Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

Parameter Types

 

Global and local parameters are assigned a type. The type indicates the SRC CLI options in which you can use the parameter.

For example, address is a type of parameter. In the SRC CLI, whenever there is an option for which you can specify an IP address, you can use the ? to display a list of all local and global parameters of type address. For example:

user@host# set source-network network ip-address ?

There are a few cases in which a global parameter value appears, but because of the context, the value does not make sense to use. For example, in NAT actions, the global parameter any appears in for the IP network setting. In this context, any is not a valid value.

Table 1 lists the parameter types, the predefined parameters for each type, the policy objects in which you can use the parameter type, and how the type is used.

Table 1: Parameter Types

Type

Predefined Parameters

Used In

Used to Specify

address

gateway_ipAddress

interface_ipAddress

service_ipAddress

user_ipAddress

virtual_ipAddress

Classify-traffic condition

Next-interface action

Next-hop action

IP addresses in dotted decimal notation.

addressMask

interface_ipMask

service_ipMask

user_ipMask

Classify-traffic condition

IP masks in dotted decimal notation.

For JunosE policies and Junos OS policies (except for firewall policies), a mask must be equivalent to some prefix length. For example, 255.255.255.0 is allowed, but 255.255.255.1 is not. The software searches this constraint for default parameter values, but not for any other substitution values until runtime when the policy engine constructs the policy.

allowIpOptions

 

Classify-traffic condition

 

any

  

The set of all values.

applicationProtocol

bootp, dce_rpc, dce_rpc_portmap, dns, exec, ftp, h323, green, icmp_app, iiop, netbios, netshow, realaudio, rpc, rpc_portmap, rtsp, shell, snmp, sqlnet, tftp, traceroute, winframe, yellow

Classify-traffic condition

(Predefined parameters map protocol numbers to synonyms.)

 

bandwidthSizeUnit

bps

percent

Policer action

 

boolean

false

true

  

burst

 

Rate-limit action

Policer action

DOCSIS action

Burst sizes. The range is 214—232–1.

color

green

red

yellow

Classify-traffic condition

Color action

Color of action or classifier.

The policy engine validates these values; the substitution engine does not.

dceRpcUuid

 

Classify-traffic condition

 

dropProfileProtocol

any_protocol

non_tcp

tcp_only

Scheduler action

 

dropProfileType

interpolated

segmented

Scheduler action

 

exceptionApplication

http

Exception application actions

The policy rule for traffic that has a specific application, such as a Web server

forwardingClass

 

Classify-traffic condition

QoS condition

 

fragOffset

 

Classify-traffic condition

The value of the fragment offset field of IP packets.

For routers running JunosE software:

  • eq 0—Equal to 0

  • eq 1—Equal to 1

  • gt 1—Greater than 1

  • any—Any value

    For routers running Junos OS and PCMM policies, integer in the range 0–8191.

    The policy engine validates these values; the substitution engine does not.

grantSize

 

DOCSIS action

 

icmpCode

icmpType

 

Classify-traffic condition

8-bit values that represent patterns in the ICMP code and ICMP type fields in IP packets. The policy engine validates these values; the substitution engine does not.

igmpType

 

Classify-traffic condition

8-bit values that represent patterns in the IGMP type field in IP packets. The policy engine validates these values; the substitution engine does not.

interfaceGroup

 

Classify-traffic condition

 

InterfaceSpec

bfwlf

gfwlf

Next-interface action

The router interface.

For JunosE interfaces, the format is:

‘<type of specifier>=<value>’



For example: name=‘fastEthernet3/0’



For Junos OS interfaces, the format is:

‘name= <mediatype>-<slot>/ <pic>/<port>.<unit>’



For example: ‘name=AT-0/1/0.0’

interval

 

DOCSIS action

 

ipFlags

ipFlagsMask

 

Classify-traffic condition

3-bit values that represent patterns for the IP flags field in an IP packet. The high bit is reserved, the middle bit is don’t fragment, and the low bit is more fragments.

ipSecSpi

 

Classify-traffic condition

 

IPv4range

 

 

 

jitter

 

DOCSIS action

 

l2cAccessMode

l2c_access_mode

  

level-aggregation-node

Set to one of the following values:

  • The default value is 0, which means the level-aggregation-node is not configured.

