jnx_firewall_service.proto

Service

Firewall

Filter configuration and operational service. Filter Service defines a set of simple RPCs to operate upon the various components, viz. - Filter. - Term. - Policer. - Filter Attachment/Bind Points. - Statistics. Each of RPCs are named by concatenating the corresponding Filter object and the operation to be performed. This give a easy to understand semantics to the RPCs.

Method Name Request Type Response Type Description
FilterAdd FilterAddRequest FilterAddResponse This RPC is used to add Filter onto a JUNOS device
FilterDelete FilterDeleteRequest FilterDeleteResponse This RPC is used to delete Filter on JUNOS device
FilterModify FilterModifyRequest FilterModifyResponse This RPC is to Modify one or more Term's in existing Filter.
FilterBindAdd FilterObjBindAddRequest FilterBindAddResponse This RPC used to Add binding of an Filter with given bind object and return the result.
FilterBindDelete FilterObjBindDeleteRequest FilterBindDeleteResponse This RPC Deletes a binding of an Filter with mentioned bind object and return the result.
PolicerAdd PolicerAddRequest PolicerAddResponse This RPC Adds a policer and returns the result.
PolicerModify PolicerModifyRequest PolicerModifyResponse This RPC Modifies the existing policer and returns the result.
PolicerDelete PolicerDeleteRequest PolicerDeleteResponse This RPC deletes the existing policer and returns the result.
FilterCounterGet FilterCounterGetRequest FilterCounterGetResponse This RPC is used to get the counter value of specified Filter counter
PolicerCounterGet PolicerCounterGetRequest PolicerCounterGetResponse This RPC is used to get the counter value of specified policer counter of given Filter
FilterCounterSet FilterCounterSetRequest FilterCounterSetResponse This RPC used to clear filter counter of given Filter.
PolicerCounterSet PolicerCounterSetRequest PolicerCounterSetResponse This RPC used to clear policer counter of given Filter.

RPC(s)

The following APIs are provided by this service:

FilterAdd

This RPC is used to add complete Filter with provided all terms and returns the response with appropriate status.

Input: FilterAddRequest

Output: FilterAddResponse

FilterDelete

This RPC is used to delete complete Filter. Term's are not required to be a part of Filter while deleting. Term's are not validated and untouched, Even if Term's are existing in Filter delete operation.

Input: FilterDeleteRequest

Output: FilterDeleteResponse

FilterModify

Changes an Filter based on the list of Filter Terms provided, and returns the result. It is advisable to use this API to for small incremental changes. For wholesale changes, it is recommended to use TERM_OPERATION_REPLACE for all the Term's required to replace with same Term names. For replacing all Terms with new set of Terms, use Term operation as TERM_OPERATION_DELETE for existing Terms and TERM_OPERATION_ADD for NEW Term entries and prepend to the existing Terms with in Filter.

Input: FilterModifyRequest

Output: FilterModifyResponse

FilterBindAdd

Binds Filter to the provided bind object if exists in the device and provides the result. Note that the device can also have native cli Filters configured. Then the order of exection of Filter will follow as mentioned here: In Ingress direction: input_interface-> Client Filter -> CLI Filter -> route_lookup In Egress direction: route_lookup -> CLI Filter -> Client Filter -> output_interface.

Input: FilterObjBindAddRequest

Output: FilterBindAddResponse

FilterBindDelete

Deletes a binding of an Filter with mentioned bind object and return the result.

Input: FilterObjBindDeleteRequest

Output: FilterBindDeleteResponse

PolicerAdd

This RPC Adds a policer and returns the result.

Input: PolicerAddRequest

Output: PolicerAddResponse

PolicerModify

This RPC Modifies the existing policer and returns the result.

Input: PolicerModifyRequest

Output: PolicerModifyResponse

PolicerDelete

This RPC deletes the existing policer and returns the result.

Input: PolicerDeleteRequest

Output: PolicerDeleteResponse

FilterCounterGet

This RPC is used to get the counter value of specified counter in given Filter. Also few points to note with this API. Currently only 1 counter get is supported. This call is going to be blocking for worst case of 10 seconds which is non configurable. The counter name is expected to be fully resolved.

Input: FilterCounterGetRequest

Output: FilterCounterGetResponse

PolicerCounterGet

This RPC is used to get the counter value of specified policer counter in given Filter. Also few points to note with this API. Currently only 1 counter get is supported. This call is going to be blocking for worst case of 10 seconds which is non configurable. The counter name is expected to be fully resolved. For eg. for term specific policer counter it is expected to be passed to full counter name as .

Input: PolicerCounterGetRequest

Output: PolicerCounterGetResponse

FilterCounterSet

Clears a particular counter or policer counter whose fully qualified name is provided along with associated Filter. Few points to note with this API. Currently only 1 counter get is supported. The counter name is expected to be fully resolved. For eg. for term specific policer counter it is expected to be passed to full counter name as .

