policy

traffic policy <txt>
AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE VM

Traffic policy rule set

Values:

  • txt – Traffic policy rule set name

Instances:

Multiple

traffic policy <txt> description <txt>
AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE VM
Values:

  • txt – Traffic policy rule set description

traffic policy <txt> rule <u32>
AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE VM

Rule number (1-9999)

Values:

  • u32 – Rule number (1-9999)

Instances:

Multiple

traffic policy <txt> rule <u32> action
AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE VM

Action to perform on a packet on rule match (‘accept’ by default)

Instances:

Unique

traffic policy <txt> rule <u32> action accept
AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE VM

Accept packet

traffic policy <txt> rule <u32> action continue
AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE VM

Continue rules processing

traffic policy <txt> rule <u32> action drop
AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE VM

Drop packet

traffic policy <txt> rule <u32> action enqueue <txt>
AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE VM

Enqueue packet

Reference:

traffic queue <txt>

traffic policy <txt> rule <u32> action proxy
AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE VM

Intercept incoming packet in a local socket

Instances:

Unique

traffic policy <txt> rule <u32> action proxy tcp <u32>
AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE VM

Intercept packet in a TCP socket

Values:

  • u32 – Local port on which local socket is bound to (1-65535)

traffic policy <txt> rule <u32> action proxy udp <u32>
AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE VM

Intercept packet in a UDP socket

Values:

  • u32 – Local port on which local socket is bound to (1-65535)

traffic policy <txt> rule <u32> action rate-limit <float>
AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE VM

Drop packet if bandwidth exceeds a limit

Values:

  • float – Rate in mbit per second (0.000001-30000)

Instances:

Multiple

traffic policy <txt> rule <u32> action rate-limit <float> burst <id>
AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE VM

Burst size

Values:

  • N[ms/mbit] – Burst in time (ms) or length (mbit)

traffic policy <txt> rule <u32> advisor <txt>
AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE VM

Advisor to enable or disable the policy rule

Reference:

system advisor <txt>

traffic policy <txt> rule <u32> copy
AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE VM

Copy packet metadata

Instances:

Unique

traffic policy <txt> rule <u32> copy connmark
AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE VM

Copy connection tracking mark

Instances:

Unique

traffic policy <txt> rule <u32> copy connmark extra-mark <int>
AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE VM

To packet extra mark

Values:

  • int – Extra mark index (1-2)

traffic policy <txt> rule <u32> copy connmark mark
AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE VM

To packet mark

traffic policy <txt> rule <u32> copy connmark tos
AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE VM

To IPv4 TOS byte

traffic policy <txt> rule <u32> copy extra-connmark <int>
AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE VM

Copy connection tracking extra mark

Values:

  • int – Extra mark index (1-2)

Instances:

Unique

traffic policy <txt> rule <u32> copy extra-connmark <int> extra-mark <int>
AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE VM

To packet extra mark

Values:

  • int – Extra mark index (1-2)

traffic policy <txt> rule <u32> copy extra-connmark <int> mark
AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE VM

To packet mark

traffic policy <txt> rule <u32> copy extra-connmark <int> tos
AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE VM

To IPv4 TOS byte

traffic policy <txt> rule <u32> copy extra-mark <int>
AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE VM

Copy packet extra mark

Values:

  • int – Extra mark index (1-2)

Instances:

Unique

traffic policy <txt> rule <u32> copy extra-mark <int> connmark
AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE VM

To connection tracking mark

traffic policy <txt> rule <u32> copy extra-mark <int> extra-connmark <int>
AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE VM

To connection tracking extra mark

Values:

  • int – Extra mark index (1-2)

traffic policy <txt> rule <u32> copy extra-mark <int> tos
AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE VM

To IPv4 TOS byte

traffic policy <txt> rule <u32> copy mark
AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE VM

Copy packet mark

traffic policy <txt> rule <u32> copy mark connmark
AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE VM

To connection tracking mark

traffic policy <txt> rule <u32> copy mark extra-connmark <int>
AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE VM

To connection tracking extra mark

Values:

  • int – Extra mark index (1-2)

traffic policy <txt> rule <u32> copy mark tos
AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE VM

To IPv4 TOS byte

traffic policy <txt> rule <u32> copy tos
AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE VM

Copy IPv4 TOS byte

Instances:

Unique

traffic policy <txt> rule <u32> copy tos connmark
AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE VM

To connection tracking mark

traffic policy <txt> rule <u32> copy tos extra-connmark <int>
AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE VM

To connection tracking extra mark

Values:

  • int – Extra mark index (1-2)

traffic policy <txt> rule <u32> copy tos extra-mark <int>
AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE VM

To packet extra mark

Values:

  • int – Extra mark index (1-2)

traffic policy <txt> rule <u32> copy tos mark
AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE VM

To packet mark

traffic policy <txt> rule <u32> description <txt>
AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE VM
Values:

  • txt – Rule description

traffic policy <txt> rule <u32> duplicate
AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE VM

Duplicate (mirror) packet to another destination

traffic policy <txt> rule <u32> duplicate device <ifc>
AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE VM

Mirror packet to local device

Values:

  • interface – Interface name to duplicate packets to (only for link-in link-out hooks)

traffic policy <txt> rule <u32> duplicate remote <ipv4|ipv6>
AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE VM

Mirror packet to remote IP address (supports IPv4 and IPv6)

Values:

  • ipv4 – Destination IPv4 for duplicated packets (only for not link hooks)

  • ipv6 – Destination IPv6 for duplicated packets (only for not link hooks)

