policy

traffic policy <txt>
AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE SDE-11k

Traffic policy rule set

Values:

  • txt – Traffic policy rule set name

Instances:

Multiple

traffic policy <txt> description <txt>
AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE SDE-11k
Values:

  • txt – Traffic policy rule set description

traffic policy <txt> rule <u32>
AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE SDE-11k

Rule number (1-9999)

Values:

  • u32 – Rule number (1-9999)

Instances:

Multiple

traffic policy <txt> rule <u32> action
AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE SDE-11k

Action to perform on a packet on rule match (‘accept’ by default)

Instances:

Unique

traffic policy <txt> rule <u32> action accept
AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE SDE-11k

Accept packet

traffic policy <txt> rule <u32> action continue
AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE SDE-11k

Continue rules processing

traffic policy <txt> rule <u32> action drop
AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE SDE-11k

Drop packet

traffic policy <txt> rule <u32> action enqueue <txt>
AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE SDE-11k

Enqueue packet

Reference:

traffic queue <txt>

traffic policy <txt> rule <u32> action proxy
AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE SDE-11k

Intercept incoming packet in a local socket

Instances:

Unique

traffic policy <txt> rule <u32> action proxy tcp <u32>
AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE SDE-11k

Intercept packet in a TCP socket

Values:

  • u32 – Local port on which local socket is bound to (1-65535)

traffic policy <txt> rule <u32> action proxy udp <u32>
AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE SDE-11k

Intercept packet in a UDP socket

Values:

  • u32 – Local port on which local socket is bound to (1-65535)

traffic policy <txt> rule <u32> action rate-limit <float>
AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE SDE-11k

Drop packet if bandwidth exceeds a limit

Values:

  • float – Rate in mbit per second (0.000001-30000)

Instances:

Multiple

traffic policy <txt> rule <u32> action rate-limit <float> burst <id>
AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE SDE-11k

Burst size

Values:

  • N[ms/mbit] – Burst in time (ms) or length (mbit)

traffic policy <txt> rule <u32> advisor <txt>
AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE SDE-11k

Advisor to enable or disable the policy rule

Reference:

system advisor <txt>

traffic policy <txt> rule <u32> copy
AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE SDE-11k

Copy packet metadata

Instances:

Unique

traffic policy <txt> rule <u32> copy connmark
AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE SDE-11k

Copy connection tracking mark

Instances:

Unique

traffic policy <txt> rule <u32> copy connmark extra-mark <int>
AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE SDE-11k

To packet extra mark

Values:

  • int – Extra mark index (1-2)

traffic policy <txt> rule <u32> copy connmark mark
AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE SDE-11k

To packet mark

traffic policy <txt> rule <u32> copy connmark tos
AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE SDE-11k

To IPv4 TOS byte

traffic policy <txt> rule <u32> copy extra-connmark <int>
AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE SDE-11k

Copy connection tracking extra mark

Values:

  • int – Extra mark index (1-2)

Instances:

Unique

traffic policy <txt> rule <u32> copy extra-connmark <int> extra-mark <int>
AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE SDE-11k

To packet extra mark

Values:

  • int – Extra mark index (1-2)

traffic policy <txt> rule <u32> copy extra-connmark <int> mark
AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE SDE-11k

To packet mark

traffic policy <txt> rule <u32> copy extra-connmark <int> tos
AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE SDE-11k

To IPv4 TOS byte

traffic policy <txt> rule <u32> copy extra-mark <int>
AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE SDE-11k

Copy packet extra mark

Values:

  • int – Extra mark index (1-2)

Instances:

Unique

traffic policy <txt> rule <u32> copy extra-mark <int> connmark
AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE SDE-11k

To connection tracking mark

traffic policy <txt> rule <u32> copy extra-mark <int> extra-connmark <int>
AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE SDE-11k

To connection tracking extra mark

Values:

  • int – Extra mark index (1-2)

traffic policy <txt> rule <u32> copy extra-mark <int> tos
AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE SDE-11k

