Routing Policy and Firewall Filters
-
Support to configure DDoS protocol using CLI (EX3400 and EX4300-MP)—You can configure the DDOS protocol using CLI on EX3400 and EX4300-MP devices. You can also use the following operational commands to view the DDOS protocol details:
-
show ddos-protection protocols
-
show ddos-protection statistics
-
show ddos-protection protocols violations
-
show ddos-protection protocols parameters
-
show ddos-protection protocols statistics
-
clear ddos-protection protocols
[See ddos-protection (DDoS), show ddos-protection protocols, clear ddos-protection protocols, show ddos-protection statistics, show ddos-protection protocols violations, show ddos-protection protocols parameters, and show ddos-protection protocols statistics.]
-
-
Support added for matching ARP request packet, ARP reply packet, ARP header sender IPv4 address, or ARP header target IPv4 address (EX2300, EX3400, EX4100-48P, EX4300-MP, EX4400-24P, and EX4650)—New ARP match conditions added -
arp-type
,arp-sender-address
, andarp-target-address
.[See Firewall Filter Match Conditions and Actions (QFX and EX Series Switches).]
-
Filter-based forwarding for GBP-tagged traffic (EX4100-48P, EX4400-48F, EX4650, and QFX5120-48T)—This is the ability to forward traffic to a specified next hop if the GBP tags assigned to that traffic match the GBP tags specified in the filter. Use this feature to apply different routing treatment for the specified tagged traffic versus regular traffic.
[See Example: Micro and Macro Segmentation using Group Based Policy in a VXLAN.]