Configuring Tag Rules
Tag rules include one or more term
statements
that identify the HTTP enrichment actions to take when the conditions
in the term
are matched. You must configure at least one tag
in the then
clause of a term
, and
you can configure multiple tags.
Terms are evaluated in the order they are configured. If a data
packet matches all the criteria in the from
statement in
a term
, then the actions specified in the then
statement of the term
are applied. If the from
statement does not identify any criteria, then all traffic matches.
After a data packet matches a term, further terms are not evaluated.
If no terms match, then the HTTP header is not enriched.
To configure a tag rule:
- Configure the list of tag attributes
that may be used in tag rules.
[edit services hcm] user@host# set tag-attribute tag-attr-name
The tag attributes currently supported for Adaptive Services are
apn
,ggsnipv4
,ggsnipv6
,imei
,imsi
,ipv4addr
,ipv6addr
, andmsisdn
. To configure multiple tag attributes, include them in square brackets ([ ]). Starting in Junos 20.2R1 IPv4 and IPv6 tags for HTTP Header Enrichment are supported for Next Gen Services on MX240, MX480 and MX960. No other tags are supported for Next Gen Services in this release.For example:
[edit services hcm] user@host# set tag-attribute [msisdn apn]
- Configure a name for the tag rule.
[edit services hcm] user@host# set tag-rule rule-name
For example:
[edit services hcm] user@host# set tag-rule rule1
- Configure a term for the tag rule.
[edit services hcm set tag-rule rule-name] user@host# set term term-number
Note:The
term
argument must have a numeric value.For example:
[edit services hcm set tag-rule rule1] user@host# set term 1
- (Optional) Specify the prefix that the HTTP request destination
IP address must match.
[edit services hcm tag-rule rule-name term term-number from] user@host# set destination-address prefix
For example:
[edit services hcm tag-rule rule1 term 1 from] user@host# set destination-address 192.0.2.0/24
You can also specify the type of address to match:
[edit services hcm tag-rule rule-name term term-number from] user@host# set destination-address (any-ipv4 | any-ipv6 | any-unicast)
You can specify multiple prefixes or address types by including the
destination-address
statement multiple times. - (Optional) Specify an IP address range that the HTTP request
destination IP address must match.
[edit services hcm tag-rule rule-name term term-number from] user@host# set destination-address-range low address high address
For example:
[edit services hcm tag-rule rule1 term 1 from] user@host# set destination-address-range low 10.10.10.1 high 10.10.10.255
You can specify multiple address ranges by including the
destination-address-range
statement multiple times. - (Optional) Specify the destination prefix list that the
HTTP request destination IP address must match. The prefix list must
already be defined at the
[edit policy-options prefix-list]
hierarchy level.[edit services hcm tag-rule rule-name term term-number from] user@host# set destination-prefix-list prefix-name
For example:
[edit services hcm tag-rule rule1 term 1 from] user@host# set destination-prefix-list customer1
You can specify multiple prefix lists by including the
destination-prefix-list
statement multiple times. - (Optional) Specify any addresses that you want to exclude
from matching the HTTP request destination IP address with the
except
statement. To exclude addresses, you must also configure addresses that do match in adestination-address
,destination-address-range
, ordestination-prefix-list
statement at the[edit services hcm tag-rule rule-name term term-number from]
hierarchy level.For example:
[edit services hcm tag-rule rule1 term 1 from] user@host# set destination-address-range low 10.10.10.1 high 10.10.10.255 user@host# set destination-address 10.10.10.9/32 except
This matches all the addresses in the destination range except 10.10.10.9.
You can use
except
in the following statements at the[edit services hcm tag-rule rule-name term term-number from]
hierarchy level:destination-address { any-ipv4 except; any-ipv6 except; any-unicast except; prefix except; } destination-address-range { high address low address except; } destination-prefix-list { prefix-name except; }
- (Optional) Specify a port range that the HTTP request
destination port number must match.
[edit services hcm tag-rule rule-name term term-number from] user@host# set destination-port-range high port-number low port-number
You can specify multiple port ranges by including the
destination-port-range
statement multiple times.Note:If you do not specify any ports or port ranges to match, then all ports are matched.
