Configuring BoD Policies

When configuring BoD policies, you create rules that classify traffic. Make sure that the source and destination policy rules correspond to location of the enterprise relative to the subscriber interface that the SRC software manages. When configuring Enterprise Manager Portal, you follow the same rules for defining source and destination fields. See Policy Components.

You can create policies with the Policies, Services, and Subscribers CLI or the Policies, Services, and Subscribers subtasks in the C-Web interface.

To configure a BoD policy:

  1. Create a BoD policy group and associated policy rules.

    You can create some policy rules as Junos OS filters and others as JunosE filters.

    Specify values or parameters for the following for each policy rule for the BoD service:

    • TOS byte in the IP header
    • Mask used for the ToS byte
    • Source TCP/UDP port
    • Destination TCP/UDP port
    • IP address of source
    • IP address of destination
    • TCP flags
    • Fragmentation flags
    • Fragmentation offset
    • ICMP type
    • ICMP code
  2. Specify a precedence for the policy rules.

    If the configuration includes basic BoD services, the policies to support basic BoD services should have a lower precedence, indicated by a higher number.

    For information about policy rules and precedences, see Policy Information Model.

For a sample BoD policy, see policyGroupName=bod, ou=entjunos, o=Policies, o=umc in the sample data. In the sample BoD policies, substitutions in services rename policy parameters to names required by Enterprise Manager Portal.

The sample data is based on a scenario that has the SRC managed interface on a device with egress to the access link that leads to the enterprise.