policy

traffic policy <txt>
AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE

Traffic policy rule set

Values:

  • txt – Traffic policy rule set name

Instances:

Multiple

traffic policy <txt> description <txt>
AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE
Values:

  • txt – Traffic policy rule set description

traffic policy <txt> rule <u32>
AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE

Rule number (1-9999)

Values:

  • u32 – Rule number (1-9999)

Instances:

Multiple

traffic policy <txt> rule <u32> action
AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE

Action to perform on a packet on rule match (‘accept’ by default)

Instances:

Unique

traffic policy <txt> rule <u32> action accept
AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE

Accept packet

traffic policy <txt> rule <u32> action continue
AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE

Continue rules processing

traffic policy <txt> rule <u32> action drop
AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE

Drop packet

traffic policy <txt> rule <u32> action enqueue <txt>
AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE

Enqueue packet

Reference:

traffic queue <txt>

traffic policy <txt> rule <u32> action proxy
AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE

Intercept incoming packet in a local socket

Instances:

Unique

traffic policy <txt> rule <u32> action proxy tcp <u32>
AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE

Intercept packet in a TCP socket

Values:

  • u32 – Local port on which local socket is bound to (1-65535)

traffic policy <txt> rule <u32> action proxy udp <u32>
AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE

Intercept packet in a UDP socket

Values:

  • u32 – Local port on which local socket is bound to (1-65535)

traffic policy <txt> rule <u32> action rate-limit <float>
AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE

Drop packet if bandwidth exceeds a limit

Values:

  • float – Rate in mbit per second (0.000001-30000)

Instances:

Multiple

traffic policy <txt> rule <u32> action rate-limit <float> burst <id>
AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE

Burst size

Values:

  • N[ms/mbit] – Burst in time (ms) or length (mbit)

traffic policy <txt> rule <u32> advisor <txt>
AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE

Advisor to enable or disable the policy rule

Reference:

system advisor <txt>

traffic policy <txt> rule <u32> copy
AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE

Copy packet metadata

Instances:

Unique

traffic policy <txt> rule <u32> copy connmark
AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE

Copy connection tracking mark

Instances:

Unique

traffic policy <txt> rule <u32> copy connmark extra-mark <int>
AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE

To packet extra mark

Values:

  • int – Extra mark index (1-2)

traffic policy <txt> rule <u32> copy connmark mark
AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE

To packet mark

traffic policy <txt> rule <u32> copy connmark tos
AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE

To IPv4 TOS byte

traffic policy <txt> rule <u32> copy extra-connmark <int>
AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE

Copy connection tracking extra mark

Values:

  • int – Extra mark index (1-2)

Instances:

Unique

traffic policy <txt> rule <u32> copy extra-connmark <int> extra-mark <int>
AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE

To packet extra mark

Values:

  • int – Extra mark index (1-2)

traffic policy <txt> rule <u32> copy extra-connmark <int> mark
AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE

To packet mark

traffic policy <txt> rule <u32> copy extra-connmark <int> tos
AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE

To IPv4 TOS byte

traffic policy <txt> rule <u32> copy extra-mark <int>
AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE

Copy packet extra mark

Values:

  • int – Extra mark index (1-2)

Instances:

Unique

traffic policy <txt> rule <u32> copy extra-mark <int> connmark
AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE

To connection tracking mark

traffic policy <txt> rule <u32> copy extra-mark <int> extra-connmark <int>
AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE

To connection tracking extra mark

Values:

  • int – Extra mark index (1-2)

traffic policy <txt> rule <u32> copy extra-mark <int> tos
AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE

To IPv4 TOS byte

traffic policy <txt> rule <u32> copy mark
AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE

Copy packet mark

traffic policy <txt> rule <u32> copy mark connmark
AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE

To connection tracking mark

traffic policy <txt> rule <u32> copy mark extra-connmark <int>
AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE

To connection tracking extra mark

Values:

  • int – Extra mark index (1-2)

traffic policy <txt> rule <u32> copy mark tos
AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE

To IPv4 TOS byte

traffic policy <txt> rule <u32> copy tos
AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE

Copy IPv4 TOS byte

Instances:

Unique

traffic policy <txt> rule <u32> copy tos connmark
AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE

To connection tracking mark

traffic policy <txt> rule <u32> copy tos extra-connmark <int>
AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE

To connection tracking extra mark

Values:

  • int – Extra mark index (1-2)

traffic policy <txt> rule <u32> copy tos extra-mark <int>
AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE

To packet extra mark

Values:

  • int – Extra mark index (1-2)

traffic policy <txt> rule <u32> copy tos mark
AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE

To packet mark

traffic policy <txt> rule <u32> description <txt>
AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE
Values:

  • txt – Rule description

traffic policy <txt> rule <u32> log
AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE

Log packets matching rule

traffic policy <txt> rule <u32> log app-id
AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE

Log packet app-id if any

traffic policy <txt> rule <u32> log level <txt>
AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE

Specific log-level to use

Values:

  • emerg – Emergency messages

  • alert – Urgent messages

  • crit – Critical messages

  • err – Error messages

  • warn – Warning messages

  • notice – Messages for further investigation

  • info – Informational messages

  • debug – Debug messages

traffic policy <txt> rule <u32> log prefix <txt>
AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE
Values:

  • txt – Log message prefix text, up to 29 characters

traffic policy <txt> rule <u32> selector <txt>
AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE

IP traffic selector

Reference:

traffic selector <txt>

traffic policy <txt> rule <u32> set
AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE

Packet modifications

traffic policy <txt> rule <u32> set app-id
AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE

Connection tracking app-id

Instances:

Unique

traffic policy <txt> rule <u32> set app-id custom <int>
AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE

Selector ID for Classification Engine ID 6 (custom)

Values:

  • int – Selector ID to set (0-16777215)

traffic policy <txt> rule <u32> set app-id engine <int>
AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE

Classification Engine ID

Values:

  • int – Engine ID to set (1-255)

Instances:

Multiple

Required:

traffic policy <txt> rule <u32> set app-id engine <int> selector <int>
AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE

Selector ID for Classification Engine ID

Values:

  • int – Selector ID to set (0-16777215)

traffic policy <txt> rule <u32> set app-id l3 <int>
AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE

Selector ID for Classification Engine ID L3

Values:

  • int – Selector ID to set (1-16777215)

traffic policy <txt> rule <u32> set app-id l4 <int>
AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE

Selector ID for Classification Engine ID L4

Values:

  • int – Selector ID to set (1-16777215)

traffic policy <txt> rule <u32> set connmark <int>
AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE

Set connmark using a specific value

Values:

  • int – Packet marking (0-2147483647)

traffic policy <txt> rule <u32> set cos <u32>
AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE

Set the Class of Service (COS) to use for the VLAN tag

This field must be set before inserting the VLAN tag (e.g., in a VIF interface)

Values:

  • u32 – COS number (0-7)

traffic policy <txt> rule <u32> set dscp <int>
AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE

Differentiated Services Code Point

Values:

  • int – DSCP (0-63)

traffic policy <txt> rule <u32> set ecn <int>
AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE

Explicit Congestion Notification

Values:

  • int – ECN (0-3)

traffic policy <txt> rule <u32> set extra-mark <int>
AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE

Packet extra marking

Values:

  • int – Extra mark index (1-2)

Instances:

Multiple

traffic policy <txt> rule <u32> set extra-mark <int> value <int>
AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE

Packet extra marking

Values:

  • int – Packet extra marking (0-2147483647)

traffic policy <txt> rule <u32> set hoplimit <int>
AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE

Hoplimit for IPv6 packets

Values:

  • int – Hoplimit (0-255)

traffic policy <txt> rule <u32> set ipv6-dscp <int>
AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE

Differentiated Services Code Point for IPv6 packets

Values:

  • int – DSCP (0-63)

traffic policy <txt> rule <u32> set ipv6-ecn <int>
AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE

Explicit Congestion Notification

Values:

  • int – ECN (0-3)

traffic policy <txt> rule <u32> set label <id>
AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE

Set a label into the packet

Reference:

traffic label <id>

Instances:

List of values

traffic policy <txt> rule <u32> set mark <int>
AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE

Packet marking

Values:

  • int – Packet marking (0-2147483647)

Instances:

Multiple

traffic policy <txt> rule <u32> set mark <int> connmark-cache
AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE

Enable connmark cache

traffic policy <txt> rule <u32> set tcp-mss <int>
AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE

Maximum segment size

Values:

  • int – “Segment size” (0-65535)

traffic policy <txt> rule <u32> set tos <int>
AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE

Type Of Service

Values:

  • int – TOS (0-255)

traffic policy <txt> rule <u32> set ttl <int>
AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE

Time to Live

Values:

  • int – TTL (0-255)

traffic policy <txt> rule <u32> set vrf <id>
AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE

Set mark using a VRF identifier

Reference:

system vrf <id>

Instances:

Multiple

traffic policy <txt> rule <u32> set vrf <id> connmark-cache
AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE

Enable connmark cache

traffic policy <txt> rule <u32> set vrf-connmark <id>
AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE

Set connmark using a VRF identifier

Reference:

system vrf <id>