Configuring Actions with the C-Web Interface
Actions define the action taken on packets that match conditions in a policy rule. You create actions within policy rules. The type of action that you can create depends on the type of policy rule. See Supported Conditions and Actions in SRC-PE Services and Policies Guide, Chapter 6, Policy Management Overview.
Configure the action as described in the following sections:
- Configuring DOCSIS Actions
- Configuring Filter Actions
- Configuring FlowSpec Actions
- Configuring Forward Actions
- Configuring Forwarding Class Actions
- Configuring Gate Spec Actions
- Configuring Loss Priority Actions
- Configuring Mark Actions
- Configuring NAT Actions
- Configuring Next-Hop Actions
- Configuring Next-Interface Actions
- Configuring Next-Rule Actions
- Configuring Policer Actions
- Configuring QoS Profile Attachment Actions
- Configuring Rate-Limit Actions
- Configuring Reject Actions
- Configuring Routing Instance Actions
- Configuring Scheduler Actions
- Configuring Service Class Name Actions
- Configuring Stateful Firewall Actions
- Configuring Traffic-Class Actions
- Configuring Traffic-Mirror Actions
- Configuring Traffic-Shape Actions
Configuring DOCSIS Actions
You can configure Data over Cable Service Interface Specifications (DOCSIS) actions for PacketCable Multimedia Specification (PCMM) policy rules.
The types of DOCSIS actions that you can create are:
- Best effort
- Downstream
- Non-real-time polling service
- Real-time polling service
- Unsolicited grant service
- Unsolicited grant service with activity detection
- Parameter—This is a DOCSIS action with the service flow scheduling type set to a trafficProfileType parameter. You must enter a trafficProfileType parameter that has been created and committed.
- In the side pane, select a PCMM policy rule.
- From the Create new list, select the type of DOCSIS action that you want to create. Type a name for the action, and click OK.
- Enter information as described in the Help text in the main pane, and click Apply.
Configuring Filter Actions
Use this action to discard packets. You can configure filter actions for JUNOS filters and JUNOSe policy rules.
- In the side pane, select a JUNOS filter or JUNOSe policy rule.
- From the Create new list, select Filter. Type a name for the action, and click OK.
- Enter information as described in the Help text in the main pane, and click Apply.
Configuring FlowSpec Actions
A FlowSpec is made up of two parts, a traffic specification (TSpec) and a service request specification (RSpec). The TSpec describes the traffic requirements for the flow, and the RSpec specifies resource requirements for the desired service. You can configure FlowSpec actions for PCMM policy rules.
To configure a FlowSpec action:
- In the side pane, select a PCMM policy rule.
- From the Create new list, select Flow Spec. Type a name for the action, and click OK.
- Enter information as described in the Help text in the main pane, and click Apply.
Configuring Forward Actions
Use this action to forward packets, such as packets that are sent by means of a routing table. You can configure forward actions for JUNOS filters and JUNOSe policy rules.
To configure a forward action:
- In the side pane, select a JUNOS filter or JUNOSe policy rule.
- From the Create new list, select Forward. Type a name for the action, and click OK.
- Enter information as described in the Help text in the main pane, and click Apply.
Configuring Forwarding Class Actions
You can configure forwarding class actions for JUNOS filter policy rules. The forwarding class action causes the router to assign a forwarding class to packets that match the associated classify-traffic condition.
To configure a forwarding class action:
- In the side pane, select a JUNOS filter policy rule.
- From the Create new list, select Forwarding Class. Type a name for the action, and click OK.
- Enter information as described in the Help text in the main pane, and click Apply.
Configuring Gate Spec Actions
You can configure GateSpec actions for PCMM policy rules. See Session Class ID in SRC-PE Services and Policies Guide, Chapter 6, Policy Management Overview for more information.
To configure a Gate Spec action:
- In the side pane, select a PCMM policy rule.
- From the Create new list, select Gate Spec. Type a name for the action, and click OK.
- Enter information as described in the Help text in the main pane, and click Apply.