Input: FilterCounterSetRequest

Output: FilterCounterSetResponse

PolicerCounterSet

Clears a particular policer counter whose fully qualified name is provided along with associated. Few points to note with this API. Currently only 1 counter get is supported. The counter name is expected to be fully resolved. For eg. for term specific policer counter it is expected to be passed to full counter name as .

Input: PolicerCounterSetRequest

Output: PolicerCounterSetResponse

Message(s)

This IDL defines the following message type(s)

FilterAddRequest

Filter Add message structure

Field Type Description
name string Filter name
type FilterTypes Filter type
family FilterFamilies Filter family
flag FilterFlags Filter flag
terms_list FilterTerm List of Destination addresses

FilterAddResponse

Return/Response values for Filter Add Request RPC.

Field Type Description
status RpcStatus RPC execution status information
sub_code StatusCode RPC execution internal status code

FilterDeleteRequest

Filter input structure used in FilterDelete rpc.

Field Type Description
name string Filter name
family FilterFamilies Filter family

FilterDeleteResponse

Return/Response values for Filter Delete Request RPC.

Field Type Description
status RpcStatus RPC execution status information
sub_code StatusCode RPC execution internal status code

FilterModifyRequest

Filter Modify message structure

Field Type Description
name string Filter name
type FilterTypes Filter type
family FilterFamilies Filter family
flag FilterFlags Filter flag
terms_list FilterTerm List of Filter Terms

FilterModifyResponse

Return/Response values for Filter Modify Request RPC.

Field Type Description
status RpcStatus RPC execution status information
sub_code StatusCode RPC execution internal status code

FilterObjBindAddRequest

Per forwarding element Filter binding. The order of filters execution as shown below In Input direction: input_interface-> Client Filter -> CLI Filter -> route_lookup In Output direction: route_lookup -> CLI Filter -> Client Filter -> output_interface.

Field Type Description
filter Filter Filter
obj_type FilterBindObjType Binding object type
bind_object FilterBindObjPoint Bind object name where the Filter is to be bound
bind_direction FilterBindDirection Bind direction
bind_family FilterFamilies Family on the bind object. Must match with the Filter family

FilterBindAddResponse

Return/Response values for Filter Bind Add Request RPC.

Field Type Description
status RpcStatus RPC execution status information
sub_code StatusCode RPC execution internal status code

FilterObjBindDeleteRequest

Filter unbind request per forwarding element

Field Type Description
filter Filter Filter
obj_type FilterBindObjType Binding object type
bind_object FilterBindObjPoint Bind object name where the Filter is to be bound
bind_direction FilterBindDirection Bind direction
bind_family FilterFamilies Family on the bind object. Must match with the Filter family

FilterBindDeleteResponse

Return/Response values for Filter Bind Delete Request RPC.

Field Type Description
status RpcStatus RPC execution status information
sub_code StatusCode RPC execution internal status code

PolicerAddRequest

Input message used in PolicerAdd RPC

Field Type Description
name string Policer name
type PolicerType Policer type
flag PolicerFlag Policer Flag
params PolicerParameter Policer Paremeter

PolicerAddResponse

Return/Response values for Policer Add Request RPC.

Field Type Description
status RpcStatus RPC execution status information
sub_code StatusCode RPC execution internal status code

PolicerModifyRequest

Input message used in PolicerModify RPC to update or change any policer parameters to the existing policer by policer name.

Field Type Description
name string Policer name
type PolicerType Policer type
flag PolicerFlag Policer Flag
params PolicerParameter Policer Paremeter

PolicerModifyResponse

Return/Response values for Policer Modify Request RPC.

Field Type Description
status RpcStatus RPC execution status information
sub_code StatusCode RPC execution internal status code

PolicerDeleteRequest

Input message used in PolicerDelete to delete existing policer matching with only policer name

Field Type Description
name string Policer name
type PolicerType Policer type
flag PolicerFlag Policer Flag

PolicerDeleteResponse

Return/Response values for Policer Delete Request RPC.

Field Type Description
status RpcStatus RPC execution status information
sub_code StatusCode RPC execution internal status code

FilterCounterGetRequest

Input request messages for Filter counter by name and counter name should be fully resolved.

Field Type Description
filter_name string only Filter name
counter_name string Counter name.

FilterCounterGetResponse

Return/Response values for Filter counter get Request RPC.

Field Type Description
status RpcStatus RPC execution status information
sub_code StatusCode RPC execution internal status code
counter_name string counter name
bytes uint64 byte count
packets uint64 packet count

PolicerCounterGetRequest

Input request messages for Filter policer counter by name and counter name should be fully resolved.

Field Type Description
filter_name string only Filter name
counter_name string Counter name.

