When the router receives a packet, it determines the best route to the ultimate destination
by looking in a forwarding table, which is associated with the VPN on which the packet
is to be sent. The router then forwards the packet toward its destination through the
appropriate interface.
NOTE: For transit packets exiting the router through the tunnel, forwarding
table filtering is not supported on the interfaces you configure as the output
interface for tunnel traffic.
A forwarding table filter allows you to filter data packets based on their components and
to perform an action on packets that match the filter; it essentially controls which bearer
packets the router accepts and forwards. To configure a forwarding table filter, include
the firewall statement at the [edit] hierarchy level:
[edit]
firewall {
family family-name {
filter filter-name {
term term-name {
from {
match-conditions;
}
then {
action;
action-modifiers;
}
}
}
}
}
family-name is the family address type: IPv4 (inet), IPv6 (inet6), Layer 2 traffic (bridge),
or MPLS (mpls).
term-name is a named structure in which match conditions and actions are defined.
match-conditions are the criteria against which a bearer packet is compared; for example,
the IP address of a source device or a destination device. You can specify multiple criteria
in a match condition.
action specifies what happens if a packet matches all criteria; for example, the gateway
GPRS support node (GGSN) accepting the bearer packet, performing a lookup in the
forwarding table, and forwarding the packet to its destination; discarding the packet;
and discarding the packet and returning a rejection message.
action-modifiers are actions that are taken in addition to the GGSN accepting or discarding
a packet when all criteria match; for example, counting the packets and logging a packet.
To create a forwarding table, include the instance-type statement with the forwarding
option at the [edit routing-instances instance-name] hierarchy level:
[edit]
routing-instances instance-name {
Copyright © 2017, Juniper Networks, Inc.1084
ACX Series Universal Access Router Configuration Guide
To Next Page
Loading...
Need help?
General
