Navigation
Back up to About Overview
[+] Expand All
[-] Collapse All
A
- access policy, examples 1
- action threshold, service schedules
- actions. See policy actions
- aggregate services 1
- adding
- before you configure
- fragment services
- infrastructure services
- mandatory services
- Python expressions
- redundancy
- sessions 1
- timers, configuring
- apply-groups statement, routers running Junos OS
C
- captive portal
- using with next-hop action
- classify-traffic condition 1
- application protocol
- application, setting
- application-group, setting
- configuring
- destination grouped network, configuring
- destination network, configuring
- expanded classifiers 1
- extended classifiers 1
- ICMP conditions, setting
- IGMP conditions, setting
- IPSec conditions, setting
- Junos OS filter conditions, setting
- JunosE secondary input policy conditions, setting
- match direction, setting
- multiple classifiers
- packet length, setting
- PCMM I02 and I03 1
- port definitions, overview
- protocol conditions with parameters, setting
- protocol conditions with ports, setting
- protocol conditions, setting
- route class, configuring
- source grouped network, configuring
- source network, setting
- TCP conditions, setting
- term-precedence, setting
- ToS byte conditions, setting
- color actions 1
- configuring
- color mark actions 1, 2
- controlled load service, FlowSpec
- conventions
- CoS (class of service)
- ToS byte, setting
- customer support 1
D
- Data-over-Cable Service Interface Specifications. See DOCSIS
- default policies
- example
- DHCP (Dynamic Host Configuration Protocol)
- access policy example
- Differentiated Services code point, ToS byte
- DOCSIS policy actions 1
- configuring
- documentation
- drop profile maps
- DSCP (Differentiated Services code point), ToS byte
E
- effective period, service schedules
- exclusions to service schedule 1
- defining
- expanded classifiers 1
- configuring
- expressions
- map, application protocol conditions
- parameter definitions
- extended classifiers, PCMM 1
- configuring
- external parent groups
- external parent groups,
- aggregate rate-limit
- configuration statements
- for JunosE policies
- hierarchical policy parameter
- JunosE
- rate-limit profiles
F
G
- gates, PCMM
- gateSpec actions 1
- configuring
- global parameters 1
- guaranteed service, FlowSpec
H
I
J
- Junos OS ASP policy rules 1
- Junos OS filter policy rules 1
- conditions, setting
- Junos OS policer policy rules 1
- policer actions 1
- Junos OS port mirror policy rules
- Junos OS scheduler policy rules 1, 2, See also drop profile maps
- actions 1
- QoS conditions, configuring
- Junos OS shaping policy rules
- JunosE IPv6 policy rules
- JunosE secondary input policy rules
- conditions, setting
L
M
- manuals
- map expressions
- application protocol conditions
- substitutions
- mark actions 1
- configuring
- multiple classifiers, policies
- multitask
- mutex group 1
- adding
N
- NAT (Network Address Translation) policies
- actions 1
- application protocol condition
- next-hop actions 1
- next-interface actions 1
- configuring
- next-rule actions 1
- configuring
- non-real-time polling service.
