Kashif Latif, profile picture
Uploaded byKashif Latif
PPTX, PDF1,042 views

Routing Polices And Firewall Filter

The document discusses routing policies and firewall filters in Junos, explaining that routing policies allow modification of the routing policy framework to control which routes are placed in or advertised from the routing table, while firewall filters can filter packets based on their components and perform actions on matching packets to restrict traffic passing through a routing platform. Key components of routing policies and firewall filters are also outlined such as match conditions, actions, supported standards, and common uses of creating routing policies and firewall filter components.

Embed presentation

Downloaded 47 times
Routing Polices and Firewall Filter Kashif Latif
What is Routing Policies…? A routing policy is a mechanism in the JUNOS software that allows you to modify the routing policy framework to suit your needs. You can create and implement your own routing policies to do the following:  Control which routes a routing protocol places in the routing table.  Control which active routes a routing protocol advertises from the routing table. (An active route is a route that is chosen from all routes in the routing table to reach a destination).  Manipulate the route characteristics as a routing protocol places it in the routing table or advertises it from the routing table.
Count…  You can manipulate the route characteristics to control which route is selected as the active route to reach a destination. The active route is placed in the forwarding table and used to forward traffic toward the route’s destination. In general, the active route is also advertised to a router’s neighbors.  To create a routing policy, you must define the policy and apply it. You define the policy by specifying the criteria that a route must match and the actions to perform if a match occurs. You then apply the policy to a routing protocol or to the forwarding table.
Routing Tables Affected by Routing Policies
Default Actions on Routing Policies The following default actions are taken if the following situations arise during policy evaluation: 1. If a policy does not specify a match condition, all routes evaluated against the policy match. 2. If a match occurs but the policy does not specify an accept, reject, next term, or next policy action, one of the following occurs: 1. The next term, if present, is evaluated. 2. If no other terms are present, the next policy is evaluated. 3. If no other policies are present, the action specified by the default policy is taken. 3. If a match does not occur with a term in a policy and subsequent terms in the same policy exist, the next term is evaluated. 4. If a match does not occur with any terms in a policy and subsequent policies exist, the next policy is evaluated. 5. If a match does not occur by the end of a policy or all policies, the accept or reject action specified by the default policy is taken.
Creating Routing Policies The following are typical circumstances under which you might want to preempt the default routing policies in the routing policy framework by creating your own routing policies:  You do not want a protocol to import all routes into the routing table. If the routing table does not learn about certain routes, they can never be used to forward packets and they can never be redistributed into other routing protocols.  You do not want a routing protocol to export all the active routes it learns.  You want a routing protocol to announce active routes learned from another routing protocol, which is sometimes called route redistribution.
Count…  You want to manipulate route characteristics, such as the preference value, AS path, or community. You can manipulate the route characteristics to control which route is selected as the active route to reach a destination. In general, the active route is also advertised to a router’s neighbors.  You want to change the default BGP route flap-damping parameters.  You want to perform per-packet load balancing.  You want to enable class of service (CoS).
Match Conditions A match condition defines the criteria that a route must match. You can define one or more match conditions. If a route matches all match conditions, one or more actions are applied to the route.
What is Firewall Filter…? Firewall filters allow you to filter packets based on their components and to perform an action on packets that match the filter. Depending on the hardware configuration of the routing platform, you can use firewall filters for the following purposes: 1. On routing platforms equipped with an Internet Processor II application-specific integrated circuit (ASIC), you can control data packets, which are chunks of data transiting the routing platform as they are forwarded from a source to a destination. 2. On all routing platforms, you can control the local packets, which are chunks of data that are destined for or sent by the Routing Engine.
Count…  You can use the filters to restrict the local packets that pass from the routing platform's physical interfaces to the Routing Engine.  You can apply firewall filters to packets entering or leaving the routing platform on one, more than one, or all interfaces. For each interface, you can apply a firewall filter to incoming or outgoing traffic, or both, and the same filter can be used for both.  You can define firewall filters that apply to IP version 4 (IPv4), IP version 6 (IPv6), or Multiprotocol Label Switching (MPLS) traffic.  Filters with more than 1000 terms and counters have been implemented successfully.
Firewall Filter Components Firewall Filter have following two components: 1. Match conditions—Values or fields that the packet must contain. You can define various match conditions, including the IP source address field, IP destination address field, Transmission Control Protocol (TCP) or User Datagram Protocol (UDP) source port field, IP protocol field, Internet Control Message Protocol (ICMP) packet type, IP options, TCP flags, incoming logical or physical interface, and outgoing logical or physical interface. 2. Action—Specifies what to do if a packet matches the match conditions. Possible actions are to accept, discard, or reject a packet, go to the next term, or take no action.  In addition, statistical information can be recorded for a packet: it can be counted, logged, or sampled.
Supported Standards The JUNOS software supports the following RFCs related to filtering: 1. RFC 792, Internet Control Message Protocol (ICMP) 2. RFC 2373, IP Version 6 Addressing Architecture 3. RFC 2460, Internet Protocol, Version 6 (IPv6) 4. RFC 2474, Definition of the Differentiated Services (DS) Field 5. RFC 2475, An Architecture for Differentiated Services 6. RFC 2597, Assured Forwarding PHB 7. RFC 2598, An Expedited Forwarding PHB
Kashif Latif

