NOTE:
A prefix-specific action is specific to a source or destination
prefix range, but it is not specific to a particular source or destination
address range, and it is not specific to a particular interface.
To apply a prefix-specific action to the traffic at an interface, you configure a firewall
filter term that matches on source or destination addresses, and then you apply the
firewall filter to the interface. The flow of filtered traffic is rate-limited using prefix-specific
counter and policer instances that are selected per packet based on the source or
destination address in the header of the filtered packet.
Prefix-Specific Action Configuration
To configure a prefix-specific action, you specify the following information:
•
Prefix-specific action name—Name that can be referenced as the action of an IPv4
standard firewall filter term that matches packets on source or destination addresses.
•
Policer name—Name of a single-rate two-color policer for which you want to implicitly
create prefix-specific instances.
NOTE:
For aggregated Ethernet interfaces, you can configure a
prefix-specific action that references a logical interface policer (also called
an aggregate policer). You can reference this type of prefix-specific action
from an IPv4 standard firewall filter and then apply the filter at the
aggregate level of the interface.
•
Counting option—Option to include if you want to enable prefix-specific counters.
•
Filter-specific option—Option to include if you want a single counter and policer set to
be shared across all terms in the firewall filter. A prefix-specific action that operates
in this way is said to operate in
filter-specific
mode. If you do not enable this option,
the prefix-specific action operates in
term-specific
mode, meaning that a separate
counter and policer set is created for each filter term that references the prefix-specific
action.
•
Source address prefix length—Length of the address prefix, from 0 through 32, to be
used with a packet matched on the source address.
•
Destination address prefix length—Length of the address prefix, from 0 through 32, to
be used with a packet matched on the destination address.
•
Subnet prefix length—Length of the subnet prefix, from 0 through 32, to be used with
a packet matched on either the source or destination address.
You must configure source and destination address prefix lengths to be from 1 to 16 bits
longer than the subnet prefix length. If you configure source or destination address prefix
lengths to be more than 16 bits beyond the configured subnet prefix length, an error
occurs when you try to commit the configuration.
Copyright © 2016, Juniper Networks, Inc.
98
Traffic Policers Feature Guide for EX9200 Switches
Summary of Contents for EX9200 Series
Page 8: ...Copyright 2016 Juniper Networks Inc viii Traffic Policers Feature Guide for EX9200 Switches ...
Page 10: ...Copyright 2016 Juniper Networks Inc x Traffic Policers Feature Guide for EX9200 Switches ...
Page 12: ...Copyright 2016 Juniper Networks Inc xii Traffic Policers Feature Guide for EX9200 Switches ...
Page 20: ...Copyright 2016 Juniper Networks Inc 2 Traffic Policers Feature Guide for EX9200 Switches ...
Page 32: ...Copyright 2016 Juniper Networks Inc 14 Traffic Policers Feature Guide for EX9200 Switches ...
Page 34: ...Copyright 2016 Juniper Networks Inc 16 Traffic Policers Feature Guide for EX9200 Switches ...
Page 42: ...Copyright 2016 Juniper Networks Inc 24 Traffic Policers Feature Guide for EX9200 Switches ...
Page 54: ...Copyright 2016 Juniper Networks Inc 36 Traffic Policers Feature Guide for EX9200 Switches ...
Page 56: ...Copyright 2016 Juniper Networks Inc 38 Traffic Policers Feature Guide for EX9200 Switches ...
Page 72: ...Copyright 2016 Juniper Networks Inc 54 Traffic Policers Feature Guide for EX9200 Switches ...
Page 132: ...Copyright 2016 Juniper Networks Inc 114 Traffic Policers Feature Guide for EX9200 Switches ...
Page 152: ...Copyright 2016 Juniper Networks Inc 134 Traffic Policers Feature Guide for EX9200 Switches ...
Page 162: ...Copyright 2016 Juniper Networks Inc 144 Traffic Policers Feature Guide for EX9200 Switches ...
Page 178: ...Copyright 2016 Juniper Networks Inc 160 Traffic Policers Feature Guide for EX9200 Switches ...
Page 186: ...Copyright 2016 Juniper Networks Inc 168 Traffic Policers Feature Guide for EX9200 Switches ...
Page 188: ...Copyright 2016 Juniper Networks Inc 170 Traffic Policers Feature Guide for EX9200 Switches ...
Page 202: ...Copyright 2016 Juniper Networks Inc 184 Traffic Policers Feature Guide for EX9200 Switches ...
Page 212: ...Copyright 2016 Juniper Networks Inc 194 Traffic Policers Feature Guide for EX9200 Switches ...
Page 214: ...Copyright 2016 Juniper Networks Inc 196 Traffic Policers Feature Guide for EX9200 Switches ...
Page 278: ...Copyright 2016 Juniper Networks Inc 260 Traffic Policers Feature Guide for EX9200 Switches ...