- notice icons
- NRTPS (non-real-time polling service)
O
P
- packet loss priority. See loss priority actions
- PacketCable Multimedia Specifications. See PCMM
- parameter names
- parameter value acquisition 1, 2, See also substitutions
- parameter values, setting in services
- parameters 1, See also substitutions
- defining
- definition
- fixing
- global. See global parameters
- local. See local parameters
- ranking sources
- runtime. See runtime parameters
- types
- parent groups 1, 2, 3, 4, 5
- PCMM policies
- classifiers
- client type 1 support
- conditions and actions supported
- DOCSIS parameters 1
- extended classifiers 1
- FlowSpec parameters
- gate
- gateSpec parameters, configuring
- I02 and I03 classifiers
- marking packets
- proxied QoS with policy push
- service class name
- service flow scheduling types
- SessionClassId
- traffic profiles
- permanent service 1
- configuring
- plug-ins
- policer actions 1
- configuring
- policies
- policing policies
- example
- policy actions 1
- color 1
- color mark 1, 2
- combining
- configuring
- DOCSIS 1
- dynamic profiles
- filter 1
- FlowSpec 1
- forward 1
- forwarding class 1
- forwarding instance
- gateSpec 1
- loss priority 1
- mark 1
- NAT 1
- next hop 1
- next interface 1
- next rule 1
- policer 1
- policy rules supported
- QoS profile attachment 1
- rate limit 1
- rate limit hierarchy
- rate limit types
- rate-limit hierarchy
- reject 1
- routing instance 1
- scheduler 1
- service class name 1
- stateful firewall 1
- template activation
- traffic class 1
- traffic mirror 1
- traffic-shape 1
- types
- user packet class 1
- policy components 1
- policy conditions 1, 2, See also classify-traffic condition
- policy engine
- policy examples
- policy folders 1
- configuring
- policy groups 1
- configuring
- policy lists 1
- configuring
- policy management
- policy objects
- policy overview
- actions. See policy actions
- conditions. See classify-traffic condition\
- policy object organization
- policy repository, description
- policy rules 1
- actions supported
- conditions supported
- configuring
- Junos Adaptive Services PIC (ASP). See Junos OS ASP policy rules
- Junos OS filter. See Junos OS filter policy rules
- Junos OS policer. See Junos OS policer policy rules
- Junos OS scheduler. See Junos OS scheduler policy rules
- Junos OS shaping. See Junos OS shaping policy rules
- precedence
- types
- PPP
- access policy example
- precedence
- policy rules
- premium service, example
- preparation time, service schedules
- proxied QoS with policy push
- PTSP actions
- PTSP actions, configuring
Q
R
- rate-limit actions 1
- rate-limit hierarchy actions
- rate-limit type actions
- configuring
- rate-limiting, with multiple classifiers
- real-time polling service. See RTPS
- reject actions 1
- configuring
- routers running Junos OS
- policy features
- routing instance actions 1
- configuring
- RTPS (real-time polling service) 1
- runtime parameters
S
- scheduleAuth plug-in
- scheduler actions 1, 2, See also drop profile maps
- configuring
- scopes. See service scopes
- script services 1
- service
- 3gpp attributes (Gx router driver)
- service class name actions 1
- configuring
- service flow scheduling types
- service schedules
- action threshold, setting
- authorization schedules, configuring
- configuring
- examples
- exclusions, defining
- guidelines
- overview 1
- planning
- preparation time, setting
- weekly-recur-freq
- service scopes 1, 2
- service-mgm-schedules-nonwork
- services
- activate-only
- adding aggregate
- adding infrastructure
- adding normal
- adding script services
- aggregate. See aggregate services
- assigning to service scopes
- automatic activation
- infrastructure. See infrastructure services
- mutually exclusive
- overview
- premium service example
- restricting availability
- restricting simultaneous activation
- script. See script services
- setting parameter values
- tiered Internet example
- SessionClassId, PCMM policies
- shaping rate. See traffic shaping
- stateful firewall policies
- actions 1
- application protocol conditions
- substitutions 1, See also parameters
- support, technical See technical support
T
- technical support
- template activation actions
- configuring
- text conventions defined
- tiered Internet service, example
- traffic mirror actions 1
- configuring
- traffic profiles, PCMM policies
- traffic shape actions
- configuring
- traffic shaping
- traffic-class actions 1
- configuring
- traffic-shape actions
U
V
- validating
- value acquisition for parameters
Download This Guide
Related Documentation
Example: Creating Access Policies for Subscribers
In this example, the service provider manages an interface on the router. The interface is associated with a subscriber. The access policy is a default policy that supports various types of subscribers and interfaces. Some examples are DHCP, static IP subscribers, and PPP subscribers.
From the service provider’s perspective, the service provider’s network is on the inside, and the enterprise network is on the outside. Ingress traffic flows from the enterprise network to the service provider’s network. Egress traffic flows from the service provider’s network to the enterprise network.