- (Optional) Specify the HTTP request destination port number
that must be matched.
[edit services hcm tag-rule rule-name term term-number from] user@host# set destination-ports value
You can specify multiple ports by including the
destination-ports
statement multiple times. - (Optional) Specify that you want to apply all HTTP header
enrichment actions specified in the
then
statement of the tag rule to all HTTP requests by not including any matching conditions in thefrom
statement. You must include afrom
statement in eachterm
of a tag rule.[edit services hcm tag-rule rule-name term term-number ] user@host# set from
For example:
[edit services hcm tag-rule rule2 term 1] user@host# set from [edit services hcm tag-rule rule2 term 1] user@host# set then count
- Configure a name for a tag.
[edit services hcm tag-rule rule-name term term-number then] user@host# set tag tag-name
For example:
[edit services hcm tag-rule rule1 term 1 then] user@host# set tag msisdn-tag
- Configure the tag header that the tag applies to the HTTP
header.
[edit services hcm tag-rule rule-name term term-number then tag tag-name] user@host# set tag-header header
For example:
[edit services hcm tag-rule rule1 term 1 then tag msisdn-tag] user@host# set tag-header X_MSISDN
You can configure a maximum of 16 unique tag headers.
The header values cannot be
accept
,accept-charset
,accept-encoding
,accept-language
,authorization
,expect
,host
,if-match
,if-modified-since
,if-none-match
,if-range
,if-unmodified-since
,max-forwards
,proxy-authorization
,referer
,user-agent
, orx-moz
. These header values are reserved; you cannot configure them. - Specify the tag attribute that the tag applies to the
HTTP header. To specify multiple attributes at one time, include the
attributes in square brackets ([]).
[edit services hcm tag-rule rule-name term term-number then tag tag-name] user@host# set tag-attribute [tag-attr-name]
Note:The tag attribute must be listed in the tag attributes configured in Step 1.
For example:
[edit services hcm tag-rule rule1 term 1 then tag msisdn-tag] user@host# set tag-attribute msisdn
- Specify the separator that the tag uses in the HTTP header.
[edit services hcm tag-rule rule-name term term-number then tag tag-name] user@host# set tag-separator separator
For example:
[edit services hcm tag-rule rule1 term 1 then tag msisdn-tag] user@host# set tag-separator /
- (Optional) Specify a hash method and prefix key for the
insertion of the tag in the HTTP header.
[edit services hcm tag-rule rule-name term term-number then tag tag-name encrypt] user@host# set hash algorithm prefix hash-prefix
Currently, only the
md5
hash method is supported.For example:
[edit services hcm tag-rule rule1 term 1 then tag msisdn-tag encrypt] user@host# set hash md5 prefix gatewaykey1
- (Optional) Enable the collection of statistics for HTTP
header enrichment for the tag rule.
[edit services hcm tag-rule rule-name term term-number then user@host# set count
- (Optional) Configure how the tag replaces
a byte of the IPv4 or IPv6 user address with a different value in
the HTTP header.
[edit services hcm tag-rule rule-name term term-number then tag tag-name] user@host# set (ipv4-mask ipv4-mask | ipv6-mask ipv6-mask) (ipv4-or-value ipv4-or-value | ipv6-or-value ipv6-or-value)
To identify the byte you want to replace, enter 255 for IPv4 or ff for IPv6 in the corresponding byte of the
ipv4-mask
oripv6-mask
and enter zero in the other bytes.To specify the new value for that byte, enter the value in the corresponding byte of the
ipv4-or-value
or theipv6-or-value
and enter zero in the other bytes.For example, the following replaces the first byte of the IPv4 user address with the value 168:
[edit services hcm tag-rule tag1 term term1 then tag subscip4] user@host# set ipv4-mask 255.0.0.0 ipv4-or-value 168.0.0.0
- If you want to configure more tags
for the
then
statement in the term, repeat Step 11 through Step 17. - If you want to configure another
term
statement for the tag rule, repeat Step 3 through Step 18.
Related Documentation
Change History Table
Feature support is determined by the platform and release you are using. Use Feature Explorer to determine if a feature is supported on your platform.