To IPv4 TOS byte

traffic policy <txt> rule <u32> copy mark
AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE SDE-11k

Copy packet mark

traffic policy <txt> rule <u32> copy mark connmark
AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE SDE-11k

To connection tracking mark

traffic policy <txt> rule <u32> copy mark extra-connmark <int>
AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE SDE-11k

To connection tracking extra mark

Values:

  • int – Extra mark index (1-2)

traffic policy <txt> rule <u32> copy mark tos
AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE SDE-11k

To IPv4 TOS byte

traffic policy <txt> rule <u32> copy tos
AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE SDE-11k

Copy IPv4 TOS byte

Instances:

Unique

traffic policy <txt> rule <u32> copy tos connmark
AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE SDE-11k

To connection tracking mark

traffic policy <txt> rule <u32> copy tos extra-connmark <int>
AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE SDE-11k

To connection tracking extra mark

Values:

  • int – Extra mark index (1-2)

traffic policy <txt> rule <u32> copy tos extra-mark <int>
AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE SDE-11k

To packet extra mark

Values:

  • int – Extra mark index (1-2)

traffic policy <txt> rule <u32> copy tos mark
AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE SDE-11k

To packet mark

traffic policy <txt> rule <u32> description <txt>
AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE SDE-11k
Values:

  • txt – Rule description

traffic policy <txt> rule <u32> duplicate
AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE SDE-11k

Duplicate (mirror) packet to another destination

traffic policy <txt> rule <u32> duplicate device <ifc>
AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE SDE-11k

Mirror packet to local device

Values:

  • interface – Interface name to duplicate packets to (only for link-in link-out hooks)

traffic policy <txt> rule <u32> duplicate remote <ipv4|ipv6>
AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE SDE-11k

Mirror packet to remote IP address (supports IPv4 and IPv6)

Values:

  • ipv4 – Destination IPv4 for duplicated packets (only for not link hooks)

  • ipv6 – Destination IPv6 for duplicated packets (only for not link hooks)

Instances:

Multiple

traffic policy <txt> rule <u32> duplicate remote <ipv4|ipv6> local-interface <ifc>
AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE SDE-11k

Optional output interface for remote mirroring

Values:

  • interface – Interface name for duplicated packets

traffic policy <txt> rule <u32> duplicate remote <ipv4|ipv6> local-vrf <id>
AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE SDE-11k

Optional output VRF for remote mirroring

Values:

  • vrf – VRF name for duplicated packets

Reference:

system vrf <id>

traffic policy <txt> rule <u32> log
AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE SDE-11k

Log packets matching rule

traffic policy <txt> rule <u32> log app-id
AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE SDE-11k

Log packet app-id if any

traffic policy <txt> rule <u32> log level <txt>
AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE SDE-11k

Specific log-level to use

Values:

  • emerg – Emergency messages

  • alert – Urgent messages

  • crit – Critical messages

  • err – Error messages

  • warn – Warning messages

  • notice – Messages for further investigation

  • info – Informational messages

  • debug – Debug messages

traffic policy <txt> rule <u32> log prefix <txt>
AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE SDE-11k
Values:

  • txt – Log message prefix text, up to 92 characters

traffic policy <txt> rule <u32> selector <txt>
AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE SDE-11k

IP traffic selector

Reference:

traffic selector <txt>

traffic policy <txt> rule <u32> set
AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE SDE-11k

Packet modifications

traffic policy <txt> rule <u32> set app-id
AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE SDE-11k

Connection tracking app-id

Instances:

Unique

traffic policy <txt> rule <u32> set app-id custom <int>
AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE SDE-11k

Selector ID for Classification Engine ID 6 (custom)

Values:

  • int – Selector ID to set (0-16777215)

traffic policy <txt> rule <u32> set app-id engine <int>
AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE SDE-11k

Classification Engine ID

Values:

  • int – Engine ID to set (1-255)

Instances:

Multiple

Required:

traffic policy <txt> rule <u32> set app-id engine <int> selector <int>
AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE SDE-11k

Selector ID for Classification Engine ID

Values:

  • int – Selector ID to set (0-16777215)

traffic policy <txt> rule <u32> set app-id l3 <int>
AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE SDE-11k

Selector ID for Classification Engine ID L3

Values:

  • int – Selector ID to set (1-16777215)

traffic policy <txt> rule <u32> set app-id l4 <int>
AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE SDE-11k

Selector ID for Classification Engine ID L4

Values:

  • int – Selector ID to set (1-16777215)

traffic policy <txt> rule <u32> set class <u32>
AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE SDE-11k

Set traffic control class value (pre-classification)

Values:

  • u32 – Disable pre-classification (0)

  • u32 – Class identifier (1-4095)

traffic policy <txt> rule <u32> set connmark <int>
AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE SDE-11k

Set connmark using a specific value

Values:

  • int – Packet marking (0-2147483647)

traffic policy <txt> rule <u32> set conntag <txt>
AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE SDE-11k

Set a string tag

Values:

  • txt – Tag string (up to 255 characters)

traffic policy <txt> rule <u32> set cos <u32>
AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE SDE-11k

Set the Class of Service (COS) to use for the VLAN tag

This field must be set before inserting the VLAN tag (e.g., in a VIF interface)

Values:

  • u32 – COS number (0-7)

traffic policy <txt> rule <u32> set dscp <int>
AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE SDE-11k

Differentiated Services Code Point

Values:

  • int – DSCP (0-63)

traffic policy <txt> rule <u32> set ecn <int>
AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE SDE-11k

Explicit Congestion Notification

Values:

  • int – ECN (0-3)

traffic policy <txt> rule <u32> set extra-mark <int>
AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE SDE-11k

Packet extra marking

Values:

  • int – Extra mark index (1-2)

Instances:

Multiple

traffic policy <txt> rule <u32> set extra-mark <int> value <int>
AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE SDE-11k

Packet extra marking

Values:

  • int – Packet extra marking (0-2147483647)

traffic policy <txt> rule <u32> set hoplimit <int>
AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE SDE-11k

Hoplimit for IPv6 packets

Values:

  • int – Hoplimit (0-255)

traffic policy <txt> rule <u32> set ipv6-dscp <int>
AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE SDE-11k

Differentiated Services Code Point for IPv6 packets

Values:

  • int – DSCP (0-63)

traffic policy <txt> rule <u32> set ipv6-ecn <int>
AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE SDE-11k

Explicit Congestion Notification

Values:

  • int – ECN (0-3)

traffic policy <txt> rule <u32> set label <id>
AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE SDE-11k

Set a label into the packet

Reference:

traffic label <id>

Instances:

List of values

traffic policy <txt> rule <u32> set mark <int>
AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE SDE-11k

Packet marking

Values:

  • int – Packet marking (0-2147483647)

Instances:

Multiple

traffic policy <txt> rule <u32> set mark <int> connmark-cache
AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE SDE-11k

Enable connmark cache

traffic policy <txt> rule <u32> set tcp-mss <int>
AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE SDE-11k

Maximum segment size

Values:

  • int – “Segment size” (0-65535)

traffic policy <txt> rule <u32> set tos <int>
AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE SDE-11k

Type Of Service

Values:

  • int – TOS (0-255)

traffic policy <txt> rule <u32> set ttl <int>
AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE SDE-11k

Time to Live

Values:

  • int – TTL (0-255)

traffic policy <txt> rule <u32> set vrf <id>
AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE SDE-11k

Set mark using a VRF identifier

Reference:

system vrf <id>

Instances:

Multiple

traffic policy <txt> rule <u32> set vrf <id> connmark-cache
AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE SDE-11k

Enable connmark cache

traffic policy <txt> rule <u32> set vrf-connmark <id>
AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE SDE-11k

Set connmark using a VRF identifier

Reference:

system vrf <id>