Configuring Actions
Actions define the action taken on packets that match conditions in a policy rule. You create actions within policy rules. The type of action that you can create depends on the type of policy rule. See Supported Conditions and Actions.
Adding Actions
- In the navigation pane, right-click a policy rule.
- Click New > Action, and select an action from the list.
![]()
The <Action> Name dialog box appears.
- Enter a name, and click OK.
- Select the new action in the navigation pane.
- Configure the action as described in the following sections:
- Configuring Color Actions
- Configuring DOCSIS Actions
- Configuring Filter Actions
- Configuring FlowSpec Actions
- Configuring Forward Actions
- Configuring Forwarding Class Actions
- Configuring GateSpec Actions
- Configuring Loss Priority Actions
- Configuring Mark Actions
- Configuring NAT Actions
- Configuring Next-Hop Actions
- Configuring Next-Interface Actions
- Configuring Next-Rule Actions
- Configuring Policer Actions
- Configuring QoS Profile Attachment Actions
- Configuring Rate-Limit Actions
- Configuring Reject Actions
- Configuring Routing Instance Actions
- Configuring Scheduler Actions
- Configuring Service Class Name Actions
- Configuring Stateful Firewall Actions
- Configuring Traffic-Class Actions
- Configuring Traffic-Mirror Actions
- Configuring Traffic-Shape Actions
- Configuring User Packet Class Actions
Configuring Color Actions
You can configure color actions for JUNOSe IPv6 policy rules.
![]()
Description
Color
- 1 is green; indicating a low drop preference
- 2 is yellow; indicating a medium drop preference
- 3 is red; indicating a high drop preference
Configuring DOCSIS Actions
You can configure Data over Cable Service Interface Specifications (DOCSIS) actions for PacketCable Multimedia Specification (PCMM) policy rules.
![]()
Service Flow Scheduling Type
- Scheduling types for service flows. The scheduling type that you select determines which fields are available in the DOCSIS action.
- Value
- Predefined global parameter. For information about each DOCSIS service scheduling type, see Table 12.
- best_effort
- unsolicited_grant
- down_stream
- unsolicited_grant_with_activity_detection
- real_time
- non_real_time
Traffic Priority
- Priority for the service flow. If two traffic flows are identical in all QoS parameters except priority, the higher priority service flow is given preference.
- Value
- Number in the range 0-7, where 0 is the lowest priority and 7 is the highest priority
- Parameter of type trafficPriority
Request Transmission Policy
- Interval usage code that the cable modem uses for upstream transmission requests and packet transmissions for this service flow, and specifies whether requests can be piggybacked with data. Also, for data packets transmitted on this service flow, specifies whether packets can be concatenated, fragmented, or have their payload headers suppressed. For UGS service flows, this field also specifies how to treat packets that do not fit into the UGS grant.
- Value
Maximum Sustained Traffic Rate
Maximum Traffic Burst
- Maximum burst size for the service flow. This parameter has no effect unless you configure a nonzero value for the maximum traffic rate.
- Value
Minimum Reserved Traffic Rate
- Number of bits per second in the range 0-4294967295; a value of 0 means that no bandwidth is reserved for the service flow
- Numeric expression
- Parameter of type rate
Assumed Minimum Reserved Traffic Rate Packet Size
- Assumed minimum packet size for which the minimum reserved traffic rate is provided. If a packet is smaller than the assumed minimum packet size, the software treats the packet as if its size is equal to the value specified in this field.
- Value
Maximum Downstream Latency
- Maximum latency for downstream service flows. It is the maximum latency for a packet that passes through the CMTS device, from the time that the CMTS device's network side interface receives the packet until the CMTS device forwards the packet on its radio frequency (RF) interface.
- Value
Nominal Polling Interval
Tolerated Poll Jitter
- Maximum amount of time that unicast request intervals can be delayed beyond the nominal polling interval. Delaying requests allows the service flow scheduler to fit as much data as possible in an upstream packet, thereby reducing fragmentation.