Configuring Loss Priority Actions
You can configure loss priority actions for JUNOS filter policy rules. The loss priority action causes the router to assign a packet loss priority to packets that match the associated classify-traffic condition.
To configure a loss priority action:
- In the side pane, select a JUNOS filter rule.
- From the Create new list, select Loss Priority. Type a name for the action, and click OK.
- Enter information as described in the Help text in the main pane, and click Apply.
Configuring Mark Actions
Use this action to mark packets. You can configure mark actions for JUNOSe and PCMM policy rules.
- In the side pane, select a JUNOSe or PCMM policy rule.
- From the Create new list, select Mark. Type a name for the action, and click OK.
- Enter information as described in the Help text in the main pane, and click Apply.
- Expand the mark action, and select Info.
- Click Create, enter information as described in the Help text in the main pane, and click Apply.
Configuring NAT Actions
You can configure NAT actions for JUNOS ASP policy rules. To configure a NAT action:
- In the side pane, select a JUNOS ASP policy rule.
- From the Create new list, select NAT. Type a name for the action, and click OK.
- Enter information as described in the Help text in the main pane, and click Apply.
- To configure the port range to restrict port translation when the NAT translation type is configured in dynamic-source mode:
- In the side pane, select Port.
- Click create, and enter information as described in the Help text in the main pane, and click Apply.
- In the side pane, select IP Network.
- In the main pane, click Create.
- In the side pane, expand IP Network, and select Group Network.
- Click Create, enter information as described in the Help text in the main pane, and click Apply.
Configuring Next-Hop Actions
Use this action for the ingress side of the interface to specify the next IP address where the classified packets should go. You can configure next-hop actions for JUNOS filters and JUNOSe policy rules.
Using the Next-Hop Action with the Captive Portal
The captive portal feature is used to intercept HTTP requests from a subscriber to an unauthorized Web resource and redirect the requests to a dedicated Web page, the captive portal page. See SRC-PE Subscribers and Subscriptions Guide, Chapter 14, Redirecting Subscriber Traffic.
In a captive portal environment, you would typically set up a next-hop action on a subscriber's interface that forwards traffic to the redirect engine. In this case, you would set the next-hop address to the address of the redirect server.
When you set up redirect server redundancy, both the active and redundant redirect servers share a virtual IP address so that subscribers can always reach the active redirect server. Subscribers send requests to the virtual IP address, and the router automatically sends the request to the active redirect server by means of a static route. In this case, you would set the next-hop address to the virtual IP address.
Configuring Next-Hop Action
To configure a next-hop action:
- In the side pane, select a JUNOS filters or JUNOSe policy rules.
- From the Create new list, select Next Hop. Type a name for the action, and click OK.
- Enter information as described in the Help text in the main pane, and click Apply.
Configuring Next-Interface Actions
Use this action to forward packets to a particular interface and/or a next-hop address. You can configure next-interface actions for JUNOS filters and JUNOSe policy rules. On JUNOSe routers, you can use this action for both ingress and egress parts of the interface.
To configure a next-interface action:
- In the side pane, select a JUNOS filter or JUNOSe policy rule.
- From the Create new list, select Next Interface. Type a name for the action, and click OK.
- Enter information as described in the Help text in the main pane, and click Apply.
Configuring Next-Rule Actions
You can configure next-rule actions for JUNOS filter policy rules. If a packet matches the classify-traffic condition, the next-rule action causes the router to continue to the next rule in the policy list for evaluation.
To configure a next-rule action:
- In the side pane, select a JUNOS filter policy rule.
- From the Create new list, select Next Rule. Type a name for the action, and click OK.
- Enter information as described in the Help text in the main pane, and click Apply.
Configuring Policer Actions
The policer action specifies rate and burst size limits and the action taken if a packet exceeds those limits. You can create policer actions in JUNOS policer and JUNOS filter policy rules.
Each policer action has a packet action. The packet action specifies the action taken on a packet that exceeds its rate limits. You configure packet actions within policer actions. There are four types of actions that you can configure:
- Filter—Packets are discarded.
