Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Routing Policy andlayer2-policer Firewall Filters

  • Change default processing behavior of firewall filters with filter based forwarding actions (QFX5130-32CD, QFX5130-48C, QFX5130-48CM, QFX5700, QFX5220, QFX5230-64CD, QFX5240-64OD, and QFX5240-64QD)

    A firewall filter term that has a filter based forwarding action is always processed first, regardless of its order of placement in the firewall filter configuration. You use force-fbf-terms to change this default behavior. When you apply this configuration, the firewall filter terms in a firewall filter are always processed in the order of their placement in the configuration, irrespective of whether a firewall filter term has a filter based forwarding action or not.

    [See force-fbf-terms.]

  • Selectively enable or disable dynamic load balancing (QFX5230-64CD, QFX5240-64OD, and QFX5240-64QD)—You can selectively enable or disable dynamic load balancing based on rdma-opcode match or any match available in firewall filters using the new dynamic-load-balance configuration statement.You can modify port load and port queue metrics from their default values so that when selective load balancing is enabled, the metrics are used to determine an optimal link. Use the new egress-quantization configuration statement to configure the desired ratio of port load metric to port queue metric based on the traffic pattern.

    [See rdma-opcode, dynamic-load-balance-selective, and egress-quantization.]

  • Support for forwarding matched packets to a specific VLAN (QFX5130-32CD, QFX5130-48C, and QFX5700)—To activate this action profile on these platforms, you have to apply the set system packet-forwarding-options firewall profiles actions ethernet-switching profile1 configuration. You can configure the vlan vlanID action in port and VLAN firewall filter rules.

    [See Firewall Filter Match Conditions and Actions (QFX and EX Series Switches).]