- Value
Unsolicited Grant Size
Grants Per Interval
Nominal Grant Interval
- Nominal interval between successive unsolicited data grant opportunities for this service flow.
- Value
Tolerated Grant Jitter
- Maximum amount of time that the transmission opportunities can be delayed beyond the nominal grant interval.
- Value
- Guidelines—A jitter buffer can stop latency, but an improperly sized buffer can cause additional latency.
- Default—No value
Configuring Filter Actions
Use this action to discard packets. You can configure filter actions for JUNOS filters and JUNOSe policy rules.
![]()
Description
Configuring FlowSpec Actions
You can configure FlowSpec actions for PCMM policy rules.
![]()
Service Number
- controlled_load_service—Provides minimum bandwidth guarantees, but not latency and delay guarantees. A controlled-load service can contain only traffic specification (TSpec) token-bucket parameters, and not service request specification (RSpec) parameters.
- guaranteed_service—Provides both bandwidth and latency and delay guarantees. A guaranteed service can contain both TSpec and RSpec parameters.
Token Bucket Rate
- Guaranteed minimum rate that is reserved for the service flow. Token bucket rate is a TSpec parameter.
- Value
Token Bucket Size
- Number of bits per second in the range 1522-4294967295
- Numeric expression
- Parameter of type tokenBucketSize
- Guidelines—This parameter has no effect unless you configure a nonzero value for the maximum traffic rate.
- Default—No value
Peak Data Rate
- Amount of bandwidth over the committed rate that is allocated to accommodate excess traffic flow over the committed rate. Peak data rate is a TSpec parameter.
- Value
Minimum Policed Unit
- Assumed minimum-reserved-rate packet size. If a packet is smaller than the minimum policed unit, the software treats the packet as if its size is equal to the value specified in this field. Minimum policed unit is a TSpec parameter.
- Value
Maximum Packet Size
Rate
Slack Term
- Amount of slack in the bandwidth reservation that can be used without redefining the reservation. Slack is the difference between the desired delay and the actual delay obtained with the current bandwidth reservation. It allows some flexibility in bandwidth reservations. Slack term is an RSpec parameter.
- Value
Configuring Forward Actions
Use this action to forward packets, such as packets that are sent by means of a routing table. You can configure forward actions for JUNOS filters and JUNOSe policy rules.
![]()
Description
Configuring Forwarding Class Actions
You can configure forwarding class actions for JUNOS filter policy rules. The forwarding class action causes the router to assign a forwarding class to packets that match the associated classify-traffic condition.
![]()
Description
Forwarding Class
- String expression that matches a forwarding class that is configured on the router; for example, "assured-forwarding," "best-effort," "expedited-forwarding," or "network-control"
- Parameter of type forwardingClass
Configuring GateSpec Actions
You can configure GateSpec actions for PCMM policy rules. See Session Class ID for more information.
![]()
Description
Session Class Id Priority
- Priority bits in the session class ID. The priority field describes the relative importance of the session as compared with other sessions generated by the same policy decision point.
- Value
- Number in the range 0-7, where 0 is low priority and 7 is high priority
- String expression
- Parameter of type sessionClassIdPriority
Session Class Id Preemption
- Preemption bit in the session class ID. Use the preemption bit to allocate bandwidth to lower-priority sessions.
- Value
Session Class Id Configurable
- Configurable bit in the session class ID. Application managers that provide novel services may use this value to specify new session classes. Use this field if your policy server supports configurable policies based on this value or if your CMTS device implements a novel session class based on this value.
- Value
Configuring Loss Priority Actions
You can configure loss priority actions for JUNOS filter policy rules. The loss priority action causes the router to assign a packet loss priority to packets that match the associated classify-traffic condition.
![]()
Loss Priority
- any_priority—Do not select this value for loss priority. This parameter appears in this field because it is a global packetLossPriority parameter. However, in this context, a value of any_priority is not valid.
- high_priority—Sets the PLP to high
- low_priority—Sets the PLP to low
- String expression that matches valid values on the router; for example, "high" or "low"
- Parameter of type packetLossPriority
Configuring Mark Actions
Use this action to mark packets. You can configure mark actions for JUNOSe and PCMM policy rules.
![]()
Description
Mark Value
- For IPv4 packets, sets the ToS field in the IP header. For IPv6 packets, sets the traffic-class field in the IP header
- Value
Mark Mask
Configuring NAT Actions
You can configure NAT actions for JUNOS ASP policy rules.
![]()
NAT Translation Type
- "destination static"—Implements address translation for destination traffic without port translation; makes selected private servers accessible
- "source dynamic"—Implements address translation for source traffic with port translation
- "source static"—Implements address translation for source traffic without port mapping
IP Network
- An IP address with or without a prefix
- Expression that indicates an address range (low to high); for example, 92.168.1.100..192.168.1.110; address ranges are limited to 32 addresses
- Predefined global parameter:
- any—Do not select this value for IP network. This parameter appears in this field because it is a global network parameter. However, in this context, a value of any is not valid.
- Parameter of type network
- Parameter of type address/prefix; for example, pubIp/32
where pubIp is a local address parameter and 32 is the prefix lengthPort
- Integer in the range 0-64000
- Numeric expression that indicates a range of ports; for example, 2010..2020
- 0..65535—Provides the same effect as the automatic option. JUNOS routing platforms support a port option called automatic, which means that it is a router-assigned port.
- Parameter of type port
Configuring Next-Hop Actions
Use this action for the ingress side of the interface to specify the next IP address where the classified packets should go. You can configure next-hop actions for JUNOS filters and JUNOSe policy rules.
![]()
Description
Next Hop Address
- gateway_ipAddress—IP address of the gateway as specified by the service object
- interface_ipAddress—IP address of the router interface
- service_ipAddress—IP address of the service as specified by the service object
- user_ipAddress—IP address of the subscriber
- virtual_ipAddress—Virtual portal address of the SSP that is used in redundant redirect server installations
Configuring Next-Interface Actions
Use this action to forward packets to a particular interface and/or a next-hop address. You can configure next-interface actions for JUNOS filters and JUNOSe policy rules. On JUNOSe routers, you can use this action for both ingress and egress parts of the interface.
![]()
Description
InterfaceSpec
- Enter interface specifiers in the format:
'<type of specifier>=<value>'
where< type of specifier> is the interface name, alias, description, or uid
For example: name='fastEthernet3/0'
For lists of valid interface specifiers for JUNOSe routers, see Interface Types and Specifiers in the JUNOSe Command Reference Guides.
- Enter interface specifiers in the format:
'name= <mediatype>-<slot>/<pic>/<port>.<unit>'
For example: 'name=AT-0/1/0.0'Next Hop Address
- Next IP address where the classified packets should go. This field is available only in JUNOSe policy rules.
- Value
- gateway_ipAddress—IP address of the gateway as specified by the service object
- interface_ipAddress—IP address of the router interface
- service_ipAddress—IP address of the service as specified by the service object
- user_ipAddress—IP address of the subscriber
- virtual_ipAddress—Virtual portal address of the SSP that is used in redundant redirect server installations
Configuring Next-Rule Actions
You can configure next-rule actions for JUNOS filter policy rules. If a packet matches the classify-traffic condition, the next-rule action causes the router to continue to the next rule in the policy list for evaluation.
![]()
Description
Configuring Policer Actions
The policer action specifies rate and burst size limits and the action taken if a packet exceeds those limits. You can create policer actions in JUNOS policer and JUNOS filter policy rules.
![]()
Description
Bandwidth Limit
where bw is a local parameter that has a value of 1024 * 1920
Bandwidth Limit Unit
- bps—Value entered for bandwidth limit is bps
- percent—Value entered for bandwidth limit is a percentage of the port speed
Burst Size Limit (bytes)
- Maximum burst size. The minimum recommended value is the maximum transmission unit (MTU) of the IP packets being policed.
- Value
where qosRate is a local parameter of type rate
Packet Action
- filter—Packet is discarded
- forwardingClass—Packet is assigned to a forwarding class
- lossPriority—Packet's loss priority level is set to low or high
- String expression
- Parameter of type packetOperation
Configuring QoS Profile Attachment Actions
Use this action to specify the QoS profile and the QoS parameters to attach to the router interface when this action is taken. The QoS profile and the QoS parameters must be configured on the router. You can configure QoS actions for JUNOSe policy rules.
The router allows only one QoS profile to be attached to an interface at one time. Therefore, as a subscriber activates and deactivates different services, the QoS profile running on the interface needs to change. The SRC software provides a QoS-tracking plug-in (QTP) that you can use to ensure that as a subscriber activates and deactivates services, the required QoS profile is attached to the subscriber interface. See SRC-PE Solutions Guide, Chapter 1, Managing Tiered and Premium Services with QoS on JUNOSe Routers with the SRC CLI.
The QoS parameters allow you to specify rates in QoS profiles as parameters instead of fixed values. The actual values for the parameters can be specified for each interface. Therefore, you can share a QoS profile among different interfaces with different rates.
![]()
Description
QoS Profile
- Name of a QoS profile that is configured on the router. Enclose the name in double quotation marks to indicate that it is a literal string and not a parameter.
- Parameter of type qosProfileSpec
QoS Parameters
- Names and values of the QoS parameters to attach to the JUNOSe interface when this action is taken. The parameters are configured on the JUNOSe router and referenced in the scheduler profiles referred to by the QoS profile.
- Value
- The name=value pair that defines a QoS parameter; use map expressions to define multiple QoS parameters. For example, the map expression {max-bw=512000, shape-rate=1000000} supplies two QoS parameters.
- Parameter of type map
Configuring Rate-Limit Actions
Use this action to define the quality of service. You can configure rate-limit actions for JUNOSe policy rules.
![]()
Description
Rate Limit Type
- Specifies that the rate-limit profile is either one rate or two rate. The one-rate rate-limit profile provides a hard-limit rate limiter or a TCP-friendly rate limiter. The two-rate rate-limit profile provides a two-rate, three-color marking mechanism.
- Value
- one rate—Uses a single-rate committed rate with two burst parameters: committed burst and excess burst; supports a TCP-friendly rate limiter
- two rate—Uses committed rate and peak rate, each with a burst parameter
Committed Rate (bps)
Committed Burst (bytes)
- Default—16384
- Example—max(qos*0.1/8, 16384) - sets the burst size to the maximum of 100-ms burst at committed rate (qos*0.1) in bytes (/8) or 16384
where qos is a local parameter that represents the committed ratePeak Rate (bps)
- For two-rate rate-limit profiles, specifies the amount of bandwidth allocated to excess traffic flow over the committed rate.
- Value
- Default—0
- Example—qos*1.5 - sets the peak rate to 1.5 times the committed rate
where qos is a local parameter that represents the committed ratePeak Burst (bytes)
- For two-rate rate-limit profiles, specifies the amount of bandwidth allocated to burst traffic in excess of the peak rate.
- Value
- Default—16384
- Example—max(qos*1.5*0.1/8, 16384)
where qos is a local parameter that represents the committed rateExcess Burst (bytes)
- For one-rate rate-limit profiles, specifies the amount of bandwidth allocated to accommodate burst traffic.
- Value
- Number of bytes in the range <0 |[Committed Burst + 1, 4294967295]>
- Numeric expression
- Parameter of type burst
Committed Action
- filter()—Drops the packet
- forward()—Transmits the packet
- mark()—Marks the packet by setting the ToS byte (IP) or traffic-class field (IPv6) to the specified 8-bit value, and transmits the packet. Specify the ToS byte in the parenthesis.
The ToS byte can be an integer in the range 0-255 or parameter of type tosByte
Conformed Action
- filter()—Drops the packet
- forward()—Forwards the packet
- mark()—Marks the packet by setting the ToS byte (IP) or traffic-class field (IPv6) to the specified 8-bit value, and transmits the packet. Specify the ToS byte in the parenthesis.
The ToS byte can be an integer in the range 0-255 or parameter of type tosByte
Exceeded Action
- filter()—Drops the packet
- forward()—Transmits the packet
- mark()—Marks the packet by setting the ToS byte (IP) or traffic-class field (IPv6) to the specified 8-bit value, and transmits the packet. Specify the ToS byte in the parenthesis.
The ToS byte can be an integer in the range 0-255 or parameter of type tosByte
Configuring Reject Actions
You can configure reject actions for JUNOS filter policy rules. The reject action causes the router to discard a packet and send an ICMP destination unreachable message.
![]()
Description
Message Type
- String expression that matches a type of ICMP destination unreachable message supported on the router; for example:
- "administratively-prohibited"
- "bad-host-tos"
- "bad-network-tos"
- "host-prohibited"
- "host-unknown"
- "host-unreachable"
- "network-prohibited"
- "network-unknown"
- "network-unreachable"
- "port-unreachable"
- "precedence-cutoff"
- "precedence-violation"
- "protocol-unreachable"
- "source-host-isolated"
- "source-route-failed"
- "tcp-reset"—If you specify tcp-reset, a TCP reset message is sent if the packet is a TCP packet. Otherwise, nothing is sent.
Configuring Routing Instance Actions
You can configure routing instance actions for JUNOS filter policy rules. Use routing instance actions for filter-based forwarding to direct traffic to a specific routing instance configured on the router.
![]()
Description
Routing Instance
- Routing instance to which packets are forwarded. The routing instance must be configured on the router.
- Value
- String expression that matches the name of a routing instance configured on the router; for example "isp2-route-table"
- Parameter of type routingInstance
Configuring Scheduler Actions
You use scheduler actions along with QoS conditions and traffic-shape actions to configure transmission scheduling and rate control. Schedulers define the priority, bandwidth, delay buffer size, rate control status, and random early detection (RED) drop profiles to be applied to a particular class of traffic. You can create scheduler actions in JUNOS scheduler policy rules.
![]()
Description
Buffer Size
- "remainder"—Uses available buffer that is not assigned to other queues
- Expression
- Parameter of type schedulerBufferSize
Buffer Size Unit
- buffer_size_percentage—The value is a percentage of the total buffer.
- buffer_size_remainder—The value is the remaining buffer available.
- temporal—The value is temporal, in microseconds.
Transmit Rate
- "remainder"—Uses remaining rate available
- Numeric expression
- Parameter of type schedulerTransmitRate
- Default—No value
- Example—4/10*bandwidth sets the transmit rate to 4/10 of transmission bandwidth that is allocated to the logical interface unit
where bandwidth is a local parameter of type any
Transmit Rate Unit
- rate_in_bps—Transmission rate in bps
- rate_in_percentage—Percentage of transmission capacity
- rate_in_remainder—Uses remaining rate available
Exact
- Specifies whether or not to enforce the exact transmission rate. Under sustained congestion, a rate-controlled queue that goes into negative credit fills up and eventually drops packets.
- Value
Priority
- Packet-scheduling priority. The priority determines the order in which an output interface transmits traffic from the queues.
- Value
- low
- medium_low
- medium_high
- high—Assigning high priority to a queue prevents the queue from being starved by traffic in a strict high-priority queue
- strict_high—Configure a high-priority queue with unlimited transmission bandwidth available to it. As long as it has traffic to send, the strict high-priority queue receives precedence over low, medium-low, and medium-high priority queues, but not high-priority queues. You can configure strict high-priority on only one queue per interface.
Configuring Drop Profile Maps
The scheduler drop profile defines the drop probabilities across the range of delay-buffer occupancy, thereby supporting the RED process. For a packet to be dropped, it must match the drop profile. When a packet arrives, RED checks the queue fill level. If the fill level corresponds to a nonzero drop probability, the RED algorithm determines whether to drop the arriving packet. Depending on the drop probabilities, RED might drop packets aggressively long before the buffer becomes full, or it might drop only a few packets even if the buffer is almost full.
The SchedulerAction pane displays a table with configured drop profile maps. To configure the table:
- To add a drop profile map, click Add. Policy Editor displays the Drop Profile Map Details dialog box.
- To modify a map, select the map, and click Modify. Policy Editor displays the Drop Profile Map Details dialog box for that map.
- To delete a map, select the map, and click Delete.
- To move a map up, select the map, and click Up.
- To move a map down, select the map, and click Down.
![]()
Protocol
- any_protocol—Accepts any protocol type
- non_tcp—Accepts any protocol type other than TCP/IP
- tcp_only—Accepts only TCP/IP protocol
Loss Priority
- any_priority—Drop profile applies to packets with any PLP.
- high_priority—Drop profile applies to packets with high PLP.
- low_priority—Drop profile applies to packets with low PLP.
Drop Profile Type
- interpolated—Specifies values for interpolating relationship between queue fill level and drop probability
- segmented—Specifies fill level and drop probability as percentages
Setting Fill Level and Drop Probability
In drop profiles you configure fill level and drop probability as paired values. The values can be either percentage values (segmented) or data points (interpolated). These two alternatives enable you to configure each drop probability at up to 64 fill-level/drop-probability paired values, or to configure a profile represented as a series of line segments. For more information about configuring fill level and drop probabilities, see the JUNOS routing platform documentation.
You can set these value pairs by clicking Show Data Points on the Drop Profile Map Details screen. To add a value pair:
- In the data entry field, enter the value for the fill level, press the space bar, and then enter the drop probability value.
- Click Add.
![]()
Fill Level
- If the drop profile type is segmented, specify how full the queue is as a percentage.
- If the drop profile type is interpolated, specify a data point for mapping the queue fill percentage in the range 0-100.
- Parameter of type percent
Drop Probability
- If the drop profile type is segmented, specify the drop probability as a percentage. A value of 0 means that a packet will never be dropped, and a value of 100 means that all packets will be dropped. The range is 0-100.
- If the drop profile type is interpolated, specify a data point for packet drop probability in the range 0-100.
- Parameter of type percent
Configuring Service Class Name Actions
You can configure service class name actions for PCMM policy rules.
![]()
Description
Service Class
Configuring Stateful Firewall Actions
You can configure stateful firewall actions for JUNOS ASP policy rules. Stateful firewall actions specify the action to take on packets that match the classify-traffic condition.
![]()
Description
Packet Action
- filter—Packet is not accepted and is not processed further
- forward—Packet is accepted and sent to its destination
- reject—Packet is not accepted, and a rejection message is returned; UDP sends an ICMP unreachable code, and TCP sends RST
- String expression
- Parameter of type packetOperation
Configuring Traffic-Class Actions
Use this action to put packets in a particular traffic class. You can configure traffic-class actions for JUNOSe policy rules.
![]()
Description
Caption
Keywords
- Series of words that the system uses as a filter for keyword searches that are inherited from the policy.
- Value—Text
- Default—No value
Traffic-Class Profile
- Name of the traffic-class profile that is applied to a packet when it passes through the router.
- Value
Configuring Traffic-Mirror Actions
Use this action to mirror traffic from a destination to a source or from a source to a destination. You can configure traffic-mirror actions only for JUNOS input policy rules.
Before you use traffic-mirror actions, you must configure forwarding options on JUNOS routing platforms for port mirroring and next-hop group. For information about how these features work on the router, see the JUNOS Policy Framework Configuration Guide.
The rule containing a traffic-mirror action must comply with these conditions:
- It must be combined with forward actions in the same rule. One of the forward actions must accept the traffic if the source and/or destination IP addresses do not match the conditions.
- It contains either no classify-traffic condition or only one classify-traffic condition.
- It can be marked for accounting.
![]()
Description
Configuring Traffic-Shape Actions
Traffic-shape actions specify the maximum rate of traffic transmitted on an interface. You can create traffic-shape actions in JUNOS shaping policy rules.
![]()
Description
Rate (bps)
Configuring User Packet Class Actions
Use this action to put packets in a particular user packet class. You can configure user packet class actions for JUNOSe IPv6 policy rules.
![]()
Description
User Packet Class