fast-lookup-tuple
Syntax
fast-lookup-tuple
Hierarchy Level
[edit firewall family inet filter firewall filter name term term name from]
Description
Use fast-lookup-tuple for better firewall filter processing
performance by matching exact values of the five tuple or five combined
match conditions. It enables high scale firewall filter performance
improvement with only 5-tuple configurations per term without range
configurations by avoiding execution of multiple terms in sequence. You can
also use fast-lookup-tuple-list to match five tuple list
template defined under policy options.
fast-lookup-tuple is only for INET firewall filter family. No
range of values is supported for each of the 5-tuple fields.
fast-lookup-tuple can be applied at all bind points
including chain filters, list filters, and nested filters. Next-term action
is not supported for fast-lookup-tuple match.
fast-lookup-tuple cannot be defined for fast lookup
filters.
The following is a sample configuration.
set firewall family inet filter f1 term t1 from fast-lookup-tuple 10.11.12.13:20.21.22.23:17:168:65535
Default
l3 byte value -
<dest-ip-in-regular-format>:<src-ip-in-regular-format>:<proto>:<src-port>:<dest-port>
-
<dest-ip-in-regular-format>: Destination IP address as <a.b.c.d>. Where a, b, c and d are in decimal values. Example: 10.11.12.13 as standard IP notation. -
<src-ip-in-regular-format>: Source IP address as <a.b.c.d>. Where a, b, c and d are in decimal values. Example: 10.12.13.14 as standard IP notation. -
<proto>: Single byte protocol value in decimal format. Note - Standard protocol names are not allowed for protocol value. -
<src-port>: Two bytes port values in decimal format. -
<dest-port>: Two bytes port values in decimal format.
Required Privilege Level
firewall—To view this statement in the configuration.
firewall-control—To add this statement to the configuration.
Release Information
Statement introduced in Junos 24.2 on MX platforms