- Forwarding class—Packets are assigned to the forwarding class that you specify.
- Loss priority—Packets are assigned the loss priority that you specify.
- Parameter—The action specified by the parameter is applied. Before you assign a parameter, you must create a parameter of type packetOperation and commit the parameter configuration.
To configure a policer action:
- In the side pane, select a JUNOS policer or JUNOS filter policy rule.
- From the Create new list, select Policer. Type a name for the action, and click OK.
- Enter information as described in the Help text in the main pane, and click Apply.
- From the Create new list for the policer action, select Packet Action. Type a name for the action, and click OK.
- Expand the packet action, and click on the type of packet action that you want to configure for this policer action.
- Click Create, enter information as described in the Help text in the main pane, and click Apply.
Configuring QoS Profile Attachment Actions
Use this action to specify the name of the QoS profile to attach to the router interface when this action is taken. You can configure QoS actions for JUNOSe policy rules.
The router allows only one QoS profile to be attached to an interface at one time. Therefore, as a subscriber activates and deactivates different services, the QoS profile running on the interface needs to change. The SRC software provides a QoS-tracking plug-in (QTP) that you can use to ensure that as a subscriber activates and deactivates services, the required QoS profile is attached to the subscriber interface. See c.
To configure a QoS profile attachment action:
- In the side pane, select a JUNOSe policy rule.
- From the Create new list, select Qos Attach. Type a name for the QoS profile attachment action, and click OK.
- Enter information as described in the Help text in the main pane, and click Apply.
Configuring Rate-Limit Actions
Use this action to define the quality of service. You can configure rate-limit actions for JUNOSe policy rules.
To configure a rate-limit action:
- In the side pane, select a JUNOSe policy rule.
- From the Create new list, select Rate Limit. Type a name for the rate-limit action, and click OK.
- From the Type list, select the type of rate-limit action, either one_rate or two_rate, and click Apply.
The screen changes to display the parameters that you can configure for the type of rate-limit action that you selected.
Configuring Actions for Rate-Limit Actions
Under the rate-limit action, there are three types of actions that you can configure:
- Committed action—Takes action on traffic flows that do not exceed the committed rate.
- Conformed action—Takes action on traffic flows that exceed the committed rate but remain below the peak rate.
- Exceed action—Takes action on traffic flows that exceed the peak rate.
For each committed, conformed, and exceed action, you can select one action to configure—filter, forward, mark, or parameter.
To configure an action for rate-limit actions:
- Expand the rate-limit action, and expand the action that you want to configure.
- To set an action to filter, in the side pane select Filter, and then click Create in the main pane.
- To set an action to forward, in the side pane select Forward, and then click Create in the main pane.
- To set an action to mark:
- In the side pane, expand Mark and select Mark Info.
- In the main pane, click Create.
- Click Create, enter information as described in the Help text in the main pane, and click Apply.
- Make sure that you have a packetOperation parameter configured.
- In the side pane, select Parameter, and then click Create in the main pane.
- In the Action list, select a parameter.
- Click Apply.
Configuring Reject Actions
You can configure reject actions for JUNOS filter policy rules. The reject action causes the router to discard a packet and send an ICMP destination unreachable message.
- In the side pane, select a JUNOS filter policy rule.
- From the Create new list, select Reject. Type a name for the action, and click OK.
- Enter information as described in the Help text in the main pane, and click Apply.
Configuring Routing Instance Actions
You can configure routing instance actions for JUNOS filter policy rules. Use routing instance actions for filter-based forwarding to direct traffic to a specific routing instance configured on the router.
To configure a routing instance action:
- In the side pane, select a JUNOS filter policy rule.
- From the Create new list, select Routing Instance. Type a name for the action, and click OK.
- Enter information as described in the Help text in the main pane, and click Apply.
Configuring Scheduler Actions
You use scheduler actions along with QoS conditions and traffic-shape actions to configure transmission scheduling and rate control. Schedulers define the priority, bandwidth, delay buffer size, rate control status, and random early detection (RED) drop profiles to be applied to a particular class of traffic. You can create scheduler actions in JUNOS scheduler policy rules.
