Juniper JUNOS OS 10.4 - RELEASE NOTES Release Note page 19

Copyright © 2010, Juniper Networks, Inc.
New Features in Junos OS Release 10.4 for M Series, MX Series, and T Series Routers
When you configure NAT-PT with DNS ALG support, you must configure two NAT rules.
The first NAT rule ensures that the DNS query and response packets are translated
correctly. For this rule to work, you must configure a DNS ALG application and reference
it in the rule. The second rule is required to ensure that NAT sessions are destined to
the address mapped by the DNS ALG.
To configure the correct translation of the DNS query and response packets, include
the dns-alg-pool dns-alg-pool
services nat rule rule-name term term-name then translated]
To configure the DNS ALG application, include the
statement at the [edit applications]
services nat rule rule-name term term-name from]
To configure destination translation with the DNS ALG address map, use the
use-dns-map-for-destination-translation
rule-name term term-name then translated]
the DNS query or response processing done by the first rule with the actual data
sessions processed by the second rule.
You can also control the translation of IPv6 and IPv4 DNS queries in the following
ways.
For translation control of IPv6 DNS queries, use the
do-not-translate-AAAA-query-to-A-query
application application-name]
For translation control of IPv4 queries, use the
do-not-translate-A-query-to-AAAA-query
application application-name]
NOTE: The above two statements cannot be configured together. You
can only configure one at a time, but not both.
To check that the flows are established properly, use the
command or the
stateful-firewall flows
command.
[Services Interfaces]
Enhancements to active flow monitoring—Add support for extraction of bandwidth
usage information for billing purposes in PIC-based sampling configurations. This
capability is supported on M Series, MX Series, and T Series routers and applies only
to IPv4 and IPv6 traffic. It is enabled only at the global instance hierarchy level and is
not available for per Packet Forwarding Engine instances. To configure the sampling
of traffic for billing purposes, include the
statement at the
[edit forwarding-options sampling family (inet | inet6) output
flow-server server-name version version-number]
billing functionality, include the
flow-monitoring version9 template template-name]
template fields, see the Junos OS Services Interfaces Configuration Guide. You can apply
or dns-alg-prefix dns-alg-prefix
application application-name
hierarchy level, then reference it at the
hierarchy level.
statement at the
hierarchy level. This statement correlates
statement at the
hierarchy level.
statement at the
hierarchy level.
show services stateful-firewall conversations
template as-peer-billing-template-name
hierarchy level. To define the peer-AS
peer-as-billing-template statement at the
hierarchy level. For a list of the
statement at the [edit
hierarchy level.
[edit
[edit services nat rule
[edit applications
[edit applications
show services
[edit services
19