[Contents] [Prev] [Next] [Index] [Report an Error] [No Frames]


Configuring Policy Rules

The type of policy rule that you can create depends on the type and applicability of the policy list in which you create the policy rule. There is only one type of policy rule for JUNOSe policy lists and PCMM policy lists. For JUNOS policy lists, you can create the following policy rule types:

Before You Configure JUNOS Policy Rules

The following are prerequisites to using policy rules on JUNOS routing platforms.

JUNOS Scheduler and JUNOS Shaping Policy Rules

Before you use the JUNOS scheduler and JUNOS shaping policy rules, check that your Physical Interface Card (PIC) supports JUNOS scheduling and shaping rate. Also, check that your interface supports the per-unit-scheduler.

You must enable the per-unit-scheduler on the interface. To do so, on the JUNOS routing platform, include the per-unit-scheduler statement at the [edit interfaces interface-name] hierarchy level:

[edit interfaces interface-name]

per-unit-scheduler;

JUNOS ASP Policy Rules

Before you use the Adaptive Services PIC (ASP) policy rule to create a stateful firewall or NAT policy, you must configure the Adaptive Services PIC on the JUNOS routing platform. For example:

sp-0/1/0 {
    unit 0 {
        family inet {
            address 10.10.1.1/32;
        }
    }
}

For more information about configuring AS PICs, see the JUNOS Services Interfaces Configuration Guide.

Setting the Policy Rule Precedence

Policy lists can have more than one policy rule. Policy rules are assigned a precedence that determines the order in which the policy manager applies policy rules. Rules are evaluated from lowest to highest precedence value. For JUNOSe policies, rules with equal precedence are evaluated in the order of creation. For JUNOS policies, rules with equal precedence are evaluated in random order.

Note that for JUNOS SCHEDULER and JUNOS POLICER policy rules, precedence is not a factor.

The router classifies packets beginning with the classify condition in the policy list that has the policy rule with the lowest precedence.

For JUNOSe routers, if you want the router to take two corresponding actions on a packet, you would create a JUNOSe policy list that has more than one policy rule with the same precedence. For example, you may want a policy rule that marks a packet and a policy rule that forwards the packet to the next interface. Or you could have a policy rule that applies a traffic class and a policy rule that forwards the packet to the next hop.

Adding a Policy Rule

To add a policy rule:

  1. In the navigation pane, right-click a policy list.
  2. Select New > PolicyRule, and select a policy rule from the list.

The PolicyRule Name dialog box appears.

  1. Enter the Policy Rule name, and click OK.

The new policy rule appears in the navigation pane.

  1. Select the new Policy Rule object in the navigation pane.

The PolicyRule pane appears.

  1. Edit or accept the default values for the policy rule fields.

See Policy Rule Fields.

  1. Select File > Save.

Policy Rule Fields

In Policy Editor, you can modify the following fields in the PolicyRule content pane.

Description

Caption

Keywords

Precedence

Accounting

Using the PolicyRule Summary Table

The PolicyRule pane contains a table that summarizes the conditions and actions that are within the policy rule. It contains one row for each action that the policy rule contains. The fields in the table vary depending on the type of conditions and actions that are contained in the policy rule. You can modify conditions and actions from within the summary table, or you can modify them by selecting objects from the navigation pane. The fields in the summary table are explained in Table 25.


[Contents] [Prev] [Next] [Index] [Report an Error] [No Frames]