Sign In
Upload
Manuals
Brands
Juniper Manuals
Software
POLICY MANAGEMENT - CONFIGURATION GUIDE V11.1.X
Juniper POLICY MANAGEMENT - CONFIGURATION GUIDE V11.1.X Manuals
Manuals and User Guides for Juniper POLICY MANAGEMENT - CONFIGURATION GUIDE V11.1.X. We have
1
Juniper POLICY MANAGEMENT - CONFIGURATION GUIDE V11.1.X manual available for free PDF download: Configuration Manual
Juniper POLICY MANAGEMENT - CONFIGURATION GUIDE V11.1.X Configuration Manual (312 pages)
JUNOSe Software for Broadband Services Routers Policy Management Configuration Guide
Brand:
Juniper
| Category:
Software
| Size: 3.14 MB
Table of Contents
Table of Contents
9
List of Figures
17
List of Tables
19
About the Documentation
23
Audience
23
Documentation Feedback
23
E Series and Junose Documentation and Release Notes
23
E Series and Junose Text and Syntax Conventions
23
Obtaining Documentation
23
Requesting Technical Support
23
Table 1: Notice Icons
24
Table 2: Text and Syntax Conventions
24
About the Documentation
25
Opening a Case with JTAC
26
Self-Help Online Tools and Resources
26
Chapter 3 Creating Policy Lists
27
Part 1 Policy Management
27
Chapter 6 Merging Policies
27
Policy Management
27
Description of a Policy
29
Managing Policies on the E Series Router
29
Policy Management Overview
29
Policy Platform Considerations
29
Policy Management Configuration Tasks
32
Policy References
32
Classifier Control Lists Overview
33
Creating Classifier Control Lists for Policies
33
Creating or Modifying Classifier Control Lists for ATM Policy Lists
33
Creating or Modifying Classifier Control Lists for Frame-Relay Policy
33
Table 3: CLACL Criteria
33
Chapter 2 Creating Classifier Control Lists for Policies
35
Creating or Modifying Classifier Control Lists for GRE Tunnel Policy Lists
36
Creating or Modifying Classifier Control Lists for IP Policy Lists
36
Creating Classifier Control List for Only IP Policy Lists
37
Setting up an IP Classifier Control List to Accept Traffic from All Sources
37
Classifying IP Traffic Based on Source and Destination Addresses
37
Using IP Classifier Control Lists to Match Route Class Values
37
Creating IP Classifier Control Lists for TCP and UDP Ports
37
Creating an IP Classifier Control List that Matches the Tos Byte
37
Creating an IP Classifier Control List that Filters ICMP Echo Requests
37
Creating IP Classifier Control Lists that Use TCP or IP Flags
37
Creating IP Classifier Control Lists that Match the IP Fragmentation
37
Offset
37
Lists
36
Creating or Modifying Classifier Control Lists for Ipv6 Policy Lists
40
Creating or Modifying Classifier Control Lists for L2TP Policy Lists
40
Creating or Modifying Classifier Control Lists for MPLS Policy Lists
40
Creating or Modifying Classifier Control Lists for VLAN Policy Lists
41
Creating Policy Lists
43
Creating Policy Lists for ATM
43
Creating Policy Lists for Frame Relay
43
Creating Policy Lists for GRE Tunnels
43
Creating Policy Lists for IP
43
Creating Policy Lists for Ipv6
43
Creating Policy Lists for L2TP
43
Creating Policy Lists for MPLS
43
Policy Lists Overview
43
Figure 1: Constructing an IP Policy List
44
Creating Policy Lists for Vlans
56
Classifier Groups and Policy Rules Overview
57
Creating Classifier Groups and Policy Rules
57
Policy Rule Precedence
58
Chapter 4 Creating Classifier Groups and Policy Rules
59
Table 4: Policy Rule Commands and Precedence
59
Configuring Policies to Provide Network Security
61
Using Policy Rules to Provide Routing Solutions
61
Creating an Exception Rule Within a Policy Classifier Group
62
Defining Policy Rules for Forwarding
63
Assigning Values to the ATM CLP Bit
64
Enabling ATM Cell Mode
65
Enabling IP Options Filtering
65
Creating Multiple Forwarding Solutions with IP Policy Lists
66
Packet Tagging Overview
66
Creating a Classifier Group for a Policy List
68
Applying Policy Lists to Interfaces and Profiles Overview
69
Using RADIUS to Create and Apply Policies Overview
72
Table 5: Ascend-Data-Filter Fields
73
Ascend-Data-Filter Attribute for Ipv4/Ipv6 Subscribers in a Dual Stack
