Routing Policy and Firewall Filters
-
Network slicing (MX480, MX960, MX2020, and MX10003)— Starting in Junos OS Release 22.2R1, you can provision network slices using a combination of CoS and firewall filter configuration. You can use new CoS configuration statements to create slice-based hierarchical queues under any physical interface. We've introduced a new firewall filter matching condition and action named
slice
for familyinet
,inet6
, andany
filters to capture and mark matched packets from and to slices.slice
is also a new routing policy action to mark packets that match routes with the slice identifier. You can use a new routing policy action namedfilter
to bind a named familyany
filter to the next hop of the routes that match the route policy. To view slice statistics, use the following CLI command:show route extensive expanded-nh
to view the slice and filter information bound to the next hop.
-
Filter based on 6-tuple lookup in inner GTP encapsulated packet (MX240, MX304, MX480, MX960, MX2010, MX2020, MX10003, MX10008, and MX10016)—
Starting in Junos OS Release 22.2R1, Junos OS on the listed MX Series devices supports filter match on the GPRS header (TEID, Version) and inner IP header (5 tuples: Source IP, Destination IP, Source Port, Destination Port, Protocol) in the GTP-C packet.
-
Support for multiple named validation databases from multiple sources (MX204 and PTX10016)— Starting in Junos OS Release 22.2R1, we support multiple named validation databases from multiple sources. You can also consult validation databases across instances and track RIBs that consult the various databases to enable notification when entries are modified.
To Specify a named route-validation database, use
validation-state (invalid | valid)
option at the [edit routing-options validation database <database-name> static record <destination> maximum-length <prefix-length> origin-autonomous-system <as-number>
] hierarchy level.To Specify target route-validation database for a validation session, use
database <database-name>
option at the [edit routing-options validation group <group-name> session
] hierarchy level.To specify validation database, use
validation-database-instance
option at the [edit polciy-statement <policy-name> term <term-name> from
] hierarchy level.[See policy-statement, session (Origin Validation for BGP), and validation (Origin Validation for BGP).]