Configuring Actions
Actions define the action taken on packets that match conditions in a policy rule. You create actions within policy rules. The type of action that you can create depends on the type of policy rule. See Supported Conditions and Actions.
Configure the action as described in the following sections:
- Configuring DOCSIS Actions
- Configuring Filter Actions
- Configuring FlowSpec Actions
- Configuring Forward Actions
- Configuring Forwarding Class Actions
- Configuring GateSpec Actions
- Configuring Loss Priority Actions
- Configuring Mark Actions
- Configuring NAT Actions
- Configuring Next-Hop Actions
- Configuring Next-Interface Actions
- Configuring Next-Rule Actions
- Configuring Policer Actions
- Configuring QoS Profile Attachment Actions
- Configuring Rate-Limit Actions
- Configuring Reject Actions
- Configuring Routing Instance Actions
- Configuring Scheduler Actions
- Configuring Service Class Name Actions
- Configuring Stateful Firewall Actions
- Configuring Traffic-Class Actions
- Configuring Traffic-Mirror Actions
- Configuring Traffic-Shape Actions
Configuring DOCSIS Actions
You can configure Data over Cable Service Interface Specifications (DOCSIS) actions for PacketCable Multimedia Specification (PCMM) policy rules.
Use the following configuration statements to configure DOCSIS actions. Use the configuration statement for the service flow scheduling type that you want to use for the DOCSIS action. The types are best effort, downstream, non-real-time polling service, real-time polling service, unsolicited grant service, unsolicited grant service with activity detection, or parameter.
policies groupname
listname
rulename
docsis-best-effortname
{traffic-prioritytraffic-priority
; request-transmission-policyrequest-transmission-policy
; maximum-sustained-ratemaximum-sustained-rate
; maximum-traffic-burstmaximum-traffic-burst
; minimum-reserved-rateminimum-reserved-rate
; assumed-minimum-res-packet-sizeassumed-minimum-res-packet-size
; descriptiondescription
;}policies groupname
listname
rulename
docsis-down-streamname
{traffic-prioritytraffic-priority
; maximum-latencymaximum-latency
; maximum-sustained-ratemaximum-sustained-rate
; maximum-traffic-burstmaximum-traffic-burst;
minimum-reserved-rateminimum-reserved-rate
; assumed-minimum-res-packet-sizeassumed-minimum-res-packet-size
; descriptiondescription
;}policies groupname
listname
rulename
docsis-non-real-timename
{traffic-prioritytraffic-priority
; request-transmission-policyrequest-transmission-policy
; maximum-sustained-ratemaximum-sustained-rate
; maximum-traffic-burstmaximum-traffic-burst
; minimum-reserved-rateminimum-reserved-rate;
assumed-minimum-res-packet-sizeassumed-minimum-res-packet-size
; nominal-polling-intervalnominal-polling-interval
; descriptiondescription
;}policies groupname
listname
rulename
docsis-real-timename
{request-transmission-policyrequest-transmission-policy
; maximum-sustained-ratemaximum-sustained-rate
; maximum-traffic-burstmaximum-traffic-burst
; minimum-reserved-rateminimum-reserved-rate
; assumed-minimum-res-packet-sizeassumed-minimum-res-packet-size
; nominal-polling-intervalnominal-polling-interval
; tolerated-poll-jittertolerated-poll-jitter
; descriptiondescription
;}policies groupname
listname
rulename
docsis-unsolicited-grantname
{request-transmission-policy request-transmission-policy
; grant-sizegrant-size
; grants-per-intervalgrants-per-interval
; tolerated-grant-jittertolerated-grant-jitter
; nominal-grant-intervalnominal-grant-interval
; descriptiondescription
;}policies groupname
listname
rulename
docsis-unsolicited-grant-adname
{request-transmission-policyrequest-transmission-policy
; nominal-polling-intervalnominal-polling-interval
; grant-sizegrant-size
; grants-per-intervalgrants-per-interval
; tolerated-grant-jittertolerated-grant-jitter
; nominal-grant-intervalnominal-grant-interval
; descriptiondescription
;}policies groupname
listname
rulename
docsis-paramname
{service-flow-typeservice-flow-type
; traffic-prioritytraffic-priority
; request-transmission-policyrequest-transmission-policy
; maximum-sustained-ratemaximum-sustained-rate
; maximum-traffic-burstmaximum-traffic-burst
; minimum-reserved-rateminimum-reserved-rate
; assumed-minimum-res-packet-sizeassumed-minimum-res-packet-size
; maximum-latencymaximum-latency
; nominal-polling-intervalnominal-polling-interval
; tolerated-poll-jittertolerated-poll-jitter
; grant-sizegrant-size
; grants-per-intervalgrants-per-interval
; tolerated-grant-jittertolerated-grant-jitter
; nominal-grant-intervalnominal-grant-interval
; descriptiondescription
;}
- From configuration mode, enter the DOCSIS action configuration. For example, in this procedure, DOCSISParameter is the name of the DOCSIS action.
user@host#edit policies group pcmm list DocsisParameter rule in docsis-param DOCSISParameter
- Assign a parameter as the service flow scheduling type.
Before you assign a parameter, you must create a parameter of type trafficProfileType and commit the parameter configuration.
[edit policies group pcmm list DocsisParameter rule in docsis-param DOCSISParameter]user@host#set service-flow-type
service-flow-type
- (Optional) Configure a priority for the service flow. If two traffic flows are identical in all QoS parameters except priority, the higher-priority service flow is given preference.
[edit policies group pcmm list DocsisParameter rule in docsis-param DOCSISParameter]user@host#set traffic-priority
traffic-priority
- (Optional) Configure the request transmission policy, which is the interval usage code that the cable modem uses for upstream transmission requests and packet transmissions for this service flow. It also specifies whether requests can be piggybacked with data.
- For data packets transmitted on this service flow, this option also specifies whether packets can be concatenated, fragmented, or have their payload headers suppressed.
- For UGS service flows, this option also specifies how to treat packets that do not fit into the UGS grant.
[edit policies group pcmm list DocsisParameter rule in docsis-param DOCSISParameter]user@host#set request-transmission-policy
request-transmission-policy
- (Optional) Configure the maximum sustained rate at which traffic can operate over the service flow.
[edit policies group pcmm list DocsisParameter rule in docsis-param DOCSISParameter]user@host#set maximum-sustained-rate
maximum-sustained-rate
- (Optional) Configure the maximum burst size for the service flow. This option has no effect unless you configure a nonzero value for the maximum sustained rate.
[edit policies group pcmm list DocsisParameter rule in docsis-param DOCSISParameter]user@host#set maximum-traffic-burst
maximum-traffic-burst
- (Optional) Configure the guaranteed minimum rate that is reserved for the service flow.
[edit policies group pcmm list DocsisParameter rule in docsis-param DOCSISParameter]user@host#set minimum-reserved-rate
minimum-reserved-rate
- (Optional) Configure the assumed minimum packet size for which the minimum reserved traffic rate is provided. If a packet is smaller than the assumed minimum packet size, the software treats the packet as if its size is equal to the value specified in this option.
[edit policies group pcmm list DocsisParameter rule in docsis-param DOCSISParameter]user@host#set assumed-minimum-res-packet-size
assumed-minimum-res-packet-size
- (Optional) Configure the maximum latency for downstream service flows. It is the maximum latency for a packet that passes through the CMTS device, from the time that the CMTS device's network side interface receives the packet until the CMTS device forwards the packet on its radio frequency (RF) interface.
[edit policies group pcmm list DocsisParameter rule in docsis-param DOCSISParameter]user@host#set maximum-latency
maximum-latency
- (Optional) Configure the nominal interval between successive unicast request opportunities for this service flow.
[edit policies group pcmm list DocsisParameter rule in docsis-param DOCSISParameter]user@host#set nominal-polling-interval
nominal-polling-interval
- (Optional) Configure the maximum amount of time that unicast request intervals can be delayed beyond the nominal polling interval.
[edit policies group pcmm list DocsisParameter rule in docsis-param DOCSISParameter]user@host#set tolerated-poll-jitter
tolerated-poll-jitter
- (Optional) Configure the size of the individual data grants provided to the service flow.
[edit policies group pcmm list DocsisParameter rule in docsis-param DOCSISParameter]user@host#set grant-size
grant-size
- (Optional) Configure the actual number of data grants given to the service flow during each nominal grant interval.
[edit policies group pcmm list DocsisParameter rule in docsis-param DOCSISParameter]user@host#set grants-per-interval
grants-per-interval
- (Optional) Configure the maximum amount of time that the transmission opportunities can be delayed beyond the nominal grant interval.
[edit policies group pcmm list DocsisParameter rule in docsis-param DOCSISParameter]user@host#set tolerated-grant-jitter
tolerated-grant-jitter
- (Optional) Configure the nominal interval between successive unsolicited data grant opportunities for this service flow.
[edit policies group pcmm list DocsisParameter rule in docsis-param DOCSISParameter]user@host#set nominal-grant-interval
nominal-grant-interval
- (Optional) Enter a description for the filter action.
[edit policies group pcmm list DocsisParameter rule in docsis-param DOCSISParameter]user@host#set description
description
- (Optional) Verify the DOCSIS action configuration.
[edit policies group pcmm list DocsisParameter rule in docsis-param DOCSISParameter]user@host#show
service-flow-type action;traffic-priority 1;request-transmission-policy 1;maximum-sustained-rate 1500;maximum-traffic-burst 3044;minimum-reserved-rate 1240;assumed-minimum-res-packet-size 124;description "DOCSIS parameter action with a parameter service flow scheduling type";Configuring Filter Actions
Use this action to discard packets. You can configure filter actions for JUNOS filters and JUNOSe policy rules.
Use the following configuration statement to configure a filter action:
policies groupname
listname
rulename
filtername
{descriptiondescription
;}
- From configuration mode, enter the filter action configuration. For example, in this procedure, fa is the name of the filter action.
user@host#edit policies group junos_filter list in rule pr filter fa
- (Optional) Enter a description for the filter action.
[edit policies group junos_filter list in rule pr filter fa]user@host#set description
description
- (Optional) Verify the filter action configuration.
[edit policies group junos_filter list in rule pr filter fa]user@host#show
description "Filter action for JUNOS policies";Configuring FlowSpec Actions
A FlowSpec is made up of two parts, a traffic specification (TSpec) and a service request specification (RSpec). The TSpec describes the traffic requirements for the flow, and the RSpec specifies resource requirements for the desired service. You can configure FlowSpec actions for PCMM policy rules.
Use the following configuration statements to configure FlowSpec actions:
policies groupname
listname
rulename
flow-specname
{service-typeservice-type
; token-bucket-ratetoken-bucket-rate
; token-bucket-sizetoken-bucket-size
; peak-data-ratepeak-data-rate
; minimum-policed-unitminimum-policed-unit
; maximum-packet-sizemaximum-packet-size
; raterate
; slack-termslack-term
; descriptiondescription
;}To configure a FlowSpec action:
- From configuration mode, enter the FlowSpec action configuration. For example in this procedure, fsa is the name of the FlowSpec action.
user@host#edit policies group pcmm list TrafficProfileFlowSpec rule pr flow-spec fsa
- (Optional) Configure the type of FlowSpec service as either controlled_load_service or guaranteed_service. The FlowSpec options available for configuration change depending on the type of service that you select:
- Controlled load services can contain only TSpec parameters.
- Guaranteed services can contain both TSpec and RSpec parameters.
[edit policies group pcmm list TrafficProfileFlowSpec rule pr flow-spec fsa]user@host#set service-type
service-type
- (Optional TSpec parameter) Configure the guaranteed minimum rate that is reserved for the service flow.
[edit policies group pcmm list TrafficProfileFlowSpec rule pr flow-spec fsa]user@host#set token-bucket-rate
token-bucket-rate
- (Optional TSpec parameter) Configure the maximum burst size for the service flow.
[edit policies group pcmm list TrafficProfileFlowSpec rule pr flow-spec fsa]user@host#set token-bucket-size
token-bucket-size
- (Optional TSpec parameter) Configure the amount of bandwidth over the committed rate that is allocated to accommodate excess traffic flow over the committed rate.
[edit policies group pcmm list TrafficProfileFlowSpec rule pr flow-spec fsa]user@host#set peak-data-rate
peak-data-rate
- (Optional TSpec parameter) Configure the assumed minimum-reserved-rate packet size. If a packet is smaller than the minimum policed unit, the software treats the packet as if its size is equal to the value specified in this option.
[edit policies group pcmm list TrafficProfileFlowSpec rule pr flow-spec fsa]user@host#set minimum-policed-unit
minimum-policed-unit
- (Optional TSpec parameter) Configure the maximum packet size for the FlowSpec.
[edit policies group pcmm list TrafficProfileFlowSpec rule pr flow-spec fsa]user@host#set maximum-packet-size
maximum-packet-size
- (Optional RSpec parameter) Configure the average rate.
[edit policies group pcmm list TrafficProfileFlowSpec rule pr flow-spec fsa]user@host#set rate
rate
- (Optional RSpec parameter) Configure the amount of slack in the bandwidth reservation that can be used without redefining the reservation.
[edit policies group pcmm list TrafficProfileFlowSpec rule pr flow-spec fsa]user@host#set slack-term
slack-term
- (Optional) Configure a description for the FlowSpec action.
[edit policies group pcmm list TrafficProfileFlowSpec rule pr flow-spec fsa]user@host#set description
description
- (Optional) Verify the FlowSpec action configuration.
[edit policies group pcmm list TrafficProfileFlowSpec rule pr flow-spec fsa]user@host#show
service-number guaranteed_service;token-bucket-rate bucketRate;token-bucket-size bucketDepth;peak-data-rate peakRate;minimum-policed-unit minPolicedUnit;rate reservedRate;slack-term slackTerm;description "FlowSpec guaranteed service";Configuring Forward Actions
Use this action to forward packets, such as packets that are sent by means of a routing table. You can configure forward actions for JUNOS filters and JUNOSe policy rules.
Use the following configuration statement to configure forward actions:
policies groupname
listname
rulename
forwardname
{descriptiondescription
;}To configure a forward action:
- From configuration mode, enter the forward action configuration. For example, in this procedure, fwdAction is the name of the forward action.
user@host#edit policies group junose list forward rule pr forward fwdAction
- (Optional) Enter a description for the forward action.
[edit policies group junose list forward rule pr forward fwdAction]user@host#set description
description
- (Optional) Verify the forward action configuration.
[edit policies group junose list forward rule pr forward fwdAction]user@host#show
description "JUNOS Forward Action";Configuring Forwarding Class Actions
You can configure forwarding class actions for JUNOS filter policy rules. The forwarding class action causes the router to assign a forwarding class to packets that match the associated classify-traffic condition.
Use the following configuration statements to configure a forwarding class action:
policies groupname
listname
rulename
forwarding-classname
{forwarding-classforwarding-class
; descriptiondescription
;}To configure a forwarding class action:
- From configuration mode, enter the forwarding class action configuration. For example, in this procedure, fca is the name of the forwarding class action.
user@host#edit policies group bod list input rule pr forwarding-class fca
- (Optional) Configure the name of the forwarding class assigned to packets.
[edit policies group bod list input rule pr forwarding-class fca]user@host#set forwarding-class
forwarding-class
- (Optional) Enter a description for the forwarding class action.
[edit policies group bod list input rule pr forwarding-class fca]user@host#set description
description
- (Optional) Verify the forwarding class action configuration.
[edit policies group bod list input rule pr forwarding-class fca]user@host#show
forwarding-class fc_expedited;description "Expedited forwarding class";Configuring GateSpec Actions
You can configure GateSpec actions for PCMM policy rules. See Session Class ID for more information.
Use the following configuration statements to configure GateSpec actions:
policies groupname
listname
rulename
gate-specname
{session-class-id-prioritysession-class-id-priority
; session-class-id-preemptionsession-class-id-preemption
; session-class-id-configurablesession-class-id-configurable
; descriptiondescription
;}To configure a GateSpec action:
- From configuration mode, enter the GateSpec action configuration. For example, in this procedure, gsa is the name of the GateSpec action.
user@host#edit policies group pcmm list GateSpec rule pr gate-spec gsa
- (Optional) Configure the priority bits in the session class ID. The priority describes the relative importance of the session as compared with other sessions generated by the same policy decision point.
[edit policies group pcmm list GateSpec rule pr gate-spec gsa]user@host#set session-class-id-priority
session-class-id-priority
- (Optional) Configure the preemption bit in the session class ID. Use the preemption bit to allocate bandwidth to lower-priority sessions.
[edit policies group pcmm list GateSpec rule pr gate-spec gsa]user@host#set session-class-id-preemption
session-class-id-preemption
- (Optional) Configure the configurable bit in the session class ID.
[edit policies group pcmm list GateSpec rule pr gate-spec gsa]user@host#set session-class-id-configurable
session-class-id-configurable
- (Optional) Enter a description for the GateSpec action.
[edit policies group pcmm list GateSpec rule pr gate-spec gsa]user@host#set description
description
- (Optional) Verify the GateSpec action configuration.
[edit policies group pcmm list GateSpec rule pr gate-spec gsa]user@host#show
session-class-id-priority 5;session-class-id-preemption 0;session-class-id-configurable 5Configuring Loss Priority Actions
You can configure loss priority actions for JUNOS filter policy rules. The loss priority action causes the router to assign a packet loss priority to packets that match the associated classify-traffic condition.
Use the following configuration statements to configure loss priority actions:
policies groupname
listname
rulename
loss-priorityname
{loss-priorityloss-priority
; descriptiondescription
;}To configure a loss priority action:
- From configuration mode, enter the loss priority action configuration. For example, in this procedure, lpa is the name of the loss priority action.
user@host#edit policies group junos list lossPriority rule pr loss-priority lpa
- (Optional) Configure the packet loss priority.
[edit policies group junos list lossPriority rule pr loss-priority lpa]user@host#set loss-priority
loss-priority
- (Optional) Enter a description for the loss priority action.
[edit policies group junos list lossPriority rule pr loss-priority lpa]user@host#set description
description
- (Optional) Verify the loss priority action configuration.
[edit policies group junos list lossPriority rule pr loss-priority lpa]user@host#show
loss-priority high_priority;description "Loss Priority set to high";Configuring Mark Actions
Use this action to mark packets. You can configure mark actions for JUNOSe and PCMM policy rules.
Use the following configuration statements to configure a mark action:
policies groupname
listname
rulename
markname
{descriptiondescription
;}policies groupname
listname
rulename
markname
info {valuevalue
; maskmask
;}
- From configuration mode, enter the mark action configuration. For example, in this procedure, markAction is the name of the mark action.
user@host#edit policies group junose list mark rule pr mark markAction
- (Optional) Enter a description for the mark action.
[edit policies group junose list mark rule pr mark markAction]user@host#set description
description
- (Optional) Configure the mark value.
[edit policies group junose list mark rule pr mark markAction]user@host#set info value
value
- (Optional) Configure the mark mask.
[edit policies group junose list mark rule pr mark markAction]user@host#set info mask
mask
- (Optional) Verify the mark action configuration.
[edit policies group junose list mark rule pr mark markAction]user@host#show
info {mark-value 10;mask 255;}description "Mark action";Configuring NAT Actions
You can configure NAT actions for JUNOS ASP policy rules.
Use the following configuration statements to configure NAT actions:
policies groupname
listname
rulename
natname
{translation-typetranslation-type
; descriptiondescription
;}policies groupname
listname
rulename
natname
port {from-portfrom-port
;}policies groupname
listname
rulename
natname
ip-network group-network {network-specifiernetwork-specifier
;}
- From configuration mode, enter the NAT action configuration. For example, in this procedure, natAction is the name of the NAT action.
user@host#edit policies group junos list nat rule pr nat natAction
- (Optional) Configure the type of network address translation that is used.
[edit policies group junos list nat rule pr nat natAction]user@host#set translation-type
translation-type
- (Optional) Enter a description for the NAT action.
[edit policies group junos list nat rule pr nat natAction]user@host#set description
description
- (Optional) Configure the port range to restrict port translation when the NAT translation type is configured in dynamic-source mode.
[edit policies group junos list nat rule pr nat natAction]user@host#set port from-port
from-port
- (Optional) Configure the IP address ranges.
[edit policies group junos list nat rule pr nat natAction]user@host#set ip-network group-network network-specifier
network-specifier
- (Optional) Verify the NAT action configuration.
[edit policies group junos list nat rule pr nat natAction]user@host#show
translation-type "source dynamic";ip-network {group-network {network-specifier 192.168.1.100/32;}}port {from-port 2010..2020;}Configuring Next-Hop Actions
Use this action for the ingress side of the interface to specify the next IP address where the classified packets should go. You can configure next-hop actions for JUNOS filters and JUNOSe policy rules.
Using the Next-Hop Action with the Captive Portal
The captive portal feature is used to intercept HTTP requests from a subscriber to an unauthorized Web resource and redirect the requests to a dedicated Web page, the captive portal page. See Redirecting Traffic to a Captive Portal Web Page in SRC-PE Subscribers and Subscriptions Guide, Chapter 18, Developing a Residential Portal.
In a captive portal environment, you would typically set up a next-hop action on a subscriber's interface that forwards traffic to the redirect engine. In this case, you would set the next-hop address to the address of the redirect server.
When you set up redirect server redundancy, both the active and redundant redirect servers share a virtual IP address so that subscribers can always reach the active redirect server. Subscribers send requests to the virtual IP address, and the router automatically sends the request to the active redirect server by means of a static route. In this case, you would set the next-hop address to the virtual IP address.
Configuring Next-Hop Action
Use the following configuration statements to configure the next-hop action.
policies groupname
listname
rulename
next-hopname
{next-hop-addressnext-hop-address
; descriptiondescription
;}To configure a next-hop action:
- From configuration mode, enter the next-hop action configuration. For example, in this procedure, nha is the name of the next-hop action.
user@host#edit policies group junose list nexthop-to-ssp rule to-ssp next-hop nha
- (Optional) Configure the next IP address where the classified packets should go.
[edit policies group junose list nexthop-to-ssp rule to-ssp next-hop nha]user@host#set next-hop-address
next-hop-address
- (Optional) Enter a description for the next-hop action.
[edit policies group junose list nexthop-to-ssp rule to-ssp next-hop nha]user@host#set description
description
- (Optional) Verify the next-hop action configuration.
[edit policies group junose list nexthop-to-ssp rule to-ssp next-hop nha]user@host#show
next-hop-address virtual_ipAddress;description "Next hop action";Configuring Next-Interface Actions
Use this action to forward packets to a particular interface and/or a next-hop address. You can configure next-interface actions for JUNOS filters and JUNOSe policy rules. On JUNOSe routers, you can use this action for both ingress and egress parts of the interface.
Use the following configuration statements to configure next-interface actions:
policies groupname
listname
rulename
next-interfacename
{interface-specifierinterface-specifier
; next-hop-addressnext-hop-address
; descriptiondescription
;}To configure a next-interface action:
- From configuration mode, enter the next-interface action configuration. For example, in this procedure, nextInterface is the name of the next-interface action.
user@host#edit policies group redirect list input rule redirect next-interface nextInterface
- (Optional) Configure the IP interface to be used as the next interface for packets.
[edit policies group redirect list input rule redirect next-interface nextInterface]user@host#set interface-specifier
interface-specifier
- (Optional) Configure the next IP address where the classified packets should go. This option is available only in JUNOSe policy rules.
[edit policies group redirect list input rule redirect next-interface nextInterface]user@host#set next-hop-address
next-hop-address
- (Optional) Enter a description for the next-interface action.
[edit policies group redirect list input rule redirect next-interface nextInterface]user@host#set description
description
- (Optional) Verify the next-interface action configuration.
[edit policies group redirect list input rule redirect next-interface nextInterface]user@host#show
interfaceSpec "name='fastethernet3/0'";next-hop-address 10.10.227.3;description "Next-interface action for redirect policy";Configuring Next-Rule Actions
You can configure next-rule actions for JUNOS filter policy rules. If a packet matches the classify-traffic condition, the next-rule action causes the router to continue to the next rule in the policy list for evaluation.
Use the following configuration statement to configure next-rule actions.
policies groupname
listname
rulename
next-rulename
{descriptiondescription
;}To configure a next-rule action:
- From configuration mode, enter the next-rule action configuration. For example, in this procedure, nra is the name of the next-rule action.
user@host#edit policies group junos list filter rule next next-rule nra
- (Optional) Enter a description for the next-rule action.
[edit policies group junos list filter rule next next-rule nra]user@host#set description
description
- (Optional) Verify the next-rule action configuration.
[edit policies group junos list filter rule next next-rule nra]user@host#show configuration policies group junos list filter rule next next-rule nra
description "Next-rule action";Configuring Policer Actions
The policer action specifies rate and burst size limits and the action taken if a packet exceeds those limits. You can create policer actions in JUNOS policer and JUNOS filter policy rules.
Use the following configuration statements to configure policer actions:
policies groupname
listname
rulename
policername
{bandwidth-limitbandwidth-limit
; bandwidth-limit-unitbandwidth-limit-unit
; burstburst
; descriptiondescription
;}To configure a policer action:
- From configuration mode, enter the policer action configuration. For example, in this procedure, pa is the name of the policer action.
user@host#edit policies group junos list firewallFilterPolicer rule pr policer pa
- (Optional) Configure the traffic rate that, if exceeded, causes the router to take the indicated packet action.
[edit policies group junos list firewallFilterPolicer rule pr policer pa]user@host#set bandwidth-limit
bandwidth-limit
- (Optional) Configure the type of value entered for bandwidth limit.
[edit policies group junos list firewallFilterPolicer rule pr policer pa]user@host#set bandwidth-limit-unit
bandwidth-limit-unit
- (Optional) Configure the maximum burst size. The minimum recommended value is the maximum transmission unit (MTU) of the IP packets being policed.
[edit policies group junos list firewallFilterPolicer rule pr policer pa]user@host#set burst
burst
- (Optional) Enter a description for the policer action.
[edit policies group junos list firewallFilterPolicer rule pr policer pa]user@host#set description
description
- (Optional) Verify the policer action configuration.
[edit policies group junos list firewallFilterPolicer rule pr policer pa]user@host#show
bandwidth-limit 1048576;bandwidth-limit-unit bps;burst 15000;Configuring the Packet Action for the Policer Action
The packet action specifies the action taken on a packet that exceeds its rate limits. You configure packet actions within policer actions.
Use the following configuration statements to configure a packet action:
policies groupname
listname
rulename
policername
packet-actionname
...policies groupname
listname
rulename
policername
packet-actionname
forwarding-class {forwarding-classforwarding-class
;}policies groupname
listname
rulename
policername
packet-actionname
loss-priority {loss-priorityloss-priority
;}policies groupname
listname
rulename
policername
packet-actionname
parameter {actionaction
;}
- From configuration mode, enter the packet action configuration. For example, in this procedure, pktAction is the name of the packet action.
user@host#edit policies group junos list firewallFilterPolicer rule pr policer pa packet-action pktAction
- (Optional) Configure the action to take on packets that exceed the bandwidth limit configured in the policer action.
[edit policies group junos list firewallFilterPolicer rule pr policer pa packet-action pktAction]user@host#set filter
Forwarding class—Packets are assigned to the forwarding class that you specify. [edit policies group junos list firewallFilterPolicer rule pr policer pa packet-action pktAction]user@host#set forwarding-class
forwarding-class
Loss priority—Packets are assigned the loss priority that you specify. [edit policies group junos list firewallFilterPolicer rule pr policer pa packet-action pktAction]user@host#set loss-priority
loss-priority
Parameter—The action specified by the parameter is applied. Before you assign a parameter, you must create a parameter of type packetOperation and commit the parameter configuration. [edit policies group junos list firewallFilterPolicer rule pr policer pa packet-action pktAction]user@host#edit parameter
[edit policies group junos list firewallFilterPolicer rule pr policer pa packet-action pktAction parameter]user@host#set action paramAction
- (Optional) Verify the policer action configuration.
[edit policies group junos list firewallFilterPolicer rule pr policer pa packet-action pktAction parameter]user@host#show
packet-action pktAction {parameter {action PolicyParameterAction;}}bandwidth-limit 1048576;bandwidth-limit-unit bps;burst 15000;Configuring QoS Profile Attachment Actions
Use this action to specify the name of the QoS profile to attach to the router interface when this action is taken. You can configure QoS actions for JUNOSe policy rules.
The router allows only one QoS profile to be attached to an interface at one time. Therefore, as a subscriber activates and deactivates different services, the QoS profile running on the interface needs to change. The SRC software provides a QoS-tracking plug-in (QTP) that you can use to ensure that as a subscriber activates and deactivates services, the required QoS profile is attached to the subscriber interface. See SRC-PE Solutions Guide, Chapter 1, Managing Tiered and Premium Services with QoS on JUNOSe Routers.
Use the following configuration statements to configure QoS profile attachment actions:
policies groupname
listname
rulename
qos-attachname
{qos-profileqos-profile
; descriptiondescription
;}To configure a QoS profile attachment action:
- From configuration mode, enter the QoS profile attachment action configuration. For example, in this procedure, qos_vod is the name of the QoS profile attachment action.
user@host#edit policies group junose list qos rule input qos-attach qos_vod
- (Optional) Configure the name of the QoS profile to attach to the JUNOSe interface when this action is taken.
[edit policies group junose list qos rule input qos-attach qos_vod]user@host#set qos-profile
qos-profile
- (Optional) Enter a description for the QoS profile attachment action.
[edit policies group junose list qos rule input qos-attach qos_vod]user@host#set description
description
- (Optional) Verify the QoS profile attachment action configuration.
[edit policies group junose list qos rule input qos-attach qos_vod]user@host#show
qos-profile qp-vod-1024;description "Action for QoS video-on-demand";Configuring Rate-Limit Actions
Use this action to define the quality of service. You can configure rate-limit actions for JUNOSe policy rules.
Use the following configuration statements to configure rate-limit actions:
policies groupname
listname
rulename
rate-limitname
{typetype
; committed-ratecommitted-rate
; committed-burstcommitted-burst
; peak-ratepeak-rate
; peak-burstpeak-burst
; excess-burstexcess-burst
; descriptiondescription
;}policies groupname
listname
rulename
rate-limitname
committed-actionmark
mark-info {valuevalue
; maskmask
;}policies groupname
listname
rulename
rate-limitname
committed-action parameter {actionaction
;}policies groupname
listname
rulename
rate-limitname
conformed-action mark mark-info {valuevalue
; maskmask
;}policies groupname
listname
rulename
rate-limitname
conformed-action parameter {actionaction
;}policies groupname
listname
rulename
rate-limitname
exceed-actionmark
mark-info {valuevalue
; maskmask
;}policies groupname
listname
rulename
rate-limitname
exceed-action parameter {actionaction
;}To configure a rate-limit action:
- From configuration mode, enter the rate-limit action configuration. For example, in this procedure, rla is the name of the rate-limit action.
user@host#edit policies group junose list rate-limiter rule pr rate-limit rla
- (Optional) Specify that the rate-limit profile is either one rate or two rate. The rate-limit type determines the options that you can configure for a rate-limit action.
[edit policies group junose list rate-limiter rule pr rate-limit rla]user@host#set type
type
- (Optional) Configure the target rate for the traffic that the policy covers.
[edit policies group junose list rate-limiter rule pr rate-limit rla]user@host#set committed-rate
committed-rate
- (Optional) Configure the amount of bandwidth allocated to burst traffic in bytes.
[edit policies group junose list rate-limiter rule pr rate-limit rla]user@host#set committed-burst
committed-burst
- (Optional) For two-rate rate-limit profiles, specify the amount of bandwidth allocated to excess traffic flow over the committed rate.
[edit policies group junose list rate-limiter rule pr rate-limit rla]user@host#set peak-rate
peak-rate
- (Optional) For two-rate rate-limit profiles, specify the amount of bandwidth allocated to burst traffic in excess of the peak rate.
[edit policies group junose list rate-limiter rule pr rate-limit rla]user@host#set peak-burst
peak-burst
- (Optional) For one-rate rate-limit profiles, specify the amount of bandwidth allocated to accommodate burst traffic.
[edit policies group junose list rate-limiter rule pr rate-limit rla]user@host#set excess-burst
excess-burst
- (Optional) Enter a description for the rate-limit action.
[edit policies group junose list rate-limiter rule pr rate-limit rla]user@host#set description
description
- (Optional) Configure the rate-limit action for traffic flows that do not exceed the committed rate to one of the following:
[edit policies group junose list rate-limiter rule pr rate-limit rla]user@host#set committed-action filter
Forward. [edit policies group junose list rate-limiter rule pr rate-limit rla]user@host#set committed-action
forward
Mark. If you select mark, enter the mark values. [edit policies group junose list rate-limiter rule pr rate-limit rla]user@host#edit committed-action mark mark-info
[edit policies group junose list rate-limiter rule pr rate-limit rla committed-action mark mark-info]user@host#set value
value
[edit policies group junose list rate-limiter rule pr rate-limit rla committed-action mark mark-info]user@host#set mask
mask
Parameter. Before you assign a parameter, you must create a parameter of type packetOperation and commit the parameter configuration. [edit policies group junose list rate-limiter rule pr rate-limit rla committed-action mark mark-info]user@host#set committed-action parameter action
action
- (Optional) Configure the rate-limit action for traffic flows that exceed the committed rate but remain below the peak rate to one of the following:
[edit policies group junose list rate-limiter rule pr rate-limit rla]user@host#set conformed-action filter
Forward. [edit policies group junose list rate-limiter rule pr rate-limit rla]user@host#set conformed-action
forward
Mark. If you select mark, enter the mark values. [edit policies group junose list rate-limiter rule pr rate-limit rla]user@host#edit conformed-action mark mark-info
[edit policies group junose list rate-limiter rule pr rate-limit rla conformed-action mark mark-info]user@host#set value
value
[edit policies group junose list rate-limiter rule pr rate-limit rla conformed-action mark mark-info]user@host#set mask
mask
Parameter. Before you assign a parameter, you must create a parameter of type packetOperation and commit the parameter configuration. [edit policies group junose list rate-limiter rule pr rate-limit rla conformed-action mark mark-info]user@host#set conformed-action parameter action
action
- (Optional) Configure the rate-limit action for traffic flows exceed the peak rate to one of the following:
[edit policies group junose list rate-limiter rule pr rate-limit rla]user@host#set exceed-action filter
Forward. [edit policies group junose list rate-limiter rule pr rate-limit rla]user@host#set exceed-action forward
Mark. If you select mark, enter the mark values. [edit policies group junose list rate-limiter rule pr rate-limit rla]user@host#edit exceed-action mark mark-info
[edit policies group junose list rate-limiter rule pr rate-limit rla exceed-action mark mark-info]user@host#set value
value
[edit policies group junose list rate-limiter rule pr rate-limit rla exceed-action mark mark-info]user@host#set mask
mask
Parameter. Before you assign a parameter, you must create a parameter of type packetOperation and commit the parameter configuration. [edit policies group junose list rate-limiter rule pr rate-limit rla exceed-action mark mark-info]user@host#set exceed-action parameter action
action
- (Optional) Return to the rate-limit action configuration, and verify the configuration.
[edit policies group junose list rate-limiter rule pr rate-limit rla]user@host#show
committed-action {forward {}}conformed-action {forward {}}exceed-action {filter {}}type 1;committed-rate 1000000;committed-burst 125000;excess-burst 312500;Configuring Reject Actions
You can configure reject actions for JUNOS filter policy rules. The reject action causes the router to discard a packet and send an ICMP destination unreachable message.
Use the following configuration statements to configure reject actions:
policies groupname
listname
rulename
rejectname
{message-typemessage-type
; descriptiondescription
;}
- From configuration mode, enter the reject action configuration. For example, in this procedure, rejectAction is the name of the reject action.
user@host#edit policies group junos list filter rule rejectRule reject rejectAction
- (Optional) Configure the type of ICMP destination unreachable message sent to the client.
[edit policies group junos list filter rule rejectRule reject rejectAction]user@host#set message-type
message-type
- (Optional) Enter a description for the reject action.
[edit policies group junos list filter rule rejectRule reject rejectAction]user@host#set description
description
- (Optional) Verify the reject action configuration.
[edit policies group junos list filter rule rejectRule reject rejectAction]user@host#show
message-type network-prohibited;description "Reject action in JUNOS filter policy";Configuring Routing Instance Actions
You can configure routing instance actions for JUNOS filter policy rules. Use routing instance actions for filter-based forwarding to direct traffic to a specific routing instance configured on the router.
Use the following configuration statements to configure routing instance actions:
policies groupname
listname
rulename
routing-instname
{routing-instancerouting-instance
; descriptiondescription
;}To configure a routing instance action:
- From configuration mode, enter the routing instance action configuration. For example, in this procedure, ria is the name of the routing instance action.
user@host#edit policies group junos list bodVpn rule pr routing-inst ria
- (Optional) Configure the routing instance to which packets are forwarded. The routing instance must be configured on the router.
[edit policies group junos list bodVpn rule pr routing-inst ria]user@host#set routing-instance
routing-instance
- (Optional) Enter a description for the reject action.
[edit policies group junos list bodVpn rule pr routing-inst ria]user@host#set description
description
- (Optional) Verify the routing instance action configuration.
[edit policies group junos list bodVpn rule pr routing-inst ria]user@host#show
routing-instance isp2-route-table;description "Routing Instance Action";Configuring Scheduler Actions
You use scheduler actions along with QoS conditions and traffic-shape actions to configure transmission scheduling and rate control. Schedulers define the priority, bandwidth, delay buffer size, rate control status, and random early detection (RED) drop profiles to be applied to a particular class of traffic. You can create scheduler actions in JUNOS scheduler policy rules.
Use the following configuration statements to configure scheduler actions:
policies groupname
listname
rulename
scheduler-actionname
{buffer-sizebuffer-size
; buffer-size-unitbuffer-size-unit
; prioritypriority
; transmit-ratetransmit-rate
; transmit-rate-unittransmit-rate-unit
; exactexact
; descriptiondescription
;}To configure a scheduler action:
- From configuration mode, enter the scheduler action configuration. For example, in this procedure, sa is the name of the scheduler action.
user@host#edit policies group junos list qos rule pr scheduler-action sa
- (Optional) Configure the queue transmission buffer size.
[edit policies group junos list qos rule pr scheduler-action sa]user@host#set buffer-size
buffer-size
- (Optional) Configure the type of value that you entered for buffer size.
[edit policies group junos list qos rule pr scheduler-action sa]user@host#set buffer-size-unit
buffer-size-unit
- (Optional) Configure the packet-scheduling priority. The priority determines the order in which an output interface transmits traffic from the queues.
[edit policies group junos list qos rule pr scheduler-action sa]user@host#set priority
priority
- (Optional) Configure the transmit rate.
[edit policies group junos list qos rule pr scheduler-action sa]user@host#set transmit-rate
transmit-rate
- (Optional) Configure the type of value entered for transmit rate.
[edit policies group junos list qos rule pr scheduler-action sa]user@host#set transmit-rate-unit
transmit-rate-unit
- (Optional) Specify whether or not to enforce the exact transmission rate. Under sustained congestion, a rate-controlled queue that goes into negative credit fills up and eventually drops packets.
[edit policies group junos list qos rule pr scheduler-action sa]user@host#set exact
exact
- (Optional) Enter a description for the scheduler action.
[edit policies group junos list qos rule pr scheduler-action sa]user@host#set description
description
- (Optional) Verify the scheduler action configuration.
[edit policies group junos list qos rule pr scheduler-action sa]user@host#show
buffer-size 85;buffer-size-unit buffer_size_percentage;priority low;transmit-rate 10485760;transmit-rate-unit rate_in_bps;description "Scheduler action for logical interface scheduling";Configuring Drop Profiles
You configure drop profiles within scheduler actions. Drop profiles support the RED process by defining the drop probabilities across the range of delay-buffer occupancy. For a packet to be dropped, it must match the drop profile. When a packet arrives, RED checks the queue fill level. If the fill level corresponds to a nonzero drop probability, the RED algorithm determines whether to drop the arriving packet. Depending on the drop probabilities, RED might drop packets aggressively long before the buffer becomes full, or it might drop only a few packets even if the buffer is almost full.
In drop profiles you configure the queue threshold and drop probability as paired values. The values can be either percentage values (segmented) or data points (interpolated). These two alternatives enable you to configure each drop probability at up to 64 fill-level/drop-probability paired values, or to configure a profile represented as a series of line segments. For more information about configuring fill level and drop probabilities, see the JUNOS routing platform documentation.
Use the following configuration statements to configure drop profiles:
policies groupname
listname
rulename
scheduler-actionname
drop-profilename
{loss-priorityloss-priority
; protocolprotocol
; drop-probabilitydrop-probability
; drop-profile-typedrop-profile-type
; queue-thresholdqueue-threshold
;}
- From configuration mode, enter the drop profile configuration. For example, in this procedure, drop1 is the name of the drop profile.
user@host#edit policies group junos list qosWithDropProfile rule pr scheduler-action sa drop-profile drop1
- Configure the loss priority.
[edit policies group junos list qosWithDropProfile rule pr scheduler-action sa drop-profile drop1]user@host#set loss-priority
loss-priority
- Configure the protocol type.
[edit policies group junos list qosWithDropProfile rule pr scheduler-action sa drop-profile drop1]user@host#set protocol
protocol
- Configure the relationship between the fill level and drop probability.
[edit policies group junos list qosWithDropProfile rule pr scheduler-action sa drop-profile drop1]user@host#set drop-profile-type
drop-profile-type
- Configure the probability that a packet will be dropped.
[edit policies group junos list qosWithDropProfile rule pr scheduler-action sa drop-profile drop1]user@host#set drop-probability
drop-probability
- Configure the fill level of the queue.
[edit policies group junos list qosWithDropProfile rule pr scheduler-action sa drop-profile drop1]user@host#set queue-threshold
queue-threshold
- (Optional) Verify the drop profile configuration.
