Routing Policy and Firewall Filters
-
Support for IPv4 and IPv6 firewall filters on Layer 3 gateways in EVPN-VXLAN fabrics (QFX5210)—Starting in Junos OS Release 21.4R1, QFX5210 switches acting as Layer 3 gateways in EVPN-VXLAN fabrics support IPv4 and IPv6 firewall filters in the ingress direction of the IRB interface. We recommend that you do not apply filters on the RIOT loopback interface. The switch supports the following match conditions:
source-address
destination-address
source-port
destination-port
ttl
ip-protocol
hop-limit
The supported actions are:
accept
discard
log
syslog
policer
The QFX5210 does not support filter-based forwarding (FBF).
-
Support for source-port and destination-port range optimize conditions to reduce the TCAM space—Starting in Junos OS Release 21.4R1, we support the
source-port-range-optimize
and thedestination-port-range-optimize
conditions at the[edit firewall family ethernet-switching filter <filter-name> term <term-name> from]
hierarchy level. This configuration considerably reduces the ternary content addressable memory (TCAM) space usage. QFX Series line of switches support up to 24 non-contiguous matching conditions for thesource-port-range-optimize
anddestination-port-range-optimize
options.