More Related Content

PDF
Configurable Monitoring For Multi-Domain Networks
byIJMER
 
PDF
Rustam Pirmagomedov
byAlexMinov
 
DOCX
Mobile projected trajectory algorithm with
byjpstudcorner
 
PPSX
3G Drive Test Procedure_ @ MYM
byMd Joynal Abaden
 
PDF
Study of the VariousChannel Estimation Schemes in Wireless Mimo-Ofdm Networks
bytheijes
 
PPTX
Ex8216 Core Switch
byKashif Latif
 
PPTX
Cisco
byandres_bravo1892
 
PDF
Juniper denegacion de servicio (DoS) (y)
byJherdy
 
Configurable Monitoring For Multi-Domain Networks
byIJMER
 
Rustam Pirmagomedov
byAlexMinov
 
Mobile projected trajectory algorithm with
byjpstudcorner
 
3G Drive Test Procedure_ @ MYM
byMd Joynal Abaden
 
Study of the VariousChannel Estimation Schemes in Wireless Mimo-Ofdm Networks
bytheijes
 
Ex8216 Core Switch
byKashif Latif
 
Cisco
byandres_bravo1892
 
Juniper denegacion de servicio (DoS) (y)
byJherdy
 

Similar to Routing Polices And Firewall Filter

PPT
Introduction to Firewalls and functions.ppt
bydalton6070
 
PPT
firewalls.ppt
byMohanLal141254
 
PPT
Firewalls (6)
byBhargu Bhargavi
 
PPT
Marrion Kujinga ; Firewalls
byMarrion Kujinga
 
PPT
firewalls-detailed-explanation-1223144.ppt
byspecialabszg
 
PPT
introduciton to firewalls and its types.ppt
byDivyaSek
 
PPT
firewalls (1) for students in cyber sec.ppt
byssuser6c0026
 
PPT
firewalls (1) for cyber security students.ppt
byssuser6c0026
 
PPT
Firewalls
byAkhil Sharma
 
PPT
firewalls.ppt
byRaj Kumar
 
PDF
A Simple Traffic Aware Algorithm To Improve Firewall Performance
byCSCJournals
 
PPT
Firewall - Network Defense in Depth Firewalls
byphanleson
 
PDF
Cryptography Project by Aelsayed & Kyasser.pdf
byahmeddeath6
 
PDF
Policy and firewall_filters
byRafael Alcazar
 
PPT
Firewall Essentials
bySylvain Maret
 
PDF
Cr24608612
byIJERA Editor
 
PDF
Improving Firewall Performance by Eliminating Redundancies In Access Control ...
byCSCJournals
 
PPTX
FIREWALL
byswati463221
 
PPT
overview of firewall and classification .ppt
byshruti193541
 
PPTX
Firewall
bySaurabh Chauhan
 
Introduction to Firewalls and functions.ppt
bydalton6070
 
firewalls.ppt
byMohanLal141254
 
Firewalls (6)
byBhargu Bhargavi
 
Marrion Kujinga ; Firewalls
byMarrion Kujinga
 
firewalls-detailed-explanation-1223144.ppt
byspecialabszg
 
introduciton to firewalls and its types.ppt
byDivyaSek
 
firewalls (1) for students in cyber sec.ppt
byssuser6c0026
 
firewalls (1) for cyber security students.ppt
byssuser6c0026
 
Firewalls
byAkhil Sharma
 
firewalls.ppt
byRaj Kumar
 
A Simple Traffic Aware Algorithm To Improve Firewall Performance
byCSCJournals
 
Firewall - Network Defense in Depth Firewalls
byphanleson
 
Cryptography Project by Aelsayed & Kyasser.pdf
byahmeddeath6
 
Policy and firewall_filters
byRafael Alcazar
 
Firewall Essentials
bySylvain Maret
 
Cr24608612
byIJERA Editor
 
Improving Firewall Performance by Eliminating Redundancies In Access Control ...
byCSCJournals
 
FIREWALL
byswati463221
 
overview of firewall and classification .ppt
byshruti193541
 
Firewall
bySaurabh Chauhan
 

More from Kashif Latif

PPTX
Linear Programming Application
byKashif Latif
 
PDF
Analysis of Variance
byKashif Latif
 
PPTX
Cyber Space
byKashif Latif
 
PPT
DHCP
byKashif Latif
 
PPTX
Core 2 Duo Processor
byKashif Latif
 
PPTX
OSI Layers
byKashif Latif
 
PPTX
SRX3600 Cluster & IDP
byKashif Latif
 
PPTX
Routing Information Protocol
byKashif Latif
 
PPTX
Open Shortest Path First
byKashif Latif
 
PPTX
MX960 Router
byKashif Latif
 
PPTX
Link Aggregation Control Protocol
byKashif Latif
 
PPTX
Label Distribution Protocol
byKashif Latif
 
PPTX
HA, SRX Cluster & Redundancy Groups
byKashif Latif
 
PPTX
Difference Between XFP & SFP
byKashif Latif
 
PPTX
Chassis Cluster Configuration
byKashif Latif
 
PPTX
Border Gateway Protocol
byKashif Latif
 
Linear Programming Application
byKashif Latif
 
Analysis of Variance
byKashif Latif
 
Cyber Space
byKashif Latif
 
DHCP
byKashif Latif
 
Core 2 Duo Processor
byKashif Latif
 
OSI Layers
byKashif Latif
 
SRX3600 Cluster & IDP
byKashif Latif
 
Routing Information Protocol
byKashif Latif
 
Open Shortest Path First
byKashif Latif
 
MX960 Router
byKashif Latif
 
Link Aggregation Control Protocol
byKashif Latif
 
Label Distribution Protocol
byKashif Latif
 
HA, SRX Cluster & Redundancy Groups
byKashif Latif
 
Difference Between XFP & SFP
byKashif Latif
 
Chassis Cluster Configuration
byKashif Latif
 
Border Gateway Protocol
byKashif Latif
 

Recently uploaded

PDF
A Study of W. H. Auden’s September 1, 1939
bypriyarathod315
 
PPTX
Drug acting on ANS.pptx (Drug acts on Sympathetic and parasympathetic NS)
byManarat International University
 
PPTX
S.Y. B. Pharm Medicinal Chemistry I Unit-I
byMs. Ashatai Patil
 
PDF
Beyond the Absurd: A Comparative Reading of Waiting for Godot and the Bhagava...
byKruti Vyas
 
PDF
"Perfection of a Kind": A New Critical Reading of W.H. Auden’s Epitaph on a T...
byKruti Vyas
 
PDF
Art, Memory, and Modernity: A Study of W. H. Auden’s In Memory of W. B. Yeats
bypriyarathod315
 
PDF
Four Stars Of Destiny By General Manoj Mukund Naravane
byAman744562
 
PDF
Intellectual Property Rights III Types (IPR)
byAmit Gangwal
 
PDF
The Sheep and the Goat: Beckett’s Subversion of Divine Justice in Waiting for...
bysejadchokiya
 
PPTX
How to Create_Generate Engineering Change Orders ECOs in Odoo 18
byCeline George
 
PDF
BP801T BIOSTATISITCS AND RESEARCH METHODOLOGY (Theory) Unit 2 Part 1
byRushi Mandali
 
PDF
Holm Community Heritage at St Nicholas Kirk - 2025 AGM Minutes (30.04.2025)
byAntoine Pietri
 
PDF
Family and Marriage __ Sociology __ Jhasketan Kuanar __ NURSING VIBE ONLY .pdf
byJK NURSING VIBES ONLY JHASKETAN KUANAR
 
PPTX
Greengnorance Toolkit Module 5 Waste Management
byKarl Donert
 
PDF
AI Is a Tool, Not a Voice: Radio, Trust, and the Human Factor
byN.A. Shah Ansari
 
PPTX
How to Set Recurring Tasks in Odoo Projects
byCeline George
 
PPTX
Surface tension is the force acting per unit lenth of thec surface
bysavithakps95
 
PPTX
Renal Physiology- Functional anatomy of Kidney.pptx
byDisha Soriya
 
PPTX
Plant fibres used as surgical dressings & Sutures – Surgical Catgut and Ligat...
bySai Meer College of Pharmacy
 
PPTX
Methods & Applications of Enzyme Immobilization Technique.pptx
byAnupkumar Sharma
 
A Study of W. H. Auden’s September 1, 1939
bypriyarathod315
 
Drug acting on ANS.pptx (Drug acts on Sympathetic and parasympathetic NS)
byManarat International University
 
S.Y. B. Pharm Medicinal Chemistry I Unit-I
byMs. Ashatai Patil
 
Beyond the Absurd: A Comparative Reading of Waiting for Godot and the Bhagava...
byKruti Vyas
 
"Perfection of a Kind": A New Critical Reading of W.H. Auden’s Epitaph on a T...
byKruti Vyas
 
Art, Memory, and Modernity: A Study of W. H. Auden’s In Memory of W. B. Yeats
bypriyarathod315
 
Four Stars Of Destiny By General Manoj Mukund Naravane
byAman744562
 
Intellectual Property Rights III Types (IPR)
byAmit Gangwal
 
The Sheep and the Goat: Beckett’s Subversion of Divine Justice in Waiting for...
bysejadchokiya
 
How to Create_Generate Engineering Change Orders ECOs in Odoo 18
byCeline George
 
BP801T BIOSTATISITCS AND RESEARCH METHODOLOGY (Theory) Unit 2 Part 1
byRushi Mandali
 
Holm Community Heritage at St Nicholas Kirk - 2025 AGM Minutes (30.04.2025)
byAntoine Pietri
 
Family and Marriage __ Sociology __ Jhasketan Kuanar __ NURSING VIBE ONLY .pdf
byJK NURSING VIBES ONLY JHASKETAN KUANAR
 
Greengnorance Toolkit Module 5 Waste Management
byKarl Donert
 
AI Is a Tool, Not a Voice: Radio, Trust, and the Human Factor
byN.A. Shah Ansari
 
How to Set Recurring Tasks in Odoo Projects
byCeline George
 
Surface tension is the force acting per unit lenth of thec surface
bysavithakps95
 
Renal Physiology- Functional anatomy of Kidney.pptx
byDisha Soriya
 
Plant fibres used as surgical dressings & Sutures – Surgical Catgut and Ligat...
bySai Meer College of Pharmacy
 
Methods & Applications of Enzyme Immobilization Technique.pptx
byAnupkumar Sharma
 

Routing Polices And Firewall Filter

  • 1.
    Routing Polices and Firewall Filter Kashif Latif
  • 2.
    What is RoutingPolicies…? A routing policy is a mechanism in the JUNOS software that allows you to modify the routing policy framework to suit your needs. You can create and implement your own routing policies to do the following:  Control which routes a routing protocol places in the routing table.  Control which active routes a routing protocol advertises from the routing table. (An active route is a route that is chosen from all routes in the routing table to reach a destination).  Manipulate the route characteristics as a routing protocol places it in the routing table or advertises it from the routing table.
  • 3.
    Count…  You canmanipulate the route characteristics to control which route is selected as the active route to reach a destination. The active route is placed in the forwarding table and used to forward traffic toward the route’s destination. In general, the active route is also advertised to a router’s neighbors.  To create a routing policy, you must define the policy and apply it. You define the policy by specifying the criteria that a route must match and the actions to perform if a match occurs. You then apply the policy to a routing protocol or to the forwarding table.
  • 4.
    Routing Tables Affectedby Routing Policies
  • 5.
    Default Actions onRouting Policies The following default actions are taken if the following situations arise during policy evaluation: 1. If a policy does not specify a match condition, all routes evaluated against the policy match. 2. If a match occurs but the policy does not specify an accept, reject, next term, or next policy action, one of the following occurs: 1. The next term, if present, is evaluated. 2. If no other terms are present, the next policy is evaluated. 3. If no other policies are present, the action specified by the default policy is taken. 3. If a match does not occur with a term in a policy and subsequent terms in the same policy exist, the next term is evaluated. 4. If a match does not occur with any terms in a policy and subsequent policies exist, the next policy is evaluated. 5. If a match does not occur by the end of a policy or all policies, the accept or reject action specified by the default policy is taken.
  • 6.
    Creating Routing Policies Thefollowing are typical circumstances under which you might want to preempt the default routing policies in the routing policy framework by creating your own routing policies:  You do not want a protocol to import all routes into the routing table. If the routing table does not learn about certain routes, they can never be used to forward packets and they can never be redistributed into other routing protocols.  You do not want a routing protocol to export all the active routes it learns.  You want a routing protocol to announce active routes learned from another routing protocol, which is sometimes called route redistribution.
  • 7.
    Count…  You wantto manipulate route characteristics, such as the preference value, AS path, or community. You can manipulate the route characteristics to control which route is selected as the active route to reach a destination. In general, the active route is also advertised to a router’s neighbors.  You want to change the default BGP route flap-damping parameters.  You want to perform per-packet load balancing.  You want to enable class of service (CoS).
  • 8.
    Match Conditions A matchcondition defines the criteria that a route must match. You can define one or more match conditions. If a route matches all match conditions, one or more actions are applied to the route.
  • 9.
    What is FirewallFilter…? Firewall filters allow you to filter packets based on their components and to perform an action on packets that match the filter. Depending on the hardware configuration of the routing platform, you can use firewall filters for the following purposes: 1. On routing platforms equipped with an Internet Processor II application-specific integrated circuit (ASIC), you can control data packets, which are chunks of data transiting the routing platform as they are forwarded from a source to a destination. 2. On all routing platforms, you can control the local packets, which are chunks of data that are destined for or sent by the Routing Engine.
  • 10.
    Count…  You canuse the filters to restrict the local packets that pass from the routing platform's physical interfaces to the Routing Engine.  You can apply firewall filters to packets entering or leaving the routing platform on one, more than one, or all interfaces. For each interface, you can apply a firewall filter to incoming or outgoing traffic, or both, and the same filter can be used for both.  You can define firewall filters that apply to IP version 4 (IPv4), IP version 6 (IPv6), or Multiprotocol Label Switching (MPLS) traffic.  Filters with more than 1000 terms and counters have been implemented successfully.
  • 11.
    Firewall Filter Components FirewallFilter have following two components: 1. Match conditions—Values or fields that the packet must contain. You can define various match conditions, including the IP source address field, IP destination address field, Transmission Control Protocol (TCP) or User Datagram Protocol (UDP) source port field, IP protocol field, Internet Control Message Protocol (ICMP) packet type, IP options, TCP flags, incoming logical or physical interface, and outgoing logical or physical interface. 2. Action—Specifies what to do if a packet matches the match conditions. Possible actions are to accept, discard, or reject a packet, go to the next term, or take no action.  In addition, statistical information can be recorded for a packet: it can be counted, logged, or sampled.
  • 12.
    Supported Standards The JUNOSsoftware supports the following RFCs related to filtering: 1. RFC 792, Internet Control Message Protocol (ICMP) 2. RFC 2373, IP Version 6 Addressing Architecture 3. RFC 2460, Internet Protocol, Version 6 (IPv6) 4. RFC 2474, Definition of the Differentiated Services (DS) Field 5. RFC 2475, An Architecture for Differentiated Services 6. RFC 2597, Assured Forwarding PHB 7. RFC 2598, An Expedited Forwarding PHB
  • 13.