Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Configuring Policy Rules

 

Policy rules specify traffic conditions and actions to be taken. Topics include:

Policy Rules Overview

The type of policy rule that you can create depends on the type and applicability of the policy list in which you create the policy rule. There is only one type of policy rule for PCMM policy lists and AAA policy lists. For JunosE policy lists, you can create JunosE IPv4 or JunosE IPv6 policy rule types. If you are creating a JunosE secondary input policy, the applicability of policy list must be secondary-input. For Junos OS policy lists, you can create the following policy rule types:

  • Junos OS ASP—Applicability of policy list must be both.

  • Junos OS FILTER—Applicability of policy list must be input or output.

  • Junos OS POLICER—Applicability of policy list must be input or output.

  • Junos OS SCHEDULER—Applicability of policy list must be both.

  • Junos OS SHAPING—Applicability of policy list must be both.

Before You Configure Junos OS Policy Rules

The following are prerequisites to using policy rules on routers running Junos OS:

  • Junos OS scheduler and Junos OS shaping Policy Rules

    Before you use the Junos OS scheduler and Junos OS shaping policy rules, check that your Physical Interface Card (PIC) supports Junos OS scheduling and shaping rate. Also, check that your interface supports the per-unit-scheduler.

    You must enable the per-unit-scheduler on the interface. To do so, on routers running Junos OS, include the per-unit-scheduler statement at the [edit interfaces interface-name] hierarchy level:

  • Junos OS ASP Policy Rules

    Before you use the Adaptive Services PIC (ASP) policy rule to create a stateful firewall or NAT policy, you must configure the Adaptive Services PIC on routers running Junos OS. For example:

For more information about configuring Adaptive Services PICs, see the Junos OS Services Interfaces Configuration Guide.

Setting the Policy Rule Precedence

Policy lists can have more than one policy rule. Policy rules are assigned a precedence that determines the order in which the policy manager applies policy rules. Rules are evaluated from lowest to highest precedence value. Rules with equal precedence are evaluated in random order.

Note that for Junos OS SCHEDULER and Junos OS POLICER policy rules, precedence is not a factor.

The router classifies packets beginning with the classify condition in the policy list that has the policy rule with the lowest precedence.

  • If the packet matches the condition, the router applies the policy rule actions to the packet and does not continue to examine further conditions.

  • If the packet does not match the condition, the router tries to match the packet with the classify condition in the policy rule with the next higher precedence.

  • If the packet does not match any of the classify conditions, it is forwarded. There are some exceptions. For example, in the case of a Junos OS ASP stateful firewall, packets that do not match the classify conditions are dropped. Only matching packets are forwarded.

For routers running JunosE Software, if you want the router to take two corresponding actions on a packet, you would create a JunosE policy list that has more than one policy rule with the same precedence. For example, you may want a policy rule that marks a packet and a policy rule that forwards the packet to the next interface. Or you could have a policy rule that applies a traffic class and a policy rule that forwards the packet to the next hop.

Adding a Policy Rule (SRC CLI)

You create policy rules within policy lists. Use the following configuration statements to create a policy rule:

To add a policy rule:

  1. From configuration mode, create a policy rule inside a policy list that has already been created and configured. For example, to create a policy rule called forward-dhcp within policy list input:

  2. Specify the type of policy rule.

    The type of policy rule that you can create depends on the type and applicability of the policy list in which you create the policy rule.

  3. (Optional) Specify the order in which the policy manager applies rules.

  4. (Optional) Specify whether accounting data is collected for the actions specified in the rule.

  5. (Optional) Provide a description of the policy rule.

  6. (Optional) Verify your policy rule configuration.