auto-detect—Configures the interface for auto-detect mode
• directed-broadcast—Enables directed broadcast forwarding
• filter-options-all—Enables filtering of packets with IP options on an interface
• igmp—Configures an Internet Group Management Protocol (IGMP) interface
• ignore-df-bit—Specifies that the don’t-fragment bit is ignored
• inactivity-timer—Configures inactivity time for IP interfaces
• inspection—Associates an inspection list to the interface for firewalling
• mtu—Configures the maximum transmission unit for a network
• nat—Configures the interface as inside or outside for Network Address Translation (NAT)
• policy—Assigns a policy to the ingress or egress of an interface
• redirects—Enables transmission of Internet Control Message Protocol (ICMP) redirect messages
• route-maps—Configures the interface for route-map processing
• source address validation—Verifies that a packet has been sent from a valid source address
• tcp adjust-mss—Adjusts maximum packet sizes on TCP connections when path maximum transmission unit detection is not sufficient
• unnumbered—Configures IP on this interface without a specific address
• virtual-router—Specifies a virtual router to which interfaces created by this profile will be attached

Creating a Profile

You can use the profile command from Global Configuration mode to create or edit a profile. You can specify a profile name with up to 80 characters.

To create a profile on the router:

• Issue the profile command in Global Configuration mode.
  host1(config)#profile foo

  Use the no version to remove a profile.

See JunosE Link Layer Configuration Guide for information about creating profiles and on other characteristics that can be applied to the profile.

Configuring Profile Attributes for IP

You can add a specific set of IP characteristics to a created profile and assign the profile to many IP interfaces.

To assign IP characteristics to a profile:

1. Assign an IP address.
   host1(config-profile)#ip address 192.56.32.2 255.255.255.0
2. (Optional) Enable an access route.
   host1(config-profile)#ip access-routes
3. (Optional) Enable a directed broadcast address.
   host1(config-profile)#ip directed-broadcast
4. (Optional) Assign the MTU size sent on an IP interface to which the profile is assigned.
   host1(config-profile)#ip mtu 5000
5. (Optional) Enable the sending of redirect messages if the software is forced to resend a packet through the same interface (to which the profile is assigned) on which it was received.
   host1(config-profile)#ip redirects
6. (Optional) Modify the maximum segment size (MSS) for TCP SYN packets traveling through the interface to which the profile is assigned. The router compares the MSS value of incoming or outgoing packets against the MSS adjustment value. For any packet that contains an MSS value larger than the MSS adjustment value, the router replaces the MSS option with the configured adjustment value. If the packet does not contain an MSS value, the router assumes a value of 536 for the packet MSS on which to base the comparison.
   host1(config-profile)#ip tcp adjust-mss 5000

   Note: The purpose behind using MSS is to alleviate problems with path maximum transmission unit discovery and resulting black hole detection issues. (See RFC 2923, “TCP Problems with Path MTU Discovery,” for additional information about the black hole scenario.)

7. (Optional) Specify the numbered interface with which dynamic unnumbered interfaces created with the profile are associated. You can specify an unnumbered interface using RADIUS instead of using the ip unnumbered command in a profile.
   host1(config-profile)#ip unnumbered fastEthernet 0/0
8. (Optional) Assign a virtual router. You can configure a virtual router using RADIUS instead of adding one to the profile by using the ip virtual-router command.
   host1(config-profile)#ip virtual-router VR1
9. (Optional) Force the router to ignore the DF bit if it is set in the IP packet header for packets on an interface to which the profile is assigned.
   host1(config-profile)#ip ignore-df-bit
10. (Optional) Enable source address validation.
    host1(config-profile)#ip sa-validate

Assigning a Profile to an Interface

You can assign a profile to a PPP interface using the profile command. The profile configuration is used to dynamically create an upper IP interface.

To assign a profile to an interface:

• Issue the profile command in Interface Configuration mode.
  host1(config-if)#profile foo

  Use the no version to remove the assignment from the interface.