75
Construction of Ipv6 Classifiers from the Hexadecimal Ascend-Data-Filter Attribute
75
Examples: Using the Ascend-Data-Filter Attribute for Ipv4 Subscribers
76
Table 6: Ascend-Data-Filter Attribute for an Input Policy on an Ipv4 Interface
77
Table 7: Ascend-Data-Filter Attribute Values for a RADIUS Record
81
Table 8: Ascend-Data-Filter Attribute for an Output Policy on an Ipv6 Interface
82
Table 9: Ascend-Data-Filter Attribute for an Input Policy on an Ipv6 Interface
83
Examples: Using the Ascend-Data-Filter Attribute for Ipv6 Subscribers
86
Creating Rate-Limit Profiles
87
Rate Limits for Interfaces Overview
87
Hierarchical Rate Limits Overview
89
Chapter 5 Creating Rate-Limit Profiles
89
Hierarchical Classifier Groups
90
Hierarchical Rate-Limit Profiles
90
Hierarchical Rate-Limit Actions
91
Example: Multiple Flows Sharing Preferred Bandwidth Rate-Limiting Hierarchical Policy
93
Figure 2: Multiple Flows Sharing Preferred Bandwidth
93
Example: Multiple Flows Sharing a Rate Limit Hierarchical Policy
94
Figure 3: Multiple Packet Flows Sharing a Rate Limit
94
Example: Shared Pool of Additional Bandwidth with Select Flows Rate-Limiting Hierarchical Policy
95
Figure 4: Shared Pool of Additional Bandwidth with Select Flows
95
Example: Aggregate Marking with Oversubscription Rate-Limiting Hierarchical Policy
96
Figure 5: Aggregate Marking with Oversubscription
97
Color-Aware Configuration for Rate-Limiting Hierarchical Policy
98
Percent-Based Rates for Rate-Limit Profiles Overview
99
Policy Parameter Reference-Rate
100
Specifying Rates Within Rate-Limit Profiles
100
Specifying Burst Sizes
101
Using Service Manager with Merged Policies
101
Policy Parameter Configuration Considerations
101
Creating Rate-Limit Profiles
103
Policy Parameter Quick Configuration
103
One-Rate Rate-Limit Profiles Overview
108
Creating a One-Rate Rate-Limit Profile
109
Configuring a TCP-Friendly One-Rate Rate-Limit Profile
110
Table 10: TCP-Friendly One-Rate Rate-Limit Profile Algorithms
111
Two-Rate Rate-Limits Overview
112
Table 11: Policy Action Applied Based on Rate Settings and Traffic Rate
113
Creating a Two-Rate Rate-Limit Profile
114
Table 12: Two-Rate Rate-Limit Profile Algorithms
114
Setting the Committed Action for a Rate-Limit Profile
115
Setting the Committed Burst for a Rate-Limit Profile
116
Setting the Committed Rate for a Rate-Limit Profile
117
Setting the Conformed Action for a Rate-Limit Profile
117
Setting the Exceeded Action for a Rate-Limit Profile
117
Setting the Excess Burst for a Rate-Limit Profile
118
Setting the Mask Value for IP and Ipv6 Rate-Limit Profiles
118
Setting the Mask Value for MPLS Rate-Limit Profiles
118
Setting the Peak Burst for Two-Rate Rate-Limit Profiles
119
Setting the Peak Rate for Rate-Limit Profiles
119
Setting a One-Rate Rate-Limit Profile
120
Table 13: One-Rate Rate-Limit-Profile Defaults
120
Setting a Two-Rate Rate-Limit-Profile
121
Table 14: Two-Rate Rate-Limit-Profile Defaults
122
Bandwidth Management Overview
123
Examples: One-Rate Rate-Limit Profile
124
Examples: Two-Rate Rate-Limit Profile
124
Figure 6: Congestion Management
124
Examples: Rate-Limiting Individual or Aggregate Packet Flows
125
Rate-Limiting Traffic Flows
126
Merged Policy Naming Conventions
127
Merging Policies
127
Merging Policies Overview
127
Persistent Configuration Differences for Merged Policies through Service
127
Manager
127
Reference Counting for Merged Policies
127
Resolving Policy Merge Conflicts
127
Policy Attachment Rules for Merged Policies
132
Policy Attachment Sequence at Login through Service Manager
132
Error Conditions for Merged Policies
134
Merging Policies Configuration
134
Show Configuration
136
Parent Group Merge Algorithm
146
Overlapping Classification for IP Input Policy
148
Starting Policy Processing
150
Figure 7: Input Policy with Primary Stage and Auxiliary Substage
150
Processing the Classifier Result
151
Processing the Auxiliary-Input Policy Attachment
151
Policy Actions
151
