144-Bit Ipv6 Classification Example - Juniper JUNOSE SOFTWARE FOR E SERIES 11.3.X - POLICY MANAGEMENT CONFIGURATION GUIDE 2010-10-04 Configuration Manual
Software for e series broadband services routers policy management configuration guide
Hide thumbs
Also See for JUNOSE SOFTWARE FOR E SERIES 11.3.X - POLICY MANAGEMENT CONFIGURATION GUIDE 2010-10-04:
- Reference manual (284 pages) ,
- Configuration manual (632 pages)
Table of Contents
Advertisement
144-bit IPv6 Classification Example
Copyright © 2010, Juniper Networks, Inc.
IPv6 classifier are present and the CAM entry length is computed dynamically. The
following three different kinds of results are possible for an IPv6 policy:
Sum of all classifier fields is less than or equal to 128 bits
Sum of all classifier fields is between 128 bits and 272 bits
Sum of all classifier fields is between 272 bits and 336 bits
CAM hardware classifiers support four types of CAM entries—72-bit, 144-bit, 288-bit, and
576-bits (16-bits are reserved for rule set id). Each of the policies fit into one of these
four CAM entry types. The 72-bit CAM entry is not chosen as CAM devices on some line
modules do not support this size limit. Therefore, the 144-bit, 288-bit, and 576-bit CAM
entries are used as the variable-length CAM entries for IPv6 policies.
The following sections describe examples for each type of variable length IPv6
classification and the number of CAM entries for each case:
In this example, a policy with a combination of IPv6 classifiers is created and attached.
The configuration conforms to the 144 bit limit.
Match all TCP SYN packets from 1:1:: to any DA with port 2000.
1.
host1(config)#ipv6 classifier-list tcpCLACL source-address 1:1::/32 tcp destination-port
eq 2000 tcp-flags "SYN"
Match all IPv6 packets to net 2:2::.
2.
host1(config)#ipv6 classifier-list ipv6CLACL destination-address 2:2::/32
Match all ICMPv6 echo packets.
3.
host1(config)#ipv6 classifier-list icmpv6CLACL icmpv6 icmp-type 8 icmp-code 0
Match all frames with the color red.
4.
host1(config)#ipv6 classifier-list colorCLACL color red
Create an IPv6 policy list.
5.
host1(config)#ipv6 policy-list ipv6Pol
host1(config-policy-list)#classifier-group colorCLACL
host1(config-policy-list-classifier-group)#filter
host1(config-policy-list-classifier-group)#classifier-group tcpCLACL
host1(config-policy-list-classifier-group)#filter
host1(config-policy-list-classifier-group)#classifier-group icmpv6CLACL
host1(config-policy-list-classifier-group)#filter
host1(config-policy-list-classifier-group)#classifier-group ipv6CLACL
host1(config-policy-list-classifier-group)#filter
The policy ipv6Pol is requesting classification on Source Address (first word),
Destination Address (first word), Destination Port, Protocol, TCP Flags, ICMPv6 Type,
ICMPv6 Code, Color, and TC field. Table 25 on page 164 lists the active classifiers in
the policy named ipv6Pol and the size of each classifier.
Chapter 8: Policy Resources
163
Advertisement
Table of Contents
