advance-policy-based-routing
Syntax
advance-policy-based-routing {
active-probe-params name {
settings {
burst-size <size>;
data-fill fill;
data-size <size>;
dscp-code-points dscp;
forwarding-class fc-name;
loss-priority {
priority (high | low | medium-high | medium-low);
}
per-packet-loss-timeout <timeout>;
probe-count <count>;
probe-interval <interval>;
sla-export-interval interval;
}
}
destination-path-group name {
active-probe-properties {
active-probe-only;
}
inline-gre-encap;
overlay-path name;
probe-routing-instance <routing-instance-name>;
}
from-zone name {
policy name {
description description;
match {
source-address;
destination-address;
application [ application ... ];
destination-address-excluded;
source-address-excluded
source-identity;
}
scheduler-name;
then {
application-services {
advance-policy-based-routing-profile advance-policy-based-routing-profile;
}
}
}
}
interface name {
unit number {
link-tag link-tag;
multipath-bandwidth bandwidth-value
priority priority-number;
weight weight-number
}
}
metrics-profile name {
sla-threshold {
delay-round-trip <delay-val>;
jitter <jitter-val>;
jitter-type (egress-jitter | ingress-jitter | two-way-jitter);
match (all | any-one);
packet-loss <loss>;
}
}
multipath-rule name {
application application-name;
application-group application-group-name;
bandwidth-limit bandwidth-limit;
enable-reverse-wing;
link-preferences;
link-type (IP | MPLS);
number-of-paths number-of-paths
}
overlay-path name {
probe-path {
local {
ip-address ip_address;
}
remote {
ip-address ip_address;
}
}
tunnel-path {
local {
ip-address ip_address;
}
remote {
ip-address ip_address;
}
}
}
profile name {
rule name {
disable-midstream-routing;
match {
category;
dscp [ dscp ... ];
dynamic-application;
dynamic-application-group;
}
then {
application-services-bypass;
routing-instance routing-instance-name;
sla-rule <sla-rule-name>;
}
}
}
sla-options {
log (disabled | syslog);
max-passive-probe-limit {
interval <refresh-interval>;
number-of-probes <probes>;
}
}
sla-rule name {
active-probe-params <probe-params-name>;
link-preferences {
affinity strict;
preferred-tag preferred-tag;
}
metrics-profile <metrics-profile-name>;
multipath-rule multipath-rule-name;
passive-probe-params {
sampling-frequency {
interval <sampling-interval>;
ratio <sampling-ratio>;
}
sampling-percentage <percentage>;
sampling-period <period>;
sla-export-factor <factor>;
type book-ended;
}
switch-idle-time <timeout>;
type saas;
violation-count <count>;
}
traceoptions {
file <filename> <files files> <match match> <size size> <(world-readable | no-world-readable)>;
flag name;
no-remote-trace;
}
tunables {
drop-on-zone-mismatch;
enable-logging;
max-route-change max-route-change;
no-l3l4-app-lookup;
}
}Hierarchy Level
[edit security]
Description
Configure an advanced policy-based routing.
You can create an advanced policy-based routing (APBR) profile (application profile) to match applications and application groups and redirect those matching traffic to the specified routing instance for the route lookup. The profile includes multiple rules. Each rule can contain multiple applications or application groups. If the application matches any of the application or application groups of a rule in a profile, the application profile rule is considered to be a match.
The APBR profile evaluates the application-aware traffic and permits or denies traffic based on the applications and application groups.
The application profile can be attached to a security zone or it can be attached to a specific logical or physical interface associated with the security zone.
Options
| profile profile-name | Name of the profile. Must be a unique name with a maximum length of 63 characters. |
| from-zone | Specify a source zone to be associated with the APBR policy. |
The remaining statements are explained separately. See CLI Explorer.
Required Privilege Level
services—To view this statement in the configuration.
services-control—To add this statement to the configuration.
Release Information
Statement introduced in Junos OS Release 15.1X49-D60.