Table 15: Input Action and Secondary Input Actions
153
Applying a Profile to Interfaces with Service Manager
155
Creating Hierarchical Policies for Interface Groups
155
Example: Configuring Hierarchical Policies
155
Example: Configuring Hierarchical Policy Parameters
155
Example: VLAN Rate Limit Hierarchical Policy for Interface Groups Configuration
155
Example: Wholesale L2TP Model Hierarchical Policy Configuration
155
Chapter 7 Creating Hierarchical Policies for Interface Groups
157
External Parent Groups
155
Hierarchical Policies for Interface Groups Overview
155
Hierarchical Policy Configuration Considerations
155
RADIUS and Profile Configuration for Hierarchical Policies
155
Table 16: Shorthand Notation Mapping
157
Figure 8: Configuration Process
161
Figure 9: VLAN Rate-Limit Configuration
164
Figure 10: Interface Stack for Wholesale L2TP Mode
168
Figure 11: Wholesale L2TP Configuration
169
Configuration
170
Figure 12: Interface Stack for Aggregate Rate Limit
170
Figure 13: Aggregate Rate Limit for Nonvoice Traffic Configuration
172
Figure 14: Interface Stack for Arbitrary Interface Groups
173
Figure 15: Arbitrary Interface Groups Configuration
174
Figure 16: Interface Stack for Service and User Rate-Limit Hierarchy Overlap
176
Figure 17: Service and User Rate-Limit Hierarchy Overlap Configuration
177
Example: Percentage-Based Hierarchical Rate-Limit Profile for External Parent Group
178
Example: PPP Interfaces Hierarchical Policy Configuration
180
Figure 18: Interface Stack for Hierarchical Policy Configuration
181
Policy Resources
185
Policy Resources Overview
185
Table 17: Classifier Support
186
Table 18: Classifier Support (All Line Modules Except OC48/STM16, GE-2, and GE-HDE)
187
CAM Hardware Classifiers Overview
188
FPGA Hardware Classifiers
188
Size Limit for IP and Ipv6 CAM Hardware Classifiers
189
IP Classifiers and Size Limits
190
Table 19: Size Limit of Individual IP Classifiers
190
Table 20: Size Limit of Combined IP Classifiers
191
Ipv6 Classifiers and Size Limits
192
Table 21: Size Limit of Individual Ipv6 Classifiers
192
Table 22: Size Limit of Combined Ipv6 Classifiers
193
Creating and Attaching a Policy with IP Classifiers
194
Table 23: Classification Fields for Example 1
195
Table 24: Classification Fields for Example 2
196
Variable-Sized CAM Classification for Ipv6 Policies Examples
197
144-Bit Ipv6 Classification Example
197
288-Bit Ipv6 Classification Example
198
Table 25: Ipv6 Classification Fields for a 144-Bit CAM Entry
198
576-Bit Ipv6 Classification Example
199
Table 26: Ipv6 Classification Fields for a 288-Bit CAM Entry
199
Table 27: Ipv6 Classification Fields for a 576-Bit CAM Entry
200
Performance Impact and Salability Considerations
201
Performance Impact
201
Scalability Considerations
201
CAM Device Block Size and CAM Entry Allocation
201
Number of CAM Entries Per Allocation and Free Entries
201
Table 28: Maximum Policies with One Classifier Per Policy for GE-2 Lms
202
Table 29: Maximum Policies with Four Classifiers Per Policy for GE-2 Lms
203
Software Classifiers Overview
204
Table 30: Resource Consumption
205
Chapter 9 Monitoring Policy Management
207
Setting a Statistics Baseline for Policies
208
Monitoring the Policy Configuration of Atm Subinterfaces
209
Table 31: Show Atm Subinterface Output Fields
209
Monitoring Classifier Control Lists
210
Table 32: Show Classifier-List Output Fields
211
Monitoring Color-Mark Profiles
213
Monitoring Control Plane Policer Information
213
Table 33: Show Color-Mark-Profile Output Fields
213
Monitoring the Policy Configuration of Frame Relay Subinterfaces
214
Table 34: Show Control-Plane Policer Output Fields
214
Table 35: Show Frame-Relay Subinterface Output Fields
215
Monitoring Gre Tunnel Information
216
Table 36: Show Gre Tunnel Output Fields
216
Monitoring Interfaces and Policy Lists
217
Monitoring the Policy Configuration of Ip Interfaces
219
Table 37: Show Interfaces Output Fields
219
Table 38: Show Ip Interfaces Output Fields
221
Monitoring the Policy Configuration of Ipv6 Interfaces