PolicerCounterGetResponse

Return/Response values for Filter Policer counter get Request RPC.

Field Type Description
status RpcStatus RPC execution status information
sub_code StatusCode RPC execution internal status code
counter_name string counter name
bytes uint64 byte count
packets uint64 packet count

FilterCounterSetRequest

Input request messages for Filter, policer counter clear by counter name which should be fully resolved.

Field Type Description
filter_name string only Filter name
counter_name string Counter name.

FilterCounterSetResponse

Return/Response values for counter set Request RPC.

Field Type Description
status RpcStatus RPC execution status information
sub_code StatusCode RPC execution internal status code

PolicerCounterSetRequest

Input request messages for policer counter clear by counter name which should be fully resolved.

Field Type Description
filter_name string only filter name
counter_name string Counter name.

PolicerCounterSetResponse

Return/Response values for policer counter set Request RPC.

Field Type Description
status RpcStatus RPC execution status information
sub_code StatusCode RPC execution internal status code

FilterTermMatchEthernetSwitching

An Filter list of Matches for Ehthernet switching Family Filter

Field Type Description
dst_macs MatchMacAddress List of Destination mac addresses
src_macs MatchMacAddress List of Source mac addresses
dst_ports MatchPort List of Destination ports
src_ports MatchPort List of Source ports
dscp_codes MatchDscpCode List of Dscp code points
protocols MatchProtocol List of Protocols
icmp_types MatchIcmpType List of Icmp types
icmp_codes MatchIcmpCode List of Icmp codes
interface_units MatchInterfaceUnit Interface unit (e.g. ge-0/0/1.0 or unit's index)
ether_types MatchEtherType List of Ether type
learn_vlan_ids MatchLearnVlanId List of Learn vlan id
learn_vlan_priorities MatchLearnVlanPriority List of learn vlan priority

ActionPolicer

Filter action Policer referred with policer name and policer type. Other parameters is unseen or ignored. Also ignored even if available policer parameters provided as part of action mismatching with respect to Policer template.

Field Type Description
policer Policer The policer

MatchFlexibleMask

A flexible match with mask can be defined by providing start offset/position using reference of L3/L4 or payload and byte and bit positing from the start offset. The prefix in string format can be matched with the mask value provided. Mask value will be dependent on bit length of field of MatchFlexibleMask

Field Type Description
start_offset FilterTermMatchFlexStartOffest Flex match start offset
bit_length uint32 Flex match bit length
bit_offset uint32 Flex match bit offset
byte_offset uint32 Flex match byte offset
mask uint32 Flex match mask of 32 bit
prefix_string string 32 Bit, Flex prefix match encoded hex value as a string

FilterTermMplsTerminatingAction

Mpls family terminating actions supported

Field Type Description
accept bool Accept the matching packets
discard bool Discard the matching packets

ActionNextInterface

Filter action next interface, Interface unit Index or name in filter action. eg. ge-0/0/1.0 or unit's index

Field Type Description
routing_instance_name string user configured routing-instance name, eg. __private2_.inet.0
unit ActionInterfaceUnit interface unit index or name

ActionCounter

Filter Action Counter

Field Type Description
counter_name string Counter name (upto 64 characters)

FilterTerm

An Filter Term which holds any one of family specific Term as part of Filter.

Field Type Description
inet_term FilterInetTerm For Inet family
es_term FilterEsTerm For Ethernet Switching family
inet6_term FilterInet6Term For Inet6 family
vpls_term FilterVplsTerm For vpls family
ccc_term FilterCccTerm For ccc family
mservice_term FilterMultiServiceTerm For multiservices family
mpls_term FilterMplsTerm For mpls family

FilterInet6Term

An Inet6 Filter Term

Field Type Description
term_name string FilterTerm name
term_op FilterTermOperation FilterTerm operation
adjacency FilterAdjacency Adjacency
matches FilterTermMatchInet6 Matches
actions FilterTermInet6Action Actions

FilterTermInetNonTerminatingAction

Inet family Inet non-terminating actions supported

Field Type Description
count ActionCounter Count the matching packets
log bool Log the matching packets
syslog bool Syslog the matching packets
policer ActionPolicer Policer action. Ensure that policer exists before it being used.
sample bool Sample
next_term bool Next Term

MatchEtherType

Match on ether type. If min == max then match on exact value, always min should be less than or equal max.

Field Type Description
min uint32 Minimum Ether type, user can even use hex values for this field
max uint32 Maximum Ether type, user can even use hex values for this field
operation MatchOperation Match op

FilterAdjacency

Field Type Description
type FilterAdjacencyType Type of adjacency placement
term_name string The previous or the next AC

MatchDscpCode

Filter match Dscp Code, If min == max then match on exact value always min should be less than or equal max.

Field Type Description
min uint32 Minimum Dscp code
max uint32 Maximum Dