policy

traffic policy <txt>
SDE M10-Smart M2 RS420 AresC640

Traffic policy rule set

Values:

  • txt – Traffic policy rule set name

Instances:

Multiple

traffic policy <txt> description <txt>
SDE M10-Smart M2 RS420 AresC640
Values:

  • txt – Traffic policy rule set description

traffic policy <txt> rule <u32>
SDE M10-Smart M2 RS420 AresC640

Rule number (1-9999)

Values:

  • u32 – Rule number (1-9999)

Instances:

Multiple

traffic policy <txt> rule <u32> action
SDE M10-Smart M2 RS420 AresC640

Action to perform on a packet on rule match (‘accept’ by default)

Instances:

Unique

traffic policy <txt> rule <u32> action accept
SDE M10-Smart M2 RS420 AresC640

Accept packet

traffic policy <txt> rule <u32> action continue
SDE M10-Smart M2 RS420 AresC640

Continue rules processing

traffic policy <txt> rule <u32> action drop
SDE M10-Smart M2 RS420 AresC640

Drop packet

traffic policy <txt> rule <u32> action enqueue <txt>
SDE M10-Smart M2 RS420 AresC640

Enqueue packet

Reference:

traffic queue <txt>

traffic policy <txt> rule <u32> action proxy
SDE M10-Smart M2 RS420 AresC640

Intercept incoming packet in a local socket

Instances:

Unique

traffic policy <txt> rule <u32> action proxy tcp <u32>
SDE M10-Smart M2 RS420 AresC640

Intercept packet in a TCP socket

Values:

  • u32 – Local port on which local socket is bound to (1-65535)

traffic policy <txt> rule <u32> action proxy udp <u32>
SDE M10-Smart M2 RS420 AresC640

Intercept packet in a UDP socket

Values:

  • u32 – Local port on which local socket is bound to (1-65535)

traffic policy <txt> rule <u32> action rate-limit <float>
SDE M10-Smart M2 RS420 AresC640

Drop packet if bandwidth exceeds a limit

Values:

  • float – Rate in mbit per second (0.000001-30000)

Instances:

Multiple

traffic policy <txt> rule <u32> action rate-limit <float> burst <id>
SDE M10-Smart M2 RS420 AresC640

Burst size

Values:

  • N[ms/mbit] – Burst in time (ms) or length (mbit)

traffic policy <txt> rule <u32> copy
SDE M10-Smart M2 RS420 AresC640

Copy packet metadata

Instances:

Unique

traffic policy <txt> rule <u32> copy connmark
SDE M10-Smart M2 RS420 AresC640

Copy connection tracking mark

Instances:

Unique

traffic policy <txt> rule <u32> copy connmark extra-mark <int>
SDE M10-Smart M2 RS420 AresC640

To packet extra mark

Values:

  • int – Extra mark index (1-2)

traffic policy <txt> rule <u32> copy connmark mark
SDE M10-Smart M2 RS420 AresC640

To packet mark

traffic policy <txt> rule <u32> copy connmark tos
SDE M10-Smart M2 RS420 AresC640

To IPv4 TOS byte

traffic policy <txt> rule <u32> copy extra-connmark <int>
SDE M10-Smart M2 RS420 AresC640

Copy connection tracking extra mark

Values:

  • int – Extra mark index (1-2)

Instances:

Unique

traffic policy <txt> rule <u32> copy extra-connmark <int> extra-mark <int>
SDE M10-Smart M2 RS420 AresC640

To packet extra mark

Values:

  • int – Extra mark index (1-2)

traffic policy <txt> rule <u32> copy extra-connmark <int> mark
SDE M10-Smart M2 RS420 AresC640

To packet mark

traffic policy <txt> rule <u32> copy extra-connmark <int> tos
SDE M10-Smart M2 RS420 AresC640

To IPv4 TOS byte

traffic policy <txt> rule <u32> copy extra-mark <int>
SDE M10-Smart M2 RS420 AresC640

Copy packet extra mark

Values:

  • int – Extra mark index (1-2)

Instances:

Unique

traffic policy <txt> rule <u32> copy extra-mark <int> connmark
SDE M10-Smart M2 RS420 AresC640

To connection tracking mark

traffic policy <txt> rule <u32> copy extra-mark <int> extra-connmark <int>
SDE M10-Smart M2 RS420 AresC640

To connection tracking extra mark

Values:

  • int – Extra mark index (1-2)

traffic policy <txt> rule <u32> copy extra-mark <int> tos
SDE M10-Smart M2 RS420 AresC640

To IPv4 TOS byte

traffic policy <txt> rule <u32> copy mark
SDE M10-Smart M2 RS420 AresC640

Copy packet mark

traffic policy <txt> rule <u32> copy mark connmark
SDE M10-Smart M2 RS420 AresC640

To connection tracking mark

traffic policy <txt> rule <u32> copy mark extra-connmark <int>
SDE M10-Smart M2 RS420 AresC640

To connection tracking extra mark

Values:

  • int – Extra mark index (1-2)

traffic policy <txt> rule <u32> copy mark tos
SDE M10-Smart M2 RS420 AresC640

To IPv4 TOS byte

traffic policy <txt> rule <u32> copy tos
SDE M10-Smart M2 RS420 AresC640

Copy IPv4 TOS byte

Instances:

Unique

traffic policy <txt> rule <u32> copy tos connmark
SDE M10-Smart M2 RS420 AresC640

To connection tracking mark

traffic policy <txt> rule <u32> copy tos extra-connmark <int>
SDE M10-Smart M2 RS420 AresC640

To connection tracking extra mark

Values:

  • int – Extra mark index (1-2)

traffic policy <txt> rule <u32> copy tos extra-mark <int>
SDE M10-Smart M2 RS420 AresC640

To packet extra mark

Values:

  • int – Extra mark index (1-2)

traffic policy <txt> rule <u32> copy tos mark
SDE M10-Smart M2 RS420 AresC640

To packet mark

traffic policy <txt> rule <u32> description <txt>
SDE M10-Smart M2 RS420 AresC640
Values:

  • txt – Rule description

traffic policy <txt> rule <u32> log
SDE M10-Smart M2 RS420 AresC640

Log packets matching rule

traffic policy <txt> rule <u32> log level <txt>
SDE M10-Smart M2 RS420 AresC640

Specific log-level to use

Values:

  • emerg – Emergency messages

  • alert – Urgent messages

  • crit – Critical messages

  • err – Error messages

  • warn – Warning messages

  • notice – Messages for further investigation

  • info – Informational messages

  • debug – Debug messages

traffic policy <txt> rule <u32> log prefix <txt>
SDE M10-Smart M2 RS420 AresC640
Values:

  • txt – Log message prefix text, up to 29 characters

traffic policy <txt> rule <u32> selector <txt>
SDE M10-Smart M2 RS420 AresC640

IP traffic selector

Reference:

traffic selector <txt>

traffic policy <txt> rule <u32> set
SDE M10-Smart M2 RS420 AresC640

Packet modifications

traffic policy <txt> rule <u32> set app-id
SDE M10-Smart M2 RS420 AresC640

Connection tracking app-id

Instances:

Unique

traffic policy <txt> rule <u32> set app-id custom <int>
SDE M10-Smart M2 RS420 AresC640

Selector ID for Classification Engine ID 6 (custom)

Values:

  • int – Selector ID to set (0-16777215)

traffic policy <txt> rule <u32> set app-id engine <int>
SDE M10-Smart M2 RS420 AresC640

Classification Engine ID

Values:

  • int – Engine ID to set (1-255)

Instances:

Multiple

Required:

traffic policy <txt> rule <u32> set app-id engine <int> selector <int>
SDE M10-Smart M2 RS420 AresC640

Selector ID for Classification Engine ID

Values:

  • int – Selector ID to set (0-16777215)

traffic policy <txt> rule <u32> set app-id l3 <int>
SDE M10-Smart M2 RS420 AresC640

Selector ID for Classification Engine ID L3

Values:

  • int – Selector ID to set (1-16777215)

traffic policy <txt> rule <u32> set app-id l4 <int>
SDE M10-Smart M2 RS420 AresC640

Selector ID for Classification Engine ID L4

Values:

  • int – Selector ID to set (1-16777215)

traffic policy <txt> rule <u32> set connmark <int>
SDE M10-Smart M2 RS420 AresC640

Set connmark using a specific value

Values:

  • int – Packet marking (0-2147483647)

traffic policy <txt> rule <u32> set dscp <int>
SDE M10-Smart M2 RS420 AresC640

Differentiated Services Code Point

Values:

  • int – DSCP (0-63)

traffic policy <txt> rule <u32> set ecn <int>
SDE M10-Smart M2 RS420 AresC640

Explicit Congestion Notification

Values:

  • int – ECN (0-3)

traffic policy <txt> rule <u32> set extra-mark <int>
SDE M10-Smart M2 RS420 AresC640

Packet extra marking

Values:

  • int – Extra mark index (1-2)

Instances:

Multiple

traffic policy <txt> rule <u32> set extra-mark <int> value <int>
SDE M10-Smart M2 RS420 AresC640

Packet extra marking

Values:

  • int – Packet extra marking (0-2147483647)

traffic policy <txt> rule <u32> set hoplimit <int>
SDE M10-Smart M2 RS420 AresC640

Hoplimit for IPv6 packets

Values:

  • int – Hoplimit (0-255)

traffic policy <txt> rule <u32> set ipv6-dscp <int>
SDE M10-Smart M2 RS420 AresC640

Differentiated Services Code Point for IPv6 packets

Values:

  • int – DSCP (0-63)

traffic policy <txt> rule <u32> set ipv6-ecn <int>
SDE M10-Smart M2 RS420 AresC640

Explicit Congestion Notification

Values:

  • int – ECN (0-3)

traffic policy <txt> rule <u32> set label <id>
SDE M10-Smart M2 RS420 AresC640

Set a label into the packet

Reference:

traffic label <id>

Instances:

List of values

traffic policy <txt> rule <u32> set mark <int>
SDE M10-Smart M2 RS420 AresC640

Packet marking

Values:

  • int – Packet marking (0-2147483647)

Instances:

Multiple

traffic policy <txt> rule <u32> set mark <int> connmark-cache
SDE M10-Smart M2 RS420 AresC640

Enable connmark cache

traffic policy <txt> rule <u32> set tcp-mss <int>
SDE M10-Smart M2 RS420 AresC640

Maximum segment size

Values:

  • int – “Segment size” (0-65535)

traffic policy <txt> rule <u32> set tos <int>
SDE M10-Smart M2 RS420 AresC640

Type Of Service

Values:

  • int – TOS (0-255)

traffic policy <txt> rule <u32> set ttl <int>
SDE M10-Smart M2 RS420 AresC640

Time to Live

Values:

  • int – TTL (0-255)

traffic policy <txt> rule <u32> set vrf <id>
SDE M10-Smart M2 RS420 AresC640

Set mark using a VRF identifier

Reference:

system vrf <id>

Instances:

Multiple

traffic policy <txt> rule <u32> set vrf <id> connmark-cache
SDE M10-Smart M2 RS420 AresC640

Enable connmark cache

traffic policy <txt> rule <u32> set vrf-connmark <id>
SDE M10-Smart M2 RS420 AresC640

Set connmark using a VRF identifier

Reference:

system vrf <id>