|
|
|
|
address
|
gateway_ipAddress
interface_ipAddress
service_ipAddress
user_ipAddress
virtual_ipAddress
|
Classify-traffic condition
Next-interface action
Next-hop action
|
IP addresses in dotted decimal notation.
|
addressMask
|
interface_ipMask
service_ipMask
user_ipMask
|
Classify-traffic condition
|
IP masks in dotted decimal notation.
For JUNOSe policies and JUNOS policies (except for firewall policies), a mask must be equivalent to some prefix length. For example, 255.255.255.0 is allowed, but 255.255.255.1 is not. Policy Editor searches this constraint for default parameter values, but not for any other substitution values until runtime when the policy engine constructs the policy.
|
allowIpOptions
|
|
Classify-traffic condition
|
|
any
|
|
|
The set of all values.
|
applicationProtocol
|
bootp, dce_rpc, dce_rpc_portmap, dns, exec, ftp, h323, green, icmp_app, iiop, netbios, netshow, realaudio, rpc, rpc_portmap, rtsp, shell, snmp, sqlnet, tftp, traceroute, winframe, yellow
|
Classify-traffic condition
(Predefined parameters map protocol numbers to synonyms.)
|
|
bandwidthSizeUnit
|
bps
percent
|
Policer action
|
|
boolean
|
false
true
|
|
|
burst
|
|
Rate-limit action
Policer action
DOCSIS action
|
Burst sizes. The range is 214—232-1.
|
dceRpcUuid
|
|
Classify-traffic condition
|
|
dropProfileProtocol
|
any_protocol
non_tcp
tcp_only
|
Scheduler action
|
|
dropProfileType
|
interpolated
segmented
|
Scheduler action
|
|
forwardingClass
|
|
Classify-traffic condition
QoS condition
|
|
fragOffset
|
|
Classify-traffic condition
|
The value of the fragment offset field of IP packets.
For JUNOSe routers:
- eq 0—Equal to 0
- eq 1—Equal to 1
- gt 1—Greater than 1
- any—Any value
For JUNOS routing platforms and PCMM policies, integer in the range 0-8191.
The policy engine and Policy Editor validate these values; the substitution engine does not.
|
grantSize
|
|
DOCSIS action
|
|
icmpCode
icmpType
|
|
Classify-traffic condition
|
8-bit values that represent patterns in the ICMP code and ICMP type fields in IP packets. The policy engine and Policy Editor validate these values; the substitution engine does not.
|
igmpType
|
|
Classify-traffic condition
|
8-bit values that represent patterns in the IGMP type field in IP packets. The policy engine and Policy Editor validate these values; the substitution engine does not.
|
interfaceGroup
|
|
Classify-traffic condition
|
|
InterfaceSpec
|
bfwlf
gfwlf
|
Next-interface action
|
The router interface.
For JUNOSe interfaces, the format is:
'<type of specifier>=<value>'
For example: name='fastEthernet3/0'
For JUNOS interfaces, the format is:
'name= <mediatype>-<slot>/ <pic>/<port>.<unit>'
For example: 'name=AT-0/1/0.0'
|
interval
|
|
DOCSIS action
|
|
ipFlags
ipFlagsMask
|
|
Classify-traffic condition
|
3-bit values that represent patterns for the IP flags field in an IP packet. The high bit is reserved, the middle bit is don't fragment, and the low bit is more fragments.
|
ipSecSpi
|
|
Classify-traffic condition
|
|
IPv4range
|
|
|
|
jitter
|
|
DOCSIS action
|
|
matchDirection
|
both
input
output
|
Classify-traffic condition
|
|
maxLatency
|
|
DOCSIS action
|
|
messageType
|
|
Reject action
|
|
microSecond
|
|
|
|
natTranslationType
|
|
NAT action
|
|
network
|
any
|
Classify-traffic condition
NAT action
|
IP subnets using two forms:
<address>/<mask>
<address>/<prefixLength>
where <address> and <mask> are in the traditional dotted decimal notation.
<prefixLength>is a number in the range 0-32, which specifies how many of the first bits in the address specify the network.
In policy conditions, network specifies patterns for the address fields in packets. Networks can be preceded by "not" to indicate that the condition matches every address not in the subnet.
|
networkOperation
|
|
Classify-traffic condition
|
Whether a network field of a packet should match or not match the value specified in a policy condition.