223
Table 39: Show Ipv6 Interface Output Fields
224
Monitoring the Policy Configuration of Layer 2 Services over Mpls
227
Table 40: Show Mpls L2Transport Interface Output Fields
228
Monitoring External Parent Groups
229
Monitoring Policy Lists
230
Table 41: Show Parent-Group Output Fields
230
Table 42: Show Policy-List Output Fields
234
Monitoring Policy List Parameters
235
Table 43: Show Policy-Parameter Output Fields
236
Monitoring Rate-Limit Profiles
237
Table 44: Show Rate-Limit-Profile Output Fields
237
Monitoring the Policy Configuration of Vlan Subinterfaces
238
Packet Flow Monitoring Overview
239
Packet Mirroring
243
Figure 20: CLI-Based Packet Mirroring
245
Table 45: Show Vlan Subinterface Output Fields
239
Chapter 10 Packet Mirroring Overview
245
Packet Mirroring Platform Considerations
248
Packet-Mirroring Terms
248
Table 46: Packet-Mirroring Terminology
248
Chapter 11 Configuring CLI-Based Packet Mirroring
251
Figure 19: CLI-Based Interface Mirroring
252
Table 47: Commands Made Visible by the Mirror-Enable Command
253
Table 48: Setting up the CLI-Based Packet-Mirroring Environment
256
Table 49: CLI-Based User-Specific Mirroring During Session Start
256
Table 50: CLI-Based Mirroring of Currently Running Session
256
Example: Configuring Cli-Based User-Specific Mirroring
261
Chapter 12 Configuring RADIUS-Based Mirroring
265
Table 51: RADIUS Attributes Used as Packet Mirroring Triggers
266
Table 52: RADIUS Attributes Used as Packet Mirroring Triggers
266
Table 53: RADIUS-Based Mirroring Attributes
267
Figure 21: RADIUS-Based Packet Mirroring
268
Radius-Based Mirroring Sequence of Events
268
Table 54: Setting up the RADIUS-Based Packet-Mirroring Environment
268
Table 55: RADIUS-Based Mirroring During Session Start (User-Initiated)
269
Table 56: RADIUS-Based Mirroring of Currently Running Session
269
Chapter 13 Managing Packet Mirroring
273
Figure 22: Prepended Header
276
Table 57: Prepended Header Field Descriptions
276
Format of the Mirror Header Attributes
277
Figure 23: 8-Byte Format of VSA 26-59
278
Figure 24: 4-Byte Format of VSA 26-59
278
Additional Packet-Mirroring Traps for Calea Compliance
283
Table 58: Packet-Mirroring SNMP Traps
283
Table 59: Packet-Mirroring Traps for CALEA Compliance
284
Table 60: Packet Mirroring Trap Severity Levels
284
Capturing Snmp Secure Audit Logs
286
Chapter 14 Monitoring Packet Mirroring
289
Monitoring Cli-Based Packet Mirroring
290
Monitoring the Packet Mirroring Configuration of Ip Interfaces
291
Table 61: Show Ip Interface Output Fields
291
Monitoring Failure Messages for Secure Policies
292
Table 62: Show Ip Mirror Interface Output Fields
292
Monitoring Packet Mirroring Triggers
293
Table 63: Show Mirror Log Output Fields
293
Monitoring Packet Mirroring Subscriber Information
294
Table 64: Show Mirror Rules Output Fields
294
Table 65: Show Mirror Subscribers Output Fields
294
Monitoring Radius Dynamic-Request Server Information
295
Table 66: Show Radius Dynamic-Request Statistics Output Fields
296
Monitoring Secure Clacl Configurations
297
Table 67: Show Secure Classifier-List Output Fields
297
Monitoring Secure Policy Lists
299
Monitoring Information for Secure Policies
300
Table 68: Show Secure Policy-List Output Fields
300
Monitoring Snmp Secure Packet Mirroring Traps
301
Table 69: Show Mirror Log Output Fields
301
Table 70: Show Snmp Trap Output Fields
302
Monitoring Snmp Secure Audit Logs
303
Table 71: Show Snmp Secure-Log Output Fields
304
Index
307
Advertisement
Advertisement
Related Products
Juniper JUNOS PULSE 2.0 RELEASE NOTES
Juniper PHYSICAL LAYER - CONFIGURATION GUIDE V11.1.X
Juniper JUNIPER CARE PLUS - SERVICE DESCRIPTION DOCUMENT 10-2010
Juniper PTX5000
Juniper PTX10002-60C
Juniper PTX10003-160C
Juniper PTX Series
Juniper PTX3000
Juniper PTX10001-36MR
Juniper PTX10004
Juniper Categories
Network Router
Switch
Gateway
Software
Network Hardware
More Juniper Manuals
Login
Sign In
OR
Sign in with Facebook
Sign in with Google
Upload manual
Upload from disk
Upload from URL