Prefix-Specific Action Configuration - Juniper EX9200 Features Manual

Traffic Policers Feature Guide for EX9200 Switches

Prefix-Specific Action Configuration

98
NOTE: A prefix-specific action is specific to a source or destination
prefix range, but it is not specific to a particular source or destination
address range, and it is not specific to a particular interface.
To apply a prefix-specific action to the traffic at an interface, you configure a firewall
filter term that matches on source or destination addresses, and then you apply the
firewall filter to the interface. The flow of filtered traffic is rate-limited using prefix-specific
counter and policer instances that are selected per packet based on the source or
destination address in the header of the filtered packet.
To configure a prefix-specific action, you specify the following information:
Prefix-specific action name—Name that can be referenced as the action of an IPv4
standard firewall filter term that matches packets on source or destination addresses.
Policer name—Name of a single-rate two-color policer for which you want to implicitly
create prefix-specific instances.
NOTE: For aggregated Ethernet interfaces, you can configure a
prefix-specific action that references a logical interface policer (also called
an aggregate policer). You can reference this type of prefix-specific action
from an IPv4 standard firewall filter and then apply the filter at the
aggregate level of the interface.
Counting option—Option to include if you want to enable prefix-specific counters.
Filter-specific option—Option to include if you want a single counter and policer set to
be shared across all terms in the firewall filter. A prefix-specific action that operates
in this way is said to operate in filter-specific mode. If you do not enable this option,
the prefix-specific action operates in term-specific mode, meaning that a separate
counter and policer set is created for each filter term that references the prefix-specific
action.
Source address prefix length—Length of the address prefix, from 0 through 32, to be
used with a packet matched on the source address.
Destination address prefix length—Length of the address prefix, from 0 through 32, to
be used with a packet matched on the destination address.
Subnet prefix length—Length of the subnet prefix, from 0 through 32, to be used with
a packet matched on either the source or destination address.
You must configure source and destination address prefix lengths to be from 1 to 16 bits
longer than the subnet prefix length. If you configure source or destination address prefix
lengths to be more than 16 bits beyond the configured subnet prefix length, an error
occurs when you try to commit the configuration.
Copyright © 2016, Juniper Networks, Inc.