- 0—Does not match
- 1—Matches
|
packetLength
|
|
Classify-traffic condition
DOCSIS action
FlowSpec action
|
|
packetLossPriority
|
any_priority
high_priority
low_priority
|
Loss priority action
|
|
packetOperation
|
|
Rate-limit action
Policer action
Stateful firewall
|
Actions taken on packets.
For rate-limit actions, valid values are: $'forward', $'filter', and $'mark <tosByte> <tosMask>'.
For policer actions, value values are: filter, forwardingClass, lossPriority.
For stateful firewalls, valid values are: filter, forward, reject.
The policy engine and Policy Editor validate these values; the substitution engine does not.
|
percent
|
|
Scheduler action
|
|
policedUnit
|
|
FlowSpec action
|
|
port
|
service_port
|
Classify-traffic condition
NAT action
|
16-bit values that represent patterns in the port fields in IP packets.
|
portOperation
|
eq
neq
|
Classify-traffic condition
|
Whether a port field should match or not match the value(s) specified in a condition. For JUNOSe policies valid values are: $'eq', $'lt', $'gt', $'neq' and $'range'.
For JUNOS the allowed values are:
- 0—Does not match
- 1—Matches
The policy engine and Policy Editor validate these values; the substitution engine does not.
|
prPrecedence
|
|
Policy rule
|
|
protocol
|
ah, egp, esp, gre, icmp, igmp, ip, ipip, ospf, pim, rsvp, tcp, udp
|
Classify-traffic condition
(Predefined parameters map protocol numbers to synonyms.)
|
8-bit values that represent patterns in the protocol field in IP packets. The policy engine and Policy Editor validate these values; the substitution engine does not.
|
protocolOperation
|
is
not
|
Classify-traffic condition
|
Whether a protocol field of a packet should match or not match the value specified in a policy condition.
- 0—Does not match
- 1—Matches
|
qosProfileSpec
|
|
QoS-attachment action
|
Strings in QoS attachment actions that specify QoS profiles. They can be any string that names a QoS profile on the JUNOSe router.
|
rate
|
interface_speed
|
Rate-limit action
Policer action
DOCSIS action
FlowSpec action
Traffic-shape action
|
Rates in the range 0—232-1.
|
rateLimitType
|
one_rate
two_rate
|
Rate-limit action
|
Rate-limit type. The allowed values are $'one-rate' and $'two-rate'. The policy engine and Policy Editor validate these values; the substitution engine does not.
|
requestTransmissionPolicy
|
|
DOCSIS action
|
|
routingInstance
|
|
Routing instance action
|
|
rpcProgramNumber
|
|
Classify-traffic condition
|
|
schedulerBufferSize
|
|
Scheduler action
|
|
schedulerBufferSizeUnit
|
buffer_size_percentage
buffer_size_remainder
temporal
|
Scheduler action
|
|
schedulerPriority
|
high
low
medium_high
medium_low
strict_high
|
Scheduler action
|
|
schedulerTransmitRate
|
|
Scheduler action
|
|
schedulerTransmitRateUnit
|
rate_in_bps
rate_in_percentage
rate_in_remainder
|
Scheduler action
|
|
serviceClassName
|
|
Service class name action
|
|
serviceNumber
|
controlled_load_service
guaranteed_service
|
FlowSpec action
|
|
sessionClassIdPriority
|
|
GateSpec action
|
|
slackTerm
|
|
FlowSpec action
|
|
snmpCommand
|
get
get_next
set
trap
|
Classify-traffic condition
|
|
tcpFlags
tcpFlagsMask
|
|
Classify-traffic condition
|
6-bit values that represent patterns for the TCP flags field in IP packets. The bits from high to low mean: urgent, acknowledge, push, reset, synchronize, finish.
|
timeout
|
|
Classify-traffic condition
|
|
tokenBucketSize
|
|
FlowSpec action
|
|
tosByte
tosByteMask
|
|
Classify-traffic condition
Rate-limit action
Mark action
|
8-bit values that represent patterns in the ToS byte field in IP packets.
When tosByteMask is used in ToS conditions, the allowed values are 0, 224, 252, and 255.