To configure a scheduler action:
- In the side pane, select a JUNOS schedule policy rule.
- From the Create new list, select Scheduler Action. Type a name for the action, and click OK.
- Enter information as described in the Help text in the main pane, and click Apply.
Configuring Drop Profiles
You configure drop profiles within scheduler actions. Drop profiles support the RED process by defining the drop probabilities across the range of delay-buffer occupancy. For a packet to be dropped, it must match the drop profile. When a packet arrives, RED checks the queue fill level. If the fill level corresponds to a nonzero drop probability, the RED algorithm determines whether to drop the arriving packet. Depending on the drop probabilities, RED might drop packets aggressively long before the buffer becomes full, or it might drop only a few packets even if the buffer is almost full.
In drop profiles you configure the queue threshold and drop probability as paired values. The values can be either percentage values (segmented) or data points (interpolated). These two alternatives enable you to configure each drop probability at up to 64 fill-level/drop-probability paired values, or to configure a profile represented as a series of line segments. For more information about configuring fill level and drop probabilities, see the JUNOS routing platform documentation.
- In the side pane, select a scheduler action.
- From the Create new list, select Drop Profile. Type a name for the drop profile, and click OK.
- Enter information as described in the Help text in the main pane, and click Apply.
Configuring Service Class Name Actions
You can configure service class name actions for PCMM policy rules.
To configure a service class name action:
- In the side pane, select a PCMM policy rule.
- From the Create new list, select Service Class Name. Type a name for the action, and click OK.
- Enter information as described in the Help text in the main pane, and click Apply.
Configuring Stateful Firewall Actions
You can configure stateful firewall actions for JUNOS ASP policy rules. Stateful firewall actions specify the action to take on packets that match the classify-traffic condition.
- In the side pane, select a JUNOS ASP policy rule.
- From the Create new list, select Stateful Firewalls. Type a name for the action, and click OK.
- Enter information as described in the Help text in the main pane, and click Apply.
- Expand the policy list and expand Packet Action.
A list of actions that can be taken on a packet appears in the side pane. You can configure one type of action.
- Select the action that you want to configure for the stateful firewall, and click Create.
- Enter information as described in the Help text in the main pane, and click Apply.
Configuring Traffic-Class Actions
Use this action to put packets in a particular traffic class. You can configure traffic-class actions for JUNOSe policy rules.
To configure a traffic-class action:
- In the side pane, select a JUNOSe policy rule.
- From the Create new list, select Traffic Class. Type a name for the action, and click OK.
- Enter information as described in the Help text in the main pane, and click Apply.
Configuring Traffic-Mirror Actions
Use this action to mirror traffic from a destination to a source or from a source to a destination. You can configure traffic-mirror actions for JUNOS filter input policy rules.
Before you use traffic-mirror actions, you must configure forwarding options on JUNOS routing platforms for port mirroring and next-hop group. For information about how these features work on the router, see the JUNOS Policy Framework Configuration Guide.
The rule containing a traffic-mirror action must comply with these conditions:
- It must be combined with forward actions in the same rule. One of the forward actions must accept the traffic if the source and/or destination IP addresses do not match the conditions.
- It contains either no classify-traffic condition or only one classify-traffic condition.
- It can be marked for accounting.
To configure a traffic-mirror action:
- In the side pane, select a JUNOS filter policy rule.
- From the Create new list, select Traffic Mirror. Type a name for the action, and click OK.
- Enter information as described in the Help text in the main pane, and click Apply.
Configuring Traffic-Shape Actions
Traffic-shape actions specify the maximum rate of traffic transmitted on an interface. You can create traffic-shape actions in JUNOS shaping policy rules.
To configure a traffic-shape action:
- In the side pane, select a JUNOS shaping policy rule.
- From the Create new list, select Traffic Shape. Type a name for the action, and click OK.
- To create a new value for the Rate parameter, enter a value in the box, and click Add.
- Enter information as described in the Help text in the main pane, and click Apply.