[edit policies group junos list qosWithDropProfile rule pr scheduler-action sa drop-profile drop1]user@host#show
loss-priority high_priority;protocol any_protocol;drop-probability "[75, 100]";drop-profile-type interpolated;queue-threshold "[50, 80]";Configuring Service Class Name Actions
You can configure service class name actions for PCMM policy rules. Use the following configuration statements to configure service class name actions:
policies groupname
listname
rulename
service-class-namename
{service-class-nameservice-class-name
; descriptiondescription
;}To configure a service class name action:
- From configuration mode, enter the service class name action configuration. For example, in this procedure, scna is the name of the service class name action.
user@host#edit policies group pcmm list serviceClass rule pr service-class-name scna
- (Optional) Configure the name of a service class on the CMTS device that specifies QoS parameters for a service flow.
[edit policies group pcmm list serviceClass rule pr service-class-name scna]user@host#set service-class-name
service-class-name
- (Optional) Enter a description for the service class name action.
[edit policies group pcmm list serviceClass rule pr service-class-name scna]user@host#set description
description
- (Optional) Verify the service class name action configuration.
[edit policies group pcmm list serviceClass rule pr service-class-name scna]user@host#show configuration policies group pcmm list serviceClass rule pr service-class-name scna
service-class-name scn_up;description "Service class name action for pcmm service class policy.";Configuring Stateful Firewall Actions
You can configure stateful firewall actions for JUNOS ASP policy rules. Stateful firewall actions specify the action to take on packets that match the classify-traffic condition.
Use the following configuration statements to configure stateful firewall actions:
policies groupname
listname
rulename
stateful-firewallname
{descriptiondescription
;}policies groupname
listname
rulename
stateful-firewallname
packet-action reject {message-typemessage-type
;}policies groupname
listname
rulename
stateful-firewallname
packet-action parameter {actionaction
;}To configure a stateful firewall action:
- From configuration mode, enter the stateful firewall action configuration. For example, in this procedure, sfa is the name of the stateful firewall action.
user@host#edit policies group junos list sfw rule pr stateful-firewall sfa
- (Optional) Set the action to take on a packet to one of the following:
[edit policies group junos list sfw rule pr stateful-firewall sfa]user@host#set packet-action filter
Forward. [edit policies group junos list sfw rule pr stateful-firewall sfa]user@host#set packet-action forward
Reject. If you set the action to reject, configure the type of ICMP destination unreachable message sent to the client. [edit policies group junos list sfw rule pr stateful-firewall sfa]user@host#set packet-action reject message-type
message-type
Parameter. Before you assign a parameter, you must create a parameter of type packetOperation and commit the parameter configuration. [edit policies group junos list sfw rule pr stateful-firewall sfa]user@host#set packet-action parameter action
action
- (Optional) Enter a description for the stateful firewall action.
[edit policies group junos list sfw rule pr stateful-firewall sfa]user@host#set description
description
- (Optional) Verify the stateful firewall action configuration.
[edit policies group junos list sfw rule pr stateful-firewall sfa]user@host#show
packet-action {reject {message-type administratively-prohibited;}}description "Stateful firewall action";Configuring Traffic-Class Actions
Use this action to put packets in a particular traffic class. You can configure traffic-class actions for JUNOSe policy rules.
Use the following configuration statement to configure traffic-class actions:
policies groupname
listname
rulename
traffic-classname
{traffic-classtraffic-class
; descriptiondescription
;}To configure a traffic-class action:
- From configuration mode, enter the traffic-class configuration. For example, in this procedure, tca is the name of the traffic-class action.
user@host#edit policies group junose list class rule pr traffic-class tca
- (Optional) Configure the name of the traffic-class profile that is applied to a packet when it passes through the router.
[edit policies group junose list class rule pr traffic-class tca]user@host#set traffic-class
traffic-class
- (Optional) Enter a description for the traffic-class action.
[edit policies group junose list class rule pr traffic-class tca]user@host#set description
description
- (Optional) Verify the traffic-class action configuration.
[edit policies group junose list class rule pr traffic-class tca]user@host#show
traffic-class TCent;description "Traffic class action";Configuring Traffic-Mirror Actions
Use this action to mirror traffic from a destination to a source or from a source to a destination. You can configure traffic-mirror actions for JUNOS filter input policy rules.
Before you use traffic-mirror actions, you must configure forwarding options on JUNOS routing platforms for port mirroring and next-hop group. For information about how these features work on the router, see the JUNOS Policy Framework Configuration Guide.
The rule containing a traffic-mirror action must comply with these conditions:
- It must be combined with forward actions in the same rule. One of the forward actions must accept the traffic if the source and/or destination IP addresses do not match the conditions.
- It contains either no classify-traffic condition or only one classify-traffic condition.
- It can be marked for accounting.
Use the following configuration statement to configure a traffic-mirror action:
policies groupname
listname
rulename
traffic-mirrorname
{descriptiondescription
;}To configure a traffic-mirror action:
- From configuration mode, enter the traffic-mirror configuration. For example, in this procedure, fromSubnets is the name of the traffic-mirror action.
user@host#edit policies group junos list mirror rule pr traffic-mirror fromSubnets
- (Optional) Enter a description for the traffic-mirror action.
[edit policies group junos list mirror rule pr traffic-mirror fromSubnets]user@host#set description
description
- (Optional) Verify the traffic-mirror action configuration.
[edit policies group junos list mirror rule pr traffic-mirror fromSubnets]user@host#show
description "Traffic mirroring action for subnet.";Configuring Traffic-Shape Actions
Traffic-shape actions specify the maximum rate of traffic transmitted on an interface. You can create traffic-shape actions in JUNOS shaping policy rules.
Use the following configuration statements to configure traffic-shape actions:
policies groupname
listname
rulename
traffic-shapename
{raterate
; descriptiondescription
;}To configure a traffic-shape action:
- From configuration mode, enter the traffic-shape configuration. For example, in this procedure, tsa is the name of the traffic-shape action.
user@host#edit policies group junos list trafficShaping rule shaping traffic-shape tsa
- (Optional) Configure the maximum transmission rate.
[edit policies group junos list trafficShaping rule shaping traffic-shape tsa]user@host#set rate
rate
- (Optional) Enter a description for the traffic-shape action.
[edit policies group junos list trafficShaping rule shaping traffic-shape tsa]user@host#set description
description
- (Optional) Verify the traffic-shape action configuration.
[edit policies group junos list trafficShaping rule shaping traffic-shape tsa]user@host#show
rate 10200000;description "Traffic-shaping action";