The policy engine and Policy Editor validate these values; the substitution engine does not.
|
traceRouteTtlThreshold
|
|
Classify-traffic condition
|
|
trafficClassSpec
|
|
Traffic-class action
|
Strings in traffic-class actions that specify traffic-class profiles. They can be any string that names a traffic class on the JUNOSe router.
|
trafficPriority
|
|
DOCSIS action
|
|
trafficProfileType
|
best_effort
unsolicited_grant
down_stream
unsolicited_grant_with_activity_detection
real_time
non_real_time
|
DOCSIS action
|
Service flow scheduling type
|
translationType
|
|
|
|
|
|
|
|
ah
|
Maps protocol 51 to AH
|
protocol
|
|
any
|
This network matches any address
|
network
|
|
any_priority
|
Sets packet loss priority to "any"
|
packetLossPriority
|
|
any_protocol
|
Sets drop profile protocol to "any"
|
dropProfileProtocol
|
|
best_effort
|
Sets the service flow scheduling type to best effort
|
trafficProfileType
|
|
bfwlf
|
Specifier of the interface that leads to the bronze firewall server
|
interfaceSpec
|
Yes
|
bootp
|
Specifies the BOOTP protocol
|
applicationProtocol
|
|
both
|
Specifies the direction of the policy as input and output
|
matchdirection
|
|
bps
|
Specifies that the indicated bandwidth size is in bps
|
bandwidthSizeUnit
|
|
buffer_size_percentage
|
Specifies that the indicated buffer size is a percentage
|
schedulerBufferSizeUnit
|
|
buffer_size_remainder
|
Specifies that the indicated buffer size is a remainder
|
schedulerBufferSizeUnit
|
|
controlled_load_service
|
Specifies that the type of FlowSpec service is controlled-load service
|
serviceNumber
|
|
dce_rpc
|
Specifies the DCE RPC protocol
|
applicationProtocol
|
|
dce_rpc_portmap
|
Specifies the DCE RPC portmap
|
applicationProtocol
|
|
dns
|
Specifies the DNS protocol
|
applicationProtocol
|
|
down_stream
|
Sets the service flow scheduling type to downstream
|
trafficProfileType
|
|
egp
|
Maps protocol 8 to EGP
|
protocol
|
|
eq
|
Matches packets with a port that is equal to the specified port
|
portOperation
|
|
esp
|
Maps protocol 50 to ESP
|
protocol
|
|
exec
|
Specifies the Exec protocol
|
applicationProtocol
|
|
false
|
Sets Boolean values to false
|
boolean
|
|
ftp
|
Specifies the FTP protocol
|
applicationProtocol
|
|
gateway_ipAddress
|
IP address of the gateway as specified by the service object
|
address
|
Yes
|
get
|
Specifies the get SNMP command
|
snmpCommand
|
|
get_next
|
Specifies the get-next SNMP command
|
snmpCommand
|
|
gfwlf
|
Specifier of the interface that leads to gold firewall server
|
interfaceSpec
|
Yes
|
gre
|
Maps protocol 47 to GRE
|
protocol
|
|
guaranteed
|
Specifies that the type of FlowSpec service is guaranteed service
|
serviceNumber
|
|
h323
|
Specifies the H.323 protocol
|
applicationProtocol
|
|
high
|
Sets the scheduler priority to high
|
schedulerPriority
|
|
high_priority
|
Sets the packet loss priority (PLP) to high
|
packetLossPriority
|
|
icmp
|
Maps protocol 1 to ICMP
|
protocol
|
|
icmp_app
|
Specifies the ICMP protocol
|
applicationProtocol
|
|
igmp
|
Maps protocol 2 to IGMP
|
protocol
|
|
iiop
|
Specifies the Internet Inter-ORB Protocol, a TCP protocol
|
applicationProtocol
|
|
input
|
Specifies the direction of the policy as input
|
matchdirection
|
|
interface_ipAddress
|
IP address of the interface
|
address
|
Yes
|
interface_ipMask
|
IP mask of the interface
|
addressMask
|
Yes
|
interface_speed
|
Speed of the subscriber's IP interface on the router or the speed of the subscriber's DOCSIS interface
|
rate
|
|
interpolated
|
Sets the drop profile type to interpolate
|
dropProfileType
|
|
ip
|
Maps protocol 0 to IP
|
protocol
|
|
ipip
|
Maps protocol 4 to IP-IP
|
protocol
|
|
is
|
Matches packets with the protocol that is equal to the specified protocol
|
protocolOperation
|
|
low
|
Sets scheduler priority to low
|
schedulerPriority
|
|
low_priority
|
Sets packet loss priority to low
|
packetLossPriority
|
|
medium_high
|
Sets scheduler priority to medium-high
|
schedulerPriority
|
|
medium_low
|
Sets scheduler priority to medium-low
|
schedulerPriority
|
|
neq
|
Matches packets with a port that is not equal to the specified port
|
portOperation
|
|
netbios
|
Specifies the NetBIOS protocol
|
applicationProtocol
|
|
netshow
|
Specifies the NetShow protocol
|
applicationProtocol
|
|
non_real_time
|
Sets the service flow scheduling type to NRTPS
|
trafficProfileType
|
|
non_tcp
|
Sets the drop profile protocol to any protocol other than TCP
|
dropProfileProtocol
|
|
not
|
Matches packets with the protocol that is not equal to the specified protocol
|
protocolOperation
|
|
one_rate
|
Sets the rate-limit type to one rate
|
rateLimitType
|
|
ospf
|
Maps protocol 89 to OSPF
|
protocol
|
|
output
|
Specifies the direction of the policy as output
|
matchdirection
|
|
percent
|
Specifies that the indicated bandwidth size is a percentage of bandwidth
|
bandwidthSizeUnit
|
|
pim
|
Maps protocol 103 to PIM
|
protocol
|
|
rate_in_bps
|
Specifies that the indicated transmit rate is in bps
|
schedulerTransmitRateUnit
|
|
rate_in_percentage
|
Specifies that the indicated transmit rate is a percentage
|
schedulerTransmitRateUnit
|
|
rate_in_remainder
|
Specifies that the indicated transmit rate is a remainder
|
schedulerTransmitRateUnit
|
|
realaudio
|
Specifies the RealAudio protocol
|
applicationProtocol
|
|
real_time
|
Sets the service flow scheduling type to RTPS
|
trafficProfileType
|
|
rpc
|
Specifies the RPC UDP or TCP protocols
|
applicationProtocol
|
|
rpc_portmap
|
Specifies the RPC portmap protocol
|
applicationProtocol
|
|
rsvp
|
Maps protocol 46 to RSVP
|
protocol
|
|
rtsp
|
Specifies the Real-Time Streaming Protocol
|
applicationProtocol
|
|
sctp
|
Maps protocol 132 to the Stream Control Transmission Protocol
|
protocol
|
|
segmented
|
Sets the drop profile type to segmented
|
dropProfileType
|
|
service_ipAddress
|
IP address of the service as specified by the service object
|
address
|
Yes
|
service_ipMask
|
IP mask of the service as specified by the service object
|
address
|
Yes
|
service_port
|
Service port as specified by the service object
|
port
|
Yes
|
set
|
Specifies the set SNMP command
|
snmpCommand
|
|
shell
|
Specifies the Shell protocol
|
applicationProtocol
|
|
snmp
|
Specifies the SNMP protocol
|
applicationProtocol
|
|
sqlnet
|
Specifies the SQLNet protocol
|
applicationProtocol
|
|
strict_high
|
Sets scheduler priority to strict-high
|
schedulerPriority
|
|
tcp
|
Maps protocol 6 to TCP
|
protocol
|
|
tcp_only
|
Sets the drop profile protocol to TCP
|
dropProfileProtocol
|
|
temporal
|
Specifies that the indicated buffer size is temporal
|
schedulerBufferSizeUnit
|
|
tftp
|
Specifies the Trivial File Transfer Protocol
|
applicationProtocol
|
|
traceroute
|
Specifies the Traceroute protocol
|
applicationProtocol
|
|
trap
|
Specifies the trap SNMP command
|
snmpCommand
|
|
true
|
Sets the Boolean value to true
|
boolean
|
|
two_rate
|
Sets the rate-limit type to two rate
|
rateLimitType
|
|
udp
|
Maps protocol 17 to UDP
|
protocol
|
|
unsolicited_grant
|
Sets the service flow scheduling type to UGS
|
trafficProfileType
|
|
unsolicited_grant_with_activity_detection
|
Sets the service flow scheduling type to UGS-AD
|
trafficProfileType
|
|
user_ipAddress
|
IP address of the subscriber
|
address
|
Yes
|
user_ipMask
|
IP mask of the subscriber
|
address
|
Yes
|
virtual_ipAddress
|
Virtual portal address of the SSP that is used in redundant SAE installations
|
address
|
Yes
|
winframe
|
Specifies the WinFrame protocol
|
applicationProtocol
|
|