Supported Platforms
Related Documentation
- MX Series
- Classic Filters Overview
- Ascend-Data-Filter Policies for Subscriber Management Overview
- Parameterized Filters Overview
- Fast Update Filters Overview
- Dynamically Attaching Statically Created Filters for Any Interface Type
- Dynamically Attaching Statically Created Filters for a Specific Interface Family Type
- Dynamically Attaching Filters Using RADIUS Variables
Dynamic Firewall Filters Overview
Firewall filters provide rules that define whether to accept or reject packets that are transiting an interface on a router. The subscriber management feature supports four categories of firewall filters—classic filters, parameterized filters, Ascend-Data-Filters, and fast update filters.
- Classic filters are compiled at commit time and then, when a service is activated, an interface-specific clone of the filter is created and attached to a logical interface. Classic filters are static filters; they cannot contain subscriber-specific terms (also called rules). Classic filters can be applied to interfaces dynamically. This dynamic application is performed by associating input or output filters with a dynamic profile. When triggered, a dynamic profile can apply a named filter or a filter specified in RADIUS to an interface.
- Parameterized filters add the ability to configure firewall filters under a dynamic profile. The filter definitions utilize dynamic-profile variables, which allow you to customize your configuration at session creation time. You can configure a general filter under a dynamic profile and then provide policing rates, destination addresses, ports, and so forth when a dynamic session is activated.
- Ascend-Data-Filters create policies for subscriber traffic. The filter is configured on the RADIUS server and contains rules that specifically match conditions for traffic and define an action for the router to perform.
- Fast update filters are similar to classic filters in many ways. However, fast update filters support subscriber-specific, rather than interface-specific, filter values. Fast update filters also allow individual filter terms to be incrementally added or removed from filters without requiring that the entire filter be recompiled for each modification. Fast update filters are essential for networking environments in which multiple subscribers might share the same logical interface.
You configure firewall filters to determine whether to accept or reject traffic before it enters or exits an interface to which the firewall filter is applied. An input (or ingress) firewall filter is applied to packets that are entering a network. An output (or egress) firewall filter is applied to packets that are exiting a network. You can configure firewall filters to subject packets to filtering or class-of-service (CoS) marking (grouping similar types of traffic together and treating each type of traffic as a class with its own level of service priority).
Related Documentation
- MX Series
- Classic Filters Overview
- Ascend-Data-Filter Policies for Subscriber Management Overview
- Parameterized Filters Overview
- Fast Update Filters Overview
- Dynamically Attaching Statically Created Filters for Any Interface Type
- Dynamically Attaching Statically Created Filters for a Specific Interface Family Type
- Dynamically Attaching Filters Using RADIUS Variables
Published: 2013-02-11
Supported Platforms
Related Documentation
- MX Series
- Classic Filters Overview
- Ascend-Data-Filter Policies for Subscriber Management Overview
- Parameterized Filters Overview
- Fast Update Filters Overview
- Dynamically Attaching Statically Created Filters for Any Interface Type
- Dynamically Attaching Statically Created Filters for a Specific Interface Family Type
- Dynamically Attaching Filters Using RADIUS Variables
