Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
ON THIS PAGE
 

prefix-scale-mode

Syntax

Hierarchy Level

Description

Allows you to configure significantly higher number of prefixes, of upto 225,000 prefixes per term, and in total up to 1 million prefixes (IPv4), 512,000 prefixes (IPv6 64-bit), 256,000 prefixes (IPv6 128-bit) as match conditions in an ingress firewall filter. Without this configuration, the scale is limited to a total of 128,000 prefixes by default. You can apply this configuration to a firewall filter that is bound to a physical interface or logical interface. Note that prefix-scale-mode is only applicable to upto 256 terms.

The following table enumerates supported firewall filter features for the prefix-scale-mode configuration command.

Table 1: Supported Firewall Filter Features for prefix-scale-mode

Firewall Filter Feature

Supported

Interface specific firewall filter

Yes

Incremental update

Yes

Filter chaining

No

Non-incremental update

Yes

Scale mode

Yes

Input-List

Yes

Split filters

Partly. Only the first split will be considered for processing at scale.

Filter on tunnel transport header (non-terminated)

Yes

Filter on tunnel payload header (non-terminated)

Yes

Filter on tunnel transport header (terminated)

No

Filter on tunnel payload header (terminated)

Yes

Two pass filters

Yes

Transient filters

Yes

Rollback on error

Yes

Loopback attachment

No

Egress filters

No

The following table enumerates the combinations of the allowed configurations for tunnel terminated traffic of L2 and L3 firewall filters. L2 firewall filters are applied at the physical interface and logical interface. L3 firewall filters are applied on VRFs and routing instances. In the following table, prefix-scale-mode filter refers to a firewall filter that has been applied the prefix-scale-mode configuration. Regular filter refers to a firewall filter that has not been applied the prefix-scale-mode configuration. Note that not all unsupported configurations is enforced by the CLI.

Table 2: Supported Configuration Combinations for Tunnel Terminated Traffic

L2 firewall filters

L3 firewall filters

Supported

Regular filter

Regular filter

Yes

prefix-scale-mode filter

Regular filter

Match on transport header not supported

prefix-scale-mode filter

Regular filter

Match on payload not supported

Regular filter

prefix-scale-mode filter

Match on transport header not supported

Regular filter

prefix-scale-mode filter

Match on payload not supported

prefix-scale-mode filter

prefix-scale-mode filter

Match on transport header not supported

Caveats

Not supported on egress, loopback, IRB, FFT, and L3 firewall filters. prefix-scale-mode is supported only on IPv4 and IPv6 firewall filters.

Default

128,000 prefixes

Required Privilege Level

interface—To view this statement in the configuration.

interface-control—To add this statement to the configuration.

Release Information

Statement introduced in Junos OS Evolved Release 25.4 R1