  • 1=Forwarding

  • 2=Vlan

  • 3=Atm

  • 4=Svlan

  • 5=atm-vc

  • 6=atm_vp

  • 7=Ethernet

  • 8=fr-vc

  • 9=ppp-interface

Classify-traffic condition

Parent Group

(Optional) Specifies the level—for example, Forwarding, Vlan, and so on, where the external parent group needs to be grouped for JunosE hierarchical rate-limiting.

level-aggregation-node-id

  • If level-aggregation-node=4 (svlan), this represents the svlanID in the range of 0 through 4095.

  • If level-aggregation-node=6 (atm_vp), this represents the atm-vpId in the range of 0 through 255.

Classify-traffic condition

Parent Group

Specifies the JunosE aggregation node ID. You specify this parameter only if the level-aggregation-node attribute is set to 4 (svlan) or 6 (atm-vp). In this case, it is mandatory to set this attribute.

l2cAccessStreamRate

l2c_access_downstream_rate, l2c_access_upstream_rate, l2c_attainable_downstream_rate, l2c_attainable_upstream_rate, l2c_maximum_downstream_rate, l2c_maximum_upstream_rate, l2c_min_downstream_rate, l2c_min_upstream_rate, l2c_minimum_low_power_downstream_rate, l2c_minimum_low_power_upstream_rate

  

l2cDelay

l2c_actual_interleaving_downstream_delay, l2c_actual_interleaving_upstream_delay, l2c_maximum_interleaving_downstream_delay, l2c_maximum_interleaving_upstream_delay

  

l2cDslStatus

l2c_dsl_line_stat

  

matchDirection

both

input

output

Classify-traffic condition

 

maxLatency

 

DOCSIS action

 

messageType

 

Reject action

 

microSecond

 

 

 

natTranslationType

 

NAT action

 

network

any

Classify-traffic condition

NAT action

IP subnets using two forms:

<address>/<mask>

<address>/<prefixLength>

where <address> and <mask> are in the traditional dotted decimal notation.

<prefixLength>is a number in the range 0–32, which specifies how many of the first bits in the address specify the network.

In policy conditions, network specifies patterns for the address fields in packets. Networks can be preceded by “ not” to indicate that the condition matches every address not in the subnet.

networkOperation

 

Classify-traffic condition

Whether a network field of a packet should match or not match the value specified in a policy condition.

  • 0—Does not match

  • 1—Matches

numeric-aggregation-node

0 through 65,535

The default value of 0 means the numeric-aggregation-node is not configured.

Classify-traffic condition

Parent Group

(Optional) Specifies the JunosE aggregation node numerically in the range of 0 through 65,535.

packetLength

 

Classify-traffic condition

DOCSIS action

FlowSpec action

 

packetLossPriority

any_priority

high_priority

low_priority

Loss priority action

 

packetOperation

 

Rate-limit action

Policer action

Stateful firewall

Actions taken on packets.

For rate-limit actions, valid values are: $’forward’, $’filter’, and $’mark <tosByte> <tosMask>’.

For policer actions, valid values are: filter, forwardingClass, lossPriority.

For stateful firewalls, valid values are: filter, forward, reject.

The policy engine validates these values; the substitution engine does not.

percent

 

Scheduler action

 

policedUnit

 

FlowSpec action

 

port

service_port

Classify-traffic condition

NAT action

16-bit values that represent patterns in the port fields in IP packets.

portOperation

eq

neq

Classify-traffic condition

Whether a port field should match or not match the value(s) specified in a condition. For JunosE policies valid values are: $’eq’, $’lt’, $’gt’, $’neq’ and $’range’.

For Junos OS, the allowed values are:

  • 0—Does not match

  • 1—Matches

    The policy engine validates these values; the substitution engine does not.

prPrecedence

 

Policy rule

 

protocol

ah, egp, esp, gre, icmp, igmp, ip, ipip, ospf, pim, rsvp, tcp, udp

Classify-traffic condition

(Predefined parameters map protocol numbers to synonyms.)

