Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Routing Policy and Firewall Filters

  • Support for including layer 2 header in policer overhead calculation (PTX10001-36MR, PTX10002-36QDD, PTX10003, PTX10004, PTX10008, PTX10016)—Support is added to include layer 2 header in the policer overhead calculation using the layer2-policer configuration statement. By default, policer overhead calculation is - layer 3 header length + payload length. After setting this configuration statement, policer overhead accounting calculation is - layer 2 header length + layer 3 header length + payload length. Supported for any, INET, INET6, and MPLS firewall filter families.

    [See layer2-policer.]

  • Support for counting the number of BGP large communities (PTX10001-36MR, PTX10002-36QDD, PTX10003, PTX10004, PTX10008, PTX10016)—You can use large-community-count to count the number of BGP large communities.

    [See large-community-count.]

  • Support added to hierarchical policers for applying user-selectable bandwidth for premium and non-premium traffic (PTX10002-36QDD)—You can use the new firewall filter action policer-charge to subtract available bandwidth credits and make it available to the aggregate policer.

    [See policer-charge.]

  • Scalable source address based forwarding (PTX10001-36MR, PTX10003, PTX10004, PTX10008, and PTX10016)—Source based forwarding is used for providing value added services where paths through the network are selected based on the packet’s source address. In some deployments, the destination node of the packet, identified by the protocol next hop, stays the same, but the path through the network may vary. However, in some deployments, the destination of the packet changes too. In this scenario, separate forwarding tables are used for traffic forwarding, and traffic is steered into these tables based on the packet's source address. source-based-forwarding and source-lookup configuration statements have been introduced to enable this functionality.

    [See source-based-forwarding and source-lookup.]

  • Support for matching first byte of payload value (PTX10001-36MR, PTX10002-36QDD, PTX10004, PTX10008, and PTX10016)

    [See Firewall Filter Match Conditions for IPv4 Traffic.]

  • Support for matching IPv6 flow label field (PTX10008)—Support is added for matching the 20-bit flow-label field in the header of an IPv6 packet. We've added two new match conditions for this feature—flow-label flow label value and flow-label flow label value mask mask value.

    [See Firewall Filter Match Conditions for IPv6 Traffic.]

  • Support for increasing firewall filter scale (PTX10001-36MR, PTX10004, PTX10008, and PTX10016)—We support two new configuration statements—scale-mode and no-incremental-update. Use scale-mode to accommodate more firewall filter terms, when you're focused more on scale than on performance. Use no-incremental-update to prevent the firewall filter from undergoing incremental update; the filter undergoes make-before-break (MBB).

    [See scale-mode and no-incremental-update.]