Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
ON THIS PAGE
 

no-next-header-to-payload-protocol-mapping

Syntax

Hierarchy Level

Description

Is used to control the behavior of the next-header match condition. When enabled, next-header matches the first extension header and if disabled next-header matches value of the payload/upper-layer protocol.

The next-header and payload-protocol match conditions were introduced in Junos releases 21.4R2-S1-EVO, 21.4R3-S1-EVO, 22.2R2-S1-EVO, 22.3R1-EVO and onwards. Previous to these releases, such as 21.4R3-EVO and 22.1R1-EVO, payload-protocol match condition did not exist; next-header was used to match the value of the payload/upper-layer protocol.

Currently, on Junos releases that support next-header and payload-protocol, the next-header match condition cannot be used when the filter using this match condition is bound to a WAN egress interface and/or the lo0 ingress interface. Customers upgrading to such Junos releases could have next-header match conditions attached to a WAN egress interface and/or the lo0 ingress interface. The upgrade fails in such scenarios.

Even if the filter is bound to supported interfaces, customers might get unexpected behavior. It is because of the change in semantics of the next-header match condition, where on previous releases it was expected to match the payload-protocol, but on newer releases, Junos automatically does an internal conversion to make it match the first extension header.

Customers are expected to modify their configurations before an upgrade to avoid such issues. The no-next-header-to-payload-protocol-mapping allows customers time to adapt to the new behavior of next-header to prevent a failure during upgrade or prevent unexpected behavior. This configuration command helps the user to control whether the next-header match condition should exhibit its previous behavior of matching the payload-protocol or current behavior of matching the first extension header.

Required Privilege Level

  • interface—To view this statement in the configuration.

  • interface-control—To add this statement to the configuration.

Release Information

Statement introduced in Junos OS Release 23.2