8-bit values that represent patterns in the protocol field in IP packets. The policy engine validates these values; the substitution engine does not.

protocolOperation

is

not

Classify-traffic condition

Whether a protocol field of a packet should match or not match the value specified in a policy condition.

  • 0—Does not match

  • 1—Matches

qosProfileSpec

 

QoS-attachment action

Strings in QoS attachment actions that specify QoS profiles. They can be any string that names a QoS profile on routers running JunosE Software.

rate

interface_speed

Rate-limit action

Policer action

DOCSIS action

FlowSpec action

Traffic-shape action

Rates in the range 0—232–1.

rateLimitType

one_rate

two_rate

Rate-limit action

Rate-limit type. The allowed values are $’one-rate’ and $’two-rate’. The policy engine validates these values; the substitution engine does not.

requestTransmissionPolicy

 

DOCSIS action

 

routingInstance

 

Routing instance action

 

rpcProgramNumber

 

Classify-traffic condition

 

schedulerBufferSize

 

Scheduler action

 

schedulerBufferSizeUnit

buffer_size_percentage

buffer_size_remainder

temporal

Scheduler action

 

schedulerPriority

high

low

medium_high

medium_low

strict_high

Scheduler action

 

schedulerTransmitRate

 

Scheduler action

 

schedulerTransmitRateUnit

rate_in_bps

rate_in_percentage

rate_in_remainder

Scheduler action

 

serviceClassName

 

Service class name action

 

serviceNumber

controlled_load_service

guaranteed_service

FlowSpec action

 

sessionClassIdPriority

 

GateSpec action

 

slackTerm

 

FlowSpec action

 

snmpCommand

get

get_next

set

trap

Classify-traffic condition

 

tcpFlags

tcpFlagsMask

 

Classify-traffic condition

6-bit values that represent patterns for the TCP flags field in IP packets. The bits from high to low mean: urgent, acknowledge, push, reset, synchronize, finish.

timeout

 

Classify-traffic condition

 

tokenBucketSize

 

FlowSpec action

 

tosByte

tosByteMask

 

Classify-traffic condition

Rate-limit action

Mark action

8-bit values that represent patterns in the ToS byte field in IP packets.

When tosByteMask is used in ToS conditions, the allowed values are 0, 224, 252, and 255.

The policy engine validates these values; the substitution engine does not.

traceRouteTtlThreshold

 

Classify-traffic condition

 

trafficClassSpec

 

Traffic-class action

Strings in traffic-class actions that specify traffic-class profiles. They can be any string that names a traffic class on routers running JunosE Software.

trafficPriority

 

DOCSIS action

 

trafficProfileType

best_effort

unsolicited_grant

down_stream

unsolicited_grant_with_activity_detection

real_time

non_real_time

DOCSIS action

Service flow scheduling type

translationType

   

userPacketClass

 

User packet class action

4-bit value. For JunosE policies, valid values are in the range 0–15.

The policy engine validates these values; the substitution engine does not.

Predefined Global Parameters

Table 2 describes the predefined built-in and runtime global parameters that the SRC software provides. Only three of the predefined parameters can be modified: any, bfwlf, and gfwlf.

Table 2: Predefined Global Parameters

Predefined Parameter

Description

Type

Runtime

ah

Maps protocol 51 to AH

protocol

 

any

This network matches any address

network

 

any_priority

Sets packet loss priority to “ any”

packetLossPriority

 

any_protocol

Sets drop profile protocol to “ any”

dropProfileProtocol

 

best_effort

Sets the service flow scheduling type to best effort

trafficProfileType

 

bfwlf

Specifier of the interface that leads to the bronze firewall server

interfaceSpec

Yes

bootp

Specifies the BOOTP protocol

applicationProtocol

 

both

Specifies the direction of the policy as input and output

matchdirection

 

bps

Specifies that the indicated bandwidth size is in bps

bandwidthSizeUnit

 

buffer_size_percentage

Specifies that the indicated buffer size is a percentage

schedulerBufferSizeUnit

 

buffer_size_remainder

Specifies that the indicated buffer size is a remainder

schedulerBufferSizeUnit

 

controlled_load_service

Specifies that the type of FlowSpec service is controlled-load service

serviceNumber

 

dce_rpc

Specifies the DCE RPC protocol

applicationProtocol

 

dce_rpc_portmap

Specifies the DCE RPC portmap

applicationProtocol

 

dns

Specifies the DNS protocol

applicationProtocol

 

down_stream

Sets the service flow scheduling type to downstream

trafficProfileType

 

egp

Maps protocol 8 to EGP

protocol

 

eq

Matches packets with a port that is equal to the specified port

portOperation

 

esp

Maps protocol 50 to ESP

protocol

 

exec

Specifies the Exec protocol

applicationProtocol

 

false

Sets Boolean values to false

boolean

 

ftp

Specifies the FTP protocol

applicationProtocol

 

gateway_ipAddress

IP address of the gateway as specified by the service object

address

Yes

get

Specifies the get SNMP command

snmpCommand

 

get_next

Specifies the get-next SNMP command

snmpCommand

 

gfwlf

Specifier of the interface that leads to gold firewall server

interfaceSpec

Yes

gre

Maps protocol 47 to GRE

protocol

 

green

Specifies the color that indicates a low drop preference

color

Yes

guaranteed

Specifies that the type of FlowSpec service is guaranteed service

serviceNumber

 

h323

Specifies the H.323 protocol

applicationProtocol

 

high

Sets the scheduler priority to high

schedulerPriority

 

high_priority

Sets the packet loss priority (PLP) to high

packetLossPriority

 

icmp

Maps protocol 1 to ICMP

protocol

 

icmp_app

Specifies the ICMP protocol

applicationProtocol

 

igmp

Maps protocol 2 to IGMP

protocol

 

iiop

Specifies the Internet Inter-ORB Protocol, a TCP protocol

applicationProtocol

 

input

Specifies the direction of the policy as input

matchdirection

 

interface_ipAddress

IP address of the interface

address

Yes

interface_ipMask

IP mask of the interface

addressMask

Yes

interface_speed

Speed of the subscriber’s IP interface on the router or the speed of the subscriber’s DOCSIS interface

rate

 

interpolated

Sets the drop profile type to interpolate

dropProfileType

 

ip

Maps protocol 0 to IP

protocol

 

ipip

Maps protocol 4 to IP-IP

protocol

 

is

Matches packets with the protocol that is equal to the specified protocol

protocolOperation

 

l2c_access_downstream_rate

L2C downstream rate

l2cAccessStreamRate

Yes

l2c_access_mode

L2C access mode

l2cAccessMode

Yes

l2c_access_upstream_rate

L2C upstream rate

l2cAccessStreamRate

Yes

l2c_actual_interleaving_downstream_delay

L2C interleaving downstream delay

l2cDelay

Yes

l2c_actual_interleaving_upstream_delay

L2C interleaving upstream delay

l2cDelay

Yes

l2c_attainable_downstream_rate

L2C attainable downstream rate

l2cAccessStreamRate

Yes

l2c_attainable_upstream_rate

L2C attainable upstream rate

l2cAccessStreamRate

Yes

l2c_dsl_line_stat

L2C DSL line status

l2cDslStatus

Yes

l2c_maximum_downstream_rate

L2C maximum downstream rate

l2cAccessStreamRate

Yes

l2c_maximum_interleaving_downstream_delay

L2C maximum interleaving downstream delay

l2cDelay

Yes

l2c_maximum_interleaving_upstream_delay

L2C maximum interleaving upstream delay

l2cDelay

Yes

l2c_maximum_upstream_rate

L2C maximum upstream rate

l2cAccessStreamRate

Yes

l2c_min_downstream_rate

L2C minimum downstream rate

l2cAccessStreamRate

Yes

l2c_min_upstream_rate

L2C minimum upstream rate

l2cAccessStreamRate

Yes

l2c_minimum_low_power_downstream_rate

L2C minimum low power downstream rate

l2cAccessStreamRate

Yes

l2c_minimum_low_power_upstream_rate

L2C minimum low power upstream rate

l2cAccessStreamRate

Yes

low

Sets scheduler priority to low

schedulerPriority

 

low_priority

Sets packet loss priority to low

packetLossPriority

 

medium_high

Sets scheduler priority to medium-high

schedulerPriority

 

