Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Routing Policy and Firewall Filters

  • Use policies to validate flow specification filters (MX Series)—Use policies to validate the flow specification filters at the edge routers signalling flow routes over external BGP (EBGP) session to the peers. By configuring the policies, you can prevent the flow routes from accidentally or maliciously blocking protocol sessions. You can also prevent the admission of malformed, unsupported, or undesired flow routes coming from the source.

    Configure policies by specifying the match conditions and flow route actions at the [edit policy-options flowspec-attribute] hierarchy level.

    [See Configuring Policies for Flow Route Validation].

  • Policy to enable per-route-accounting on selective flow routes (MX Series)—You can selectively enable individual counters for flow specification routes. Use the new policy action flow route accounting in the following statement format:

    set policy-options policy-statement < > term < > then flow-route-accounting

    [See flowspec-attribute].

  • New CLI option for flow family matching policy configuration (MX Series)—The following new CLI options are available for configuring policies to match against specific family routes. Use these options at the [edit policy-options policy-statement from family]hierarchy level:

    inet-flow—IPv4 flow family

    inet6-flow—IPv6 flow family

    inet-vpn-flow—IPv4 VPN flow family

    inet6-vpn-flow—IPv6 VPN flow family

    [See flowspec-attribute].