JUNOSe 7.2.x Policy Management Configuration Guide
6 ! Overview
You can apply policy lists to packets:
! Arriving at an interface (input policy); on IP and IPv6 interfaces the packets
arrive before route lookup
! Arriving at the interface, but after route lookup (secondary input policy);
secondary input policies are supported only on IP and IPv6 interfaces
! Leaving an interface (output policy)
Policy Processing Order on an Interface Stack
For a given interface stack, the router processes the attached policies in the same
order in which normal packets are processed. On ingress interfaces, the router
processes any layer 2 policies first, then moves up the stack and processes any layer
3 policies. On egress interfaces, the router processes the layer 3 policies first,
followed by the layer 2 policies.
For example, Figure 1 shows an IP interface stacked over an ATM interface; both
interfaces have attached policies. At ingress, the router processes the ATM layer
policy first (Policy A), then processes Policy B at the upper (IP) layer. At egress, the
router processes Policy X first, and then processes Policy Y.
Figure 1: Order of Policy Processing
Policy Management Configuration Tasks
Perform the required tasks and also any optional tasks that you need for your policy
management configuration:
1. Create a CLACL (optional).
2. Create a rate-limit profile (optional). See Chapter 3, Creating Rate-Limit Profiles.
3. Create a policy list.
4. Create a classifier group.
5. Create one or more policy rules within the classifier group.
6. Apply a policy list to an interface or profile.
For information on monitoring policies, see Chapter 5, Monitoring Policy
Management.
Ingress Egress
Policy B
Policy A
Policy X
Policy Y
IP
ATM
IP
ATM
g013256
To Next Page
Loading...
Need help?
General