medium_low

Sets scheduler priority to medium-low

schedulerPriority

 

neq

Matches packets with a port that is not equal to the specified port

portOperation

 

netbios

Specifies the NetBIOS protocol

applicationProtocol

 

netshow

Specifies the NetShow protocol

applicationProtocol

 

non_real_time

Sets the service flow scheduling type to NRTPS

trafficProfileType

 

non_tcp

Sets the drop profile protocol to any protocol other than TCP

dropProfileProtocol

 

not

Matches packets with the protocol that is not equal to the specified protocol

protocolOperation

 

one_rate

Sets the rate-limit type to one rate

rateLimitType

 

ospf

Maps protocol 89 to OSPF

protocol

 

output

Specifies the direction of the policy as output

matchdirection

 

percent

Specifies that the indicated bandwidth size is a percentage of bandwidth

bandwidthSizeUnit

 

pim

Maps protocol 103 to PIM

protocol

 

rate_in_bps

Specifies that the indicated transmit rate is in bps

schedulerTransmitRateUnit

 

rate_in_percentage

Specifies that the indicated transmit rate is a percentage

schedulerTransmitRateUnit

 

rate_in_remainder

Specifies that the indicated transmit rate is a remainder

schedulerTransmitRateUnit

 

realaudio

Specifies the RealAudio protocol

applicationProtocol

 

real_time

Sets the service flow scheduling type to RTPS

trafficProfileType

 

red

Specifies the color that indicates a high drop preference

color

Yes

rpc

Specifies the RPC UDP or TCP protocols

applicationProtocol

 

rpc_portmap

Specifies the RPC portmap protocol

applicationProtocol

 

rsvp

Maps protocol 46 to RSVP

protocol

 

rtsp

Specifies the Real-Time Streaming Protocol

applicationProtocol

 

sctp

Maps protocol 132 to the Stream Control Transmission Protocol

protocol

 

segmented

Sets the drop profile type to segmented

dropProfileType

 

service_ipAddress

IP address of the service as specified by the service object

address

Yes

service_ipMask

IP mask of the service as specified by the service object

address

Yes

service_port

Service port as specified by the service object

port

Yes

set

Specifies the set SNMP command

snmpCommand

 

shell

Specifies the Shell protocol

applicationProtocol

 

snmp

Specifies the SNMP protocol

applicationProtocol

 

sqlnet

Specifies the SQLNet protocol

applicationProtocol

 

strict_high

Sets scheduler priority to strict-high

schedulerPriority

 

tcp

Maps protocol 6 to TCP

protocol

 

tcp_only

Sets the drop profile protocol to TCP

dropProfileProtocol

 

temporal

Specifies that the indicated buffer size is temporal

schedulerBufferSizeUnit

 

tftp

Specifies the Trivial File Transfer Protocol

applicationProtocol

 

traceroute

Specifies the Traceroute protocol

applicationProtocol

 

trap

Specifies the trap SNMP command

snmpCommand

 

true

Sets the Boolean value to true

boolean

 

two_rate

Sets the rate-limit type to two rate

rateLimitType

 

udp

Maps protocol 17 to UDP

protocol

 

unsolicited_grant

Sets the service flow scheduling type to UGS

trafficProfileType

 

unsolicited_grant_with_activity_detection

Sets the service flow scheduling type to UGS-AD

trafficProfileType

 

user_ipAddress

IP address of the subscriber

address

Yes

user_ipMask

IP mask of the subscriber

address

Yes

virtual_ipAddress

Virtual portal address of the SSP that is used in redundant SAE installations

address

Yes

winframe

Specifies the WinFrame protocol

applicationProtocol

 

yellow

Specifies the color that indicates a medium drop preference

color

Yes

Naming Global Parameters

A global parameter is stored in the directory with the parameter name as its naming attribute. The directory stores the case for the parameter name; however, the directory does not allow you to create another global parameter with a name that differs only by the use of upper and lowercase letters. For example, if there is a parameter named fastspeed, the directory will not allow the creation of a parameter named fastSpeed without first deleting fastspeed.

Also, when you define a substitution for a global parameter, make sure that the case in the substitution matches the case of the global parameter.