Instances:

Multiple

traffic policy <txt> rule <u32> duplicate remote <ipv4|ipv6> local-interface <ifc>
AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE VM

Optional output interface for remote mirroring

Values:

  • interface – Interface name for duplicated packets

traffic policy <txt> rule <u32> duplicate remote <ipv4|ipv6> local-vrf <id>
AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE VM

Optional output VRF for remote mirroring

Values:

  • vrf – VRF name for duplicated packets

Reference:

system vrf <id>

traffic policy <txt> rule <u32> log
AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE VM

Log packets matching rule

traffic policy <txt> rule <u32> log app-id
AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE VM

Log packet app-id if any

traffic policy <txt> rule <u32> log level <txt>
AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE VM

Specific log-level to use

Values:

  • emerg – Emergency messages

  • alert – Urgent messages

  • crit – Critical messages

  • err – Error messages

  • warn – Warning messages

  • notice – Messages for further investigation

  • info – Informational messages

  • debug – Debug messages

traffic policy <txt> rule <u32> log prefix <txt>
AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE VM
Values:

  • txt – Log message prefix text, up to 92 characters

traffic policy <txt> rule <u32> selector <txt>
AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE VM

IP traffic selector

Reference:

traffic selector <txt>

traffic policy <txt> rule <u32> set
AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE VM

Packet modifications

traffic policy <txt> rule <u32> set app-id
AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE VM

Connection tracking app-id

Instances:

Unique

traffic policy <txt> rule <u32> set app-id custom <int>
AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE VM

Selector ID for Classification Engine ID 6 (custom)

Values:

  • int – Selector ID to set (0-16777215)

traffic policy <txt> rule <u32> set app-id engine <int>
AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE VM

Classification Engine ID

Values:

  • int – Engine ID to set (1-255)

Instances:

Multiple

Required:

traffic policy <txt> rule <u32> set app-id engine <int> selector <int>
AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE VM

Selector ID for Classification Engine ID

Values:

  • int – Selector ID to set (0-16777215)

traffic policy <txt> rule <u32> set app-id l3 <int>
AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE VM

Selector ID for Classification Engine ID L3

Values:

  • int – Selector ID to set (1-16777215)

traffic policy <txt> rule <u32> set app-id l4 <int>
AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE VM

Selector ID for Classification Engine ID L4

Values:

  • int – Selector ID to set (1-16777215)

traffic policy <txt> rule <u32> set class <u32>
AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE VM

Set traffic control class value (pre-classification)

Values:

  • u32 – Disable pre-classification (0)

  • u32 – Class identifier (1-4095)

traffic policy <txt> rule <u32> set connmark <int>
AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE VM

Set connmark using a specific value

Values:

  • int – Packet marking (0-2147483647)

traffic policy <txt> rule <u32> set conntag <txt>
AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE VM

Set a string tag

Values:

  • txt – Tag string (up to 255 characters)

traffic policy <txt> rule <u32> set cos <u32>
AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE VM

Set the Class of Service (COS) to use for the VLAN tag

This field must be set before inserting the VLAN tag (e.g., in a VIF interface)

Values:

  • u32 – COS number (0-7)

traffic policy <txt> rule <u32> set dscp <int>
AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE VM

Differentiated Services Code Point

Values:

  • int – DSCP (0-63)

traffic policy <txt> rule <u32> set ecn <int>
AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE VM

Explicit Congestion Notification

Values:

  • int – ECN (0-3)

traffic policy <txt> rule <u32> set extra-mark <int>
AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE VM

Packet extra marking

Values:

  • int – Extra mark index (1-2)

Instances:

Multiple

traffic policy <txt> rule <u32> set extra-mark <int> value <int>
AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE VM

Packet extra marking

Values:

  • int – Packet extra marking (0-2147483647)

traffic policy <txt> rule <u32> set hoplimit <int>
AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE VM

Hoplimit for IPv6 packets

Values:

  • int – Hoplimit (0-255)

traffic policy <txt> rule <u32> set ipv6-dscp <int>
AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE VM

Differentiated Services Code Point for IPv6 packets

Values:

  • int – DSCP (0-63)

traffic policy <txt> rule <u32> set ipv6-ecn <int>
AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE VM

Explicit Congestion Notification

Values:

  • int – ECN (0-3)

traffic policy <txt> rule <u32> set label <id>
AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE VM

Set a label into the packet

Reference:

traffic label <id>

Instances:

List of values

traffic policy <txt> rule <u32> set mark <int>
AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE VM

Packet marking

Values:

  • int – Packet marking (0-2147483647)

Instances:

Multiple

traffic policy <txt> rule <u32> set mark <int> connmark-cache
AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE VM

Enable connmark cache

traffic policy <txt> rule <u32> set tcp-mss <int>
AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE VM

Maximum segment size

Values:

  • int – “Segment size” (0-65535)

traffic policy <txt> rule <u32> set tos <int>
AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE VM

Type Of Service

Values:

  • int – TOS (0-255)

traffic policy <txt> rule <u32> set ttl <int>
AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE VM

Time to Live

Values:

  • int – TTL (0-255)

traffic policy <txt> rule <u32> set vrf <id>
AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE VM

Set mark using a VRF identifier

Reference:

system vrf <id>

Instances:

Multiple

traffic policy <txt> rule <u32> set vrf <id> connmark-cache
AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE VM

Enable connmark cache

traffic policy <txt> rule <u32> set vrf-connmark <id>
AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE VM

Set connmark using a VRF identifier

Reference:

system vrf <id>