The default policy installed on the interface sets the context of other services that the subscriber will activate later. The default policy can restrict subscriber access to the network or provide a default access. You can also use the default policy to create a walled garden effect by sending subscribers to the SAE server and requiring them to activate a service before they can access other services in the system. (The term walled garden is used to describe an environment in which a service provider limits a subscriber’s access to Web content and services.)
The precedence of the policy rules in default policies is very important. When the related service is activated, the service policy needs a high priority (low value) so that the service policy is used instead of the default policy.
Types of Policies
The policy used for access depends on the type of services that it will be used for. Generally, policies with filter, forward, rate-limit or policer, and next-hop actions are used.
Sample Access Policies
This section contains examples of access policies for DHCP subscribers and PPP subscribers. In both of these examples, there are two content providers. Traffic destined for the content provider networks is sent to the residential portal by means of a next-hop action that forwards traffic to the virtual IP address of the portal. (See SRC PE Sample Applications Guide.)
Traffic to the portal has a high priority and is not affected by other service policies. This way, the subscriber can always access the portal. Traffic from the network is forwarded without any restrictions.
DHCP Policy Group
The following information shows the configuration details of the DHCP policy group.
Policy List Out
[edit policies folder sample folder junose group DHCP list out]
user@host# show
role junose-ipv4;
applicability output;
rule forward {
type junose-ipv4;
precedence 500;
forward forward {
}
traffic-condition any {
}
}Policy List In
[edit policies folder sample folder junose group DHCP list in]
user@host# show
role junose-ipv4;
applicability input;
rule forward-to-SSP {
type junose-ipv4;
precedence 200;
forward forward {
}
traffic-condition ssp {
destination-network {
network {
ip-address virtual_ipAddress;
ip-mask 255.255.255.255;
ip-operation 1;
}
}
}
}
rule forward-cl-dhcp {
type junose-ipv4;
precedence 200;
forward Fo {
}
traffic-condition cl-dhcp {
protocol-port-condition {
protocol udp;
protocol-operation is;
ip-flags 0;
ip-flags-mask 0;
destination-port {
port {
port-operation eq;
from-port 67;
}
}
source-port {
port {
port-operation neq;
}
}
}
}
}
rule cp-to-ssp {
type junose-ipv4;
precedence 500;
next-hop to-ssp {
next-hop-address virtual_ipAddress;
}
traffic-condition content-provider-network-1 {
destination-network {
network {
ip-address 10.10.40.0;
ip-mask 255.255.255.0;
ip-operation 1;
}
}
}
traffic-condition content-provider-network-2 {
destination-network {
network {
ip-address 172.16.0.0;
ip-mask 255.255.0.0;
ip-operation 1;
}
}
}
}PPP Policy Group
The following information shows the configuration details of the PPP policy group.
Policy List Out
[edit policies folder sample folder junose group PPP list out]
user@host# show
role junose-ipv4;
applicability output;
rule forward {
type junose-ipv4;
precedence 500;
forward forward {
}
traffic-condition any {
}
}Policy List In
[edit policies folder sample folder junose group PPP list in]
user@host# show
role junose-ipv4;
applicability input;
rule forward-to-SAE {
type junose-ipv4;
precedence 200;
forward forward {
}
traffic-condition sae {
destination-network {
network {
ip-address virtual_ipAddress;
ip-mask 255.255.255.255;
ip-operation 1;
}
}
}
}
rule cp-to-ssp {
type junose-ipv4;
precedence 500;
next-hop to-ssp {
next-hop-address virtual_ipAddress;
}
traffic-condition content-provider-network-1 {
destination-network {
network {
ip-address 10.10.40.0;
ip-mask 255.255.255.0;
ip-operation 1;
}
}
}
traffic-condition content-provider-network-2 {
destination-network {
network {
ip-address 172.16.0.0;
ip-mask 255.255.0.0;
ip-operation 1;
}
}
}
}