Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Routing Policy and Firewall Filters

  • Support for firewall filters per logical interface (QFX5110, QFX5120-32C, QFX5120-48T, QFX5120-48Y, QFX5120-48YM, QFX5200, and QFX5210)— Starting in Junos OS Release 22.2R1, you can configure port firewall filters per logical interface, in the input direction, using the service provider-style configuration. To configure, use the set chassis per-logical-interface-firewall CLI command. In earlier Junos OS releases, port firewall filters would be applied to all logical interfaces of a physical interface.

  • Optimize TCAM when EVPN/VXLAN is enabled (EX4400-48F, EX4650, QFX5110, QFX5120-32C, QFX5120-48T, QFX5120-48Y, QFX5120-48YM, QFX5200, and QFX5210)

    In Junos OS Release 22.2R1, we've introduced CLI configuration commands to optimize ternary content addressable memory (TCAM) space usage. Use these commands to prevent ingress filter processor (IFP) TCAM space exhaustion:

    • set chassis ivacl-firewall-no-portrange-profile
    • set chassis iracl-firewall-ipv4-profile
    • set chassis ipvacl-firewall-l2-profile
    • set chassis input-firewall-optimized-profile
  • Support for multiple named validation databases from multiple sources (MX204, PTX10016, and QFX3500— Starting in Junos OS Release 22.2R1, we support multiple named validation databases from multiple sources. You can also consult validation databases across instances and track RIBs that consult the various databases to enable notification when entries are modified.

    To Specify a named route-validation database, use validation-state (invalid | valid) option at the [edit routing-options validation database <database-name> static record <destination> maximum-length <prefix-length> origin-autonomous-system <as-number>] hierarchy level.

    To Specify target route-validation database for a validation session, use database <database-name> option at the [edit routing-options validation group <group-name> session] hierarchy level.

    To specify validation database, use validation-database-instance option at the [edit polciy-statement <policy-name> term <term-name> from] hierarchy level.

    [See policy-statement, session (Origin Validation for BGP), and validation (Origin Validation for BGP).]