Juniper JUNOS OS 10.4 - RELEASE NOTES REV 6 Release Note page 25

Hide thumbs Also See for JUNOS OS 10.4 - RELEASE NOTES REV 6:

Release note (209 pages)

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

204

205

206

207

208

209

210

211

212

213

214

215

216

page of 216

/ 216
Contents
Table of Contents
Bookmarks

Table of Contents

New Features in Junos OS Release 10.4 for M Series, MX Series, and T Series Routers

fpc 1 {

pic 2 {

adaptive-services {

service-package {

extension-provider {

control-cores 1;

data-cores 1;

object-cache-size 512;

policy-db-size 64;

package jservices-rpm;

syslog daemon any;

}

[Services Interfaces]

ALGs using Junos OS Services Framework (JSF) (M Series with Multiservices PICs

and MX Series with MS DPCs)—Application-level gateways (ALGs) intercept and

analyze specified traffic, allocate resources, and define dynamic policies to permit

traffic to pass securely through a device. Beginning with Junos OS Release 10.4 on the

specified routers, you can use JSF ALGs with the following services:

Stateful firewall

Network Address Translation (NAT)

To use JSF to run ALGs, you must configure the jservices-alg package at the

chassis fpc slot pic slot adaptive-services service-package extension-provider package]

hierarchy level. In addition, you must configure the ALG application at the

applications application application-name]

in the stateful firewall rule or the NAT rule in those respective configurations.

[Services Interfaces]

Enhancements to port mirroring with next-hop groups (MX Series only)—Adds

support for binding up to two port-mirroring instances to the same MX Series Packet

Fowarding Engine. This enables you to choose multiple mirror destinations by specifying

different port-mirroring instances in the filters. Filters must include the

port-mirror-instance instance-name

hierarchy level. You must also include the

term-name then]

statement at the

instance-name

FPC to be used.

Inline port mirroring allows you to configure instances that are not bound to the FPC

specified in the firewall filter

you can define the

then next-hop-group

the port-mirror destination from the input parameters, such as rate. While the input

parameters are programmed in the Switch Interface Board (SIB), the next-hop

destination for the mirrored packet is available in the packet itself.

A port-mirroring instance can now inherit input parameters from another instance that

specifies it. To configure this option, include the

hierarchy level, and reference the application

statement at the

[edit firewall filter filter-name term

[edit chassis fpc number]

then port-mirror-instance instance-name

action. Inline port-mirroring aims to decouple

input-parameters-instance

[edit

port-mirror-instance

hierarchy level to specify the

action. Instead,

Table of Contents

Related Products for Juniper JUNOS OS 10.4 - RELEASE NOTES REV 6

This manual is also suitable for:

Junos os 10.4

Juniper JUNOS OS 10.4 - RELEASE NOTES REV 6 Release Note page 25

Related Manuals for Juniper JUNOS OS 10.4 - RELEASE NOTES REV 6

Related Products for Juniper JUNOS OS 10.4 - RELEASE NOTES REV 6

This manual is also suitable for:

Table of Contents