flow

Syntax

Hierarchy Level

Description

Configure a flow route.

Default

legacy

Options

`discard-action-for-unresolved-redir-addr`	For action redirect IP if redirect address is unresolved install discard action filter.
fast-lookup-filter	Enable fast lookup filter. Note: The option fast-lookup-filter is supported on MX Series devices only.
no-fast-lookup-filter	Disable fast lookup filter. Note: The option no-fast-lookup-filter is supported on MX Series devices only. Default: no-fast-lookup-filter
`firewall-install-disable`—(PTX Series routers only)	The `firewall-install-disable` statement appears in the default configuration, preventing installation of flow-specification firewall filters into dfwd. For other models, this setting is omitted from the default configuration, allowing installation of flow-specification firewall filters into dfwd.
`interface-group group`	Interface-group for applying flowspec filter. `group`—Interface group ID to match traffic (1..255). `exclude`—Don't apply flowspec filter to traffic on this group.
`per-route-accounting`	Enable traffic accounting per flowspec route.
`no-per-route-accounting`	Disable traffic accounting per flowspec route.
`route name`	Name of the flow route.
`match match-conditions`	Match packets to these conditions.
`destination prefix`	IP destination address field.
`destination-port destination-port-names`	TCP or User Datagram Protocol (UDP) destination port field. You cannot specify both the `port` and `destination-port` match conditions in the same term. In place of the numeric value, you can specify one of the following text synonyms (the port numbers are also listed): `afs` (1483), `bgp` (179), `biff` (512), `bootpc` (68), `bootps` (67), `cmd` (514), `cvspserver` (2401), `dhcp` (67), `domain` (53), `eklogin` (2105), `ekshell` (2106), `exec` (512), `finger` (79), `ftp` (21), `ftp-data` (20), `http` (80), `https` (443), `ident` (113), `imap` (143), `kerberos-sec` (88), `klogin` (543), `kpasswd` (761), `krb-prop` (754), `krbupdate` (760), `kshell` (544), `ldap` (389), `login` (513), `mobileip-agent` (434), `mobilip-mn` (435), `msdp` (639), `netbios-dgm` (138), `netbios-ns` (137), `netbios-ssn` (139), `nfsd` (2049), `nntp` (119), `ntalk` (518), `ntp` (123), `pop3` (110), `pptp` (1723), `printer` (515), `radacct` (1813), `radius` (1812), `rip` (520), `rkinit` (2108), `smtp` (25), `snmp` (161), `snmptrap` (162), `snpp` (444), `socks` (1080), `ssh` (22), `sunrpc` (111), `syslog` (514), `tacacs-ds` (65), `talk` (517), `telnet` (23), `tftp` (69), `timed` (525), `who` (513), `xdmcp` (177), `zephyr-clt` (2103), or `zephyr-hm` (2104).
`dscp value`	Differentiated Services code point (DSCP). The DiffServ protocol uses the type-of-service (ToS) byte in the IP header. The most significant six bits of this byte form the DSCP. Range: You can specify DSCP in hexadecimal or decimal form from 0 through 63.
`fragment fragment-value`	IP header Fragment field. The keywords are grouped by the fragment type with which they are associated: `first-fragment` `is-fragment` `last-fragment` `not-a-fragment`
`icmp-code icmp-code-value`	ICMP code field. This value or keyword provides more specific information than `icmp-type`. Because the value’s meaning depends on the associated `icmp-type` value, you must specify `icmp-type` along with `icmp-code`. In place of the numeric value, you can specify one of the following text synonyms (the field values are also listed). The keywords are grouped by the ICMP type with which they are associated: parameter-problem: `ip-header-bad` (0), `required-option-missing` (1) redirect: `redirect-for-host` (1), `redirect-for-network` (0), `redirect-for-tos-and-host` (3), `redirect-for-tos-and-net` (2) time-exceeded: `ttl-eq-zero-during-reassembly` (1), `ttl-eq-zero-during-transit` (0) unreachable: `communication-prohibited-by-filtering` (13), `destination-host-prohibited` (10), `destination-host-unknown` (7), `destination-network-prohibited` (9), `destination-network-unknown` (6), `fragmentation-needed` (4), `host-precedence-violation` (14), `host-unreachable` (1), `host-unreachable-for-TOS` (12), `network-unreachable` (0), `network-unreachable-for-TOS` (11), `port-unreachable` (3), `precedence-cutoff-in-effect` (15), `protocol-unreachable` (2), `source-host-isolated` (8), `source-route-failed` (5)
`icmp-type icmp-type-value`	ICMP packet type field. Normally, you specify this match in conjunction with the `protocol` match statement to determine which protocol is being used on the port. In place of the numeric value, you can specify one of the following text synonyms (the field values are also listed): `echo-reply` (0), `echo-request` (8), `info-reply` (16), `info-request` (15), `mask-request` (17), `mask-reply` (18), `parameter-problem` (12), `redirect` (5), `router-advertisement` (9), `router-solicit` (10), `source-quench` (4), `time-exceeded` (11), `timestamp` (13), `timestamp-reply` (14), or `unreachable` (3).

