Policy Framework Configuration Guide - Juniper Networks

More documents

Recommendations

Info

Junos 10.4 Policy Framework Configuration Guide Chapter 12 Summary of Firewall Filter and Policer Configuration Statements . . . . . . 315 accounting-profile . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 315 action . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 316 color-aware . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 316 color-blind . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 317 committed-burst-size . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 318 committed-information-rate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 319 excess-burst-size . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 320 family . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 321 filter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 322 filter-specific . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 323 firewall . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 323 if-exceeding . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 324 interface-set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 325 interface-specific . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 325 load-balance-group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 326 logical-bandwidth-policer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 326 logical-interface-policer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 327 loss-priority high then discard (Three-Color Policer) . . . . . . . . . . . . . . . . . . . . . . 327 peak-burst-size . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 328 peak-information-rate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 329 physical-interface-filter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 330 physical-interface-policer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 330 policer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 331 prefix-action . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 332 service-filter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 333 simple-filter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 334 single-rate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 335 term . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 336 three-color-policer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 338 three-color-policer (Applying) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 338 three-color-policer (Configuring) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 339 two-rate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 340 Part 4 Chapter 13 Traffic Sampling, Forwarding and Monitoring Introduction to Traffic Sampling, Forwarding, and Monitoring Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 343 Traffic Sampling, Forwarding, and Monitoring Overview . . . . . . . . . . . . . . . . . . . 343 Chapter 14 Introduction to Traffic Sampling Configuration . . . . . . . . . . . . . . . . . . . . . . 345 Traffic Sampling Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 345 Minimum Traffic Sampling Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 346 Configuring Traffic Sampling . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 347 Disabling Traffic Sampling . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 349 Configuring the Output File for Traffic Sampling . . . . . . . . . . . . . . . . . . . . . . . . . 349 Traffic Sampling Output Format . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 350 Tracing Traffic-Sampling Operations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 351 xvi Copyright © 2010, Juniper Networks, Inc.
Table of Contents Configuring Flow Aggregation (cflowd) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 351 Debugging cflowd Flow Aggregation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 353 Configuring Active Flow Monitoring Using Version 9 . . . . . . . . . . . . . . . . . . . . . . 354 Example: Configuring Active Flow Monitoring Using Version 9 . . . . . . . . . . . 355 Traffic Sampling Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 355 Example: Sampling a Single SONET/SDH Interface . . . . . . . . . . . . . . . . . . . . . . 355 Example: Sampling All Traffic from a Single IP Address . . . . . . . . . . . . . . . . . . . 356 Example: Sampling All FTP Traffic . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 357 Chapter 15 Traffic Forwarding and Monitoring Configuration . . . . . . . . . . . . . . . . . . . . 359 Configuring Traffic Forwarding and Monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . 359 Applying Filters to Forwarding Tables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 363 Configuring IPv6 Accounting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 364 Configuring Discard Accounting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 364 Configuring Flow Monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 366 Configuring Next-Hop Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 367 Per-Flow and Per-Prefix Load Balancing Overview . . . . . . . . . . . . . . . . . . . . . . . 367 Configuring Per-Prefix Load Balancing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 368 Configuring Per-Flow Load Balancing Based on Hash Values . . . . . . . . . . . . . . . 369 Configuring Routers, Switches, and Interfaces as DHCP and BOOTP Relay Agents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 369 Configuring DNS and TFTP Packet Forwarding . . . . . . . . . . . . . . . . . . . . . . . . . . . 371 Tracing BOOTP, DNS, and TFTP Forwarding Operations . . . . . . . . . . . . . . . 372 Configuring the Log Filename . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 373 Configuring the Number and Size of Log Files . . . . . . . . . . . . . . . . . . . . 373 Configuring Access to the Log File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 373 Configuring a Regular Expression for Lines to Be Logged . . . . . . . . . . . 374 Example: Configuring DNS Packet Forwarding . . . . . . . . . . . . . . . . . . . . . . . 374 Preventing DHCP Spoofing on MX Series Ethernet Services Routers . . . . . . . . . 374 Configuring Port Mirroring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 375 Configuration Guidelines . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 376 Configuring Port Mirroring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 377 Configuring the Port-Mirroring Address Family and Interface . . . . . . . . 377 Configuring Multiple Port-Mirroring Instances . . . . . . . . . . . . . . . . . . . . . . . . 377 Configuring Port-Mirroring Instances . . . . . . . . . . . . . . . . . . . . . . . . . . . 378 Associating a Port-Mirroring Instance on M320 Routers . . . . . . . . . . . . 378 Associating a Port-Mirroring Instance on M120 Routers . . . . . . . . . . . . 379 Configuring MX Series Ethernet Services Routers and M120 Routers to Mirror Traffic Only Once . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 379 Configuring Packet Capture . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 379 Chapter 16 Summary of Traffic Sampling, Forwarding, and Monitoring Configuration Statements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 383 accounting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 384 aggregation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 385 autonomous-system-type . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 386 bootp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 387 cflowd . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 388 cflowd (Discard Accounting) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 388 cflowd (Flow Monitoring) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 389 Copyright © 2010, Juniper Networks, Inc. xvii
Page 1 and 2: Junos ® OS Policy Framework Config
Page 3 and 4: END USER LICENSE AGREEMENT READ THI
Page 5 and 6: 12. Commercial Computer Software. T
Page 7 and 8: Abbreviated Table of Contents Part
Page 9 and 10: Table of Contents About This Guide
Page 11 and 12: Table of Contents Testing Routing P
Page 13 and 14: Table of Contents Using Routing Pol
Page 15: Table of Contents Configuring Forwa
Page 19 and 20: Table of Contents interface (Next-H
Page 21 and 22: List of Figures Part 1 Policy Frame
Page 23 and 24: List of Tables About This Guide . .
Page 25 and 26: About This Guide This preface provi
Page 27 and 28: About This Guide • MX Series •
Page 29 and 30: About This Guide Table 1: Notice Ic
Page 31 and 32: About This Guide or are covered und
Page 33 and 34: PART 1 Policy Framework • Introdu
Page 35 and 36: CHAPTER 1 Introduction to Policy Fr
Page 37 and 38: Chapter 1: Introduction to Policy F
Page 45 and 46: PART 2 Routing Policies • Introdu
Page 47 and 48: CHAPTER 2 Introduction to Routing P
Page 49 and 50: Chapter 2: Introduction to Routing
Page 67 and 68:
CHAPTER 3 Routing Policy Configurat
Page 69 and 70:
Chapter 3: Routing Policy Configura
Page 71 and 72:
CHAPTER 4 Routing Policy Configurat
Page 73 and 74:
Page 75 and 76:
Page 77 and 78:
Page 79 and 80:
Page 81 and 82:
Page 83 and 84:
Page 85 and 86:
Page 87 and 88:
Page 89 and 90:
Page 91 and 92:
Page 93 and 94:
Page 95 and 96:
Page 97 and 98:
Page 99 and 100:
Page 101 and 102:
Page 103 and 104:
Page 105 and 106:
Page 107 and 108:
Page 109 and 110:
Page 111 and 112:
Page 113 and 114:
Page 115 and 116:
Page 117 and 118:
Page 119 and 120:
Page 121 and 122:
Page 123 and 124:
Page 125 and 126:
Page 127 and 128:
CHAPTER 5 Extended Match Conditions
Page 129 and 130:
Chapter 5: Extended Match Condition
Page 131 and 132:
Page 133 and 134:
Page 135 and 136:
Page 137 and 138:
Page 139 and 140:
Page 141 and 142:
Page 143 and 144:
Page 145 and 146:
Page 147 and 148:
Page 149 and 150:
Page 151 and 152:
Page 153 and 154:
Page 155 and 156:
Page 157 and 158:
Page 159 and 160:
Page 161 and 162:
Page 163 and 164:
Page 165 and 166:
Page 167 and 168:
CHAPTER 6 Extended Actions Configur
Page 169 and 170:
Chapter 6: Extended Actions Configu
Page 171 and 172:
Page 173 and 174:
Page 175 and 176:
Page 177 and 178:
Page 179 and 180:
Page 181 and 182:
Page 183 and 184:
Page 185 and 186:
Page 187 and 188:
Page 189 and 190:
Page 191 and 192:
Page 193 and 194:
Page 195 and 196:
Page 197 and 198:
CHAPTER 7 Summary of Routing Policy
Page 199 and 200:
Chapter 7: Summary of Routing Polic
Page 201 and 202:
Page 203 and 204:
Page 205 and 206:
Page 207 and 208:
Page 209 and 210:
Page 211 and 212:
Page 213 and 214:
PART 3 Firewall Filters • Introdu
Page 215 and 216:
CHAPTER 8 Introduction to Firewall
Page 217 and 218:
Chapter 8: Introduction to Firewall
Page 219 and 220:
Page 221 and 222:
Page 223 and 224:
CHAPTER 9 Firewall Filter Configura
Page 225 and 226:
Chapter 9: Firewall Filter Configur
Page 227 and 228:
Page 229 and 230:
Page 231 and 232:
Page 233 and 234:
Page 235 and 236:
Page 237 and 238:
Page 239 and 240:
Page 241 and 242:
Page 243 and 244:
Page 245 and 246:
Page 247 and 248:
Page 249 and 250:
Page 251 and 252:
Page 253 and 254:
Page 255 and 256:
Page 257 and 258:
Page 259 and 260:
Page 261 and 262:
Page 263 and 264:
Page 265 and 266:
Page 267 and 268:
Page 269 and 270:
Page 271 and 272:
Page 273 and 274:
Page 275 and 276:
Page 277 and 278:
Page 279 and 280:
Page 281 and 282:
Page 283 and 284:
Page 285 and 286:
Page 287 and 288:
Page 289 and 290:
Page 291 and 292:
Page 293 and 294:
Page 295 and 296:
Page 297 and 298:
Page 299 and 300:
Page 301 and 302:
Page 303 and 304:
Page 305 and 306:
Page 307 and 308:
Page 309 and 310:
CHAPTER 10 Introduction to Traffic
Page 311 and 312:
Chapter 10: Introduction to Traffic
Page 313 and 314:
Page 315 and 316:
CHAPTER 11 Policer Configuration Si
Page 317 and 318:
Chapter 11: Policer Configuration [
Page 319 and 320:
Chapter 11: Policer Configuration I
Page 321 and 322:
Chapter 11: Policer Configuration C
Page 323 and 324:
Chapter 11: Policer Configuration u
Page 325 and 326:
Chapter 11: Policer Configuration T
Page 327 and 328:
Chapter 11: Policer Configuration
Page 329 and 330:
Chapter 11: Policer Configuration }
Page 331 and 332:
Chapter 11: Policer Configuration N
Page 333 and 334:
Chapter 11: Policer Configuration }
Page 335 and 336:
Page 337 and 338:
Chapter 11: Policer Configuration A
Page 339 and 340:
Chapter 11: Policer Configuration p
Page 341 and 342:
Page 343 and 344:
Chapter 11: Policer Configuration p
Page 345 and 346:
Chapter 11: Policer Configuration c
Page 347 and 348:
CHAPTER 12 Summary of Firewall Filt
Page 349 and 350:
Chapter 12: Summary of Firewall Fil
Page 351 and 352:
Page 353 and 354:
Page 355 and 356:
Page 357 and 358:
Page 359 and 360:
Page 361 and 362:
Page 363 and 364:
Page 365 and 366:
Page 367 and 368:
Page 369 and 370:
Page 371 and 372:
Page 373 and 374:
PART 4 Traffic Sampling, Forwarding
Page 375 and 376:
Page 377 and 378:
Page 379 and 380:
Page 381 and 382:
Page 383 and 384:
Page 385 and 386:
Page 387 and 388:
Page 389 and 390:
Page 391 and 392:
CHAPTER 15 Traffic Forwarding and M
Page 393 and 394:
Chapter 15: Traffic Forwarding and
Page 395 and 396:
Page 397 and 398:
Page 399 and 400:
Page 401 and 402:
Page 403 and 404:
Page 405 and 406:
Page 407 and 408:
Page 409 and 410:
Page 411 and 412:
Page 413 and 414:
Page 415 and 416:
CHAPTER 16 Summary of Traffic Sampl
Page 417 and 418:
Chapter 16: Summary of Traffic Samp
Page 419 and 420:
Page 421 and 422:
Page 423 and 424:
Page 425 and 426:
Page 427 and 428:
Page 429 and 430:
Page 431 and 432:
Page 433 and 434:
Page 435 and 436:
Page 437 and 438:
Page 439 and 440:
Page 441 and 442:
Page 443 and 444:
Page 445 and 446:
Page 447 and 448:
Page 449 and 450:
Page 451 and 452:
Page 453 and 454:
Page 455 and 456:
Page 457 and 458:
Page 459 and 460:
Page 461 and 462:
Page 463 and 464:
Page 465 and 466:
Page 467 and 468:
Page 469 and 470:
Page 471 and 472:
Page 473 and 474:
Page 475 and 476:
Page 477 and 478:
Page 479 and 480:
Page 481 and 482:
Page 483 and 484:
Page 485 and 486:
Page 487 and 488:
Page 489 and 490:
Page 491 and 492:
PART 5 Indexes • Index on page 46
Page 493 and 494:
Index Symbols ! in policy expressio
Page 495 and 496:
Index Layer 2 bridging traffic (MX
Page 497 and 498:
Index input statement..............
Page 499 and 500:
Index P P2MP.......................
Page 501 and 502:
Index show policy damping command..
Page 503 and 504:
Index of Statements and Commands A
Page 505 and 506:
Index of Statements and Commands si
show all

Policy Framework Configuration Guide - Juniper Networks

Create successful ePaper yourself

Delete template?

Save as template?