Table of Contents
Advertisement
Policy Management
Typically, when configuring packet mirroring, you configure a static route to
reach the analyzer device through the analyzer port. If the analyzer port is an
IP-over-Ethernet interface, you must also configure a static Address Resolution
Protocol (ARP) entry to reach the analyzer device. However, because only a
single static ARP entry can be installed for a given address at any given time,
when you are using equal-cost multipath (ECMP) links to connect to the
analyzer device, the static ARP configuration does not provide failover if the
link being selected fails or is disconnected. Therefore, to provide continued
connectivity if the link fails when using ECMP, enable the ip proxy-arp
unrestricted command on the next-hop router for each ECMP interface. As a
result, when the link fails, the router sends an ARP request to identify the MAC
address of the analyzer device and gets a response over the new link.
The ES2 10G LM does not support the deprecated next-hop command.
You cannot configure classifier lists that reference multiple fields for a VLAN
policy list on the ES2 10G Uplink LM or the ES2 10G LM, with the exception of
traffic-class and color. The system incorrectly classifies VLAN policies that
classify using multiple fields. For example, an invalid policy list that references
multiple fields uses both color and user-packet-class, or one classifier list using
color and another using user-packet-class.
In rare cases, some policy configurations that use CAM hardware classifiers
from releases earlier than Release 7.1.0 can fail because they exceed the total
hardware classifier entry size of 128 bits that was introduced in Release 7.1.0.
For more information and examples of previous configurations, see JUNOSe
Policy Management Configuration Guide, Chapter 8, Policy Resources.
Multiple Forwarding Solution Rules for a Single Classifier List in a Policy
Before Release 5.2.0, it was possible to configure a policy with multiple rules
that specified forwarding solutions where all of these rules were associated
with a single classifier list. This typically was a configuration error, but the CLI
accepted it. Beginning with Release 5.2.0, the CLI no longer accepts this
configuration.
Multiple forwarding rules behavior for releases numbered lower than
Release 5.2.0:
If multiple forward or filter rules were configured to reference the
same classifier list in a single policy, then all rules except the first rule
configured were marked as eclipsed in the show policy command
display. Next-interface and next-hop rules were treated in the same
manner. The eclipsed rules were not applied.
If a policy were configured with one rule from the [forward, filter] pair
and one rule from the [next-hop, next-interface] pair, and if both rules
referenced the same classifier list, then no visible eclipsed marking
occurred. However, these two rules were mutually exclusive, and only
one of them defined the forwarding behavior. The rule action that was
applied was in the order (from highest to lowest preference): next
interface, filter, next hop, forward. The applied rule was the rule whose
behavior was seen by forwarded packets.
Release 10.0.3
27
Known Behavior
Advertisement
Table of Contents