`packet-length packet-length`	Total IP packet length value can range from 0 through 65535.
`port port-names`	TCP or UDP source or destination port field. You cannot specify both the `port` match condition and either the `destination-port` or `source-port` match condition in the same term. In place of the numeric value, you can specify one of the text synonyms listed under `destination-port`.
`protocol number`	In place of the numeric value, you can specify one of the following text synonyms (the field values are also listed): `ah` (51), `egp` (8), `esp` (50), `gre` (47), `icmp` (1), `igmp` (2), `ipip` (4), (41), `ospf` (89), `pim` (103), `rsvp` (46), `tcp` (6), or `udp` (17).
`source prefix`	IP source address field.
`source-port source-port-names`	TCP or UDP source port field. You cannot specify the `port` and `source-port` match conditions in the same term. In place of the numeric field, you can specify one of the text synonyms listed under `destination-port`.
`tcp-flags tcp-flags`	TCP header format.
`no-install`	Prohibit installing received routes in the forwarding table.
`then`	Actions to take on matching packets.
`accept`	Accept a packet. This is the default value.
`community name`	Replace any communities in the route with the specified communities.
`discard`	Discard a packet silently, without sending an Internet Control Message Protocol (ICMP) message.
`mark value`	Set a DSCP value for traffic that matches this flow. Specify a value from 0 through 63. This action is supported only on Junos devices with MPCs that are configured for `enhanced-ip` mode.
`redirect`	Redirect (tunnel) this flow's traffic to given next-hop address.
`next-term`	Continue to the next match condition for evaluation.
`rate-limit rate-limit`	Limit the bandwidth on the flow route. Express the limit in bits per second (bps).
`routing-instance route-target-extended-community`	Specify a routing instance to which packets are forwarded.
`sample`	Sample the traffic on the flow route.
`term-order (legacy \| standard)`	`legacy`—Use version 6 of the flow-specification algorithm. `standard`—Use version 7 of the flow-specification algorithm. Default: legacy
`validation`	Flow route validation options. Flow specifications received from peers are validated such that it is considered feasible.
`traceoptions`	Define tracing operations that track all routing protocol functionality in the routing device.
`file`	Trace file options. `filename`—Name of file in which to write trace information. `files`—Maximum number of trace files (2..1000). `no-world-readable`— Don't allow any user to read the log file. `size`—Maximum trace file size (10240..4294967295). `world-readable`—Allow any user to read the log file.
`flag`	Tracing parameters. `all`—Trace everything. `flash`—Trace flash processing. `general`—Trace general events. `normal`—Trace normal events. `policy`—Trace policy processing `resolution`—Trace flow to unicast. route resolution `route`—Trace routing information. `state`—Trace state transitions. `task`—Trace routing protocol task processing. `timer`—Trace routing protocol timer processing. `detail`—Trace detailed information. `disable`—Disable this trace flag. `receive`—Trace received packets. `send`—Trace transmitted packets.

Required Privilege Level

routing—To view this statement in the configuration.

routing-control—To add this statement to the configuration.

Release Information

Statement introduced before Junos OS Release 7.4.

term-order option introduced in Junos OS Release 10.0

firewall-install-disable option introduced in Junos OS Releases 12.1X48 and 12.3 for PTX Series routers.

interface-group option introduced in Junos OS Release 16.1R1.

per-route-accounting option introduced in Junos OS Release 21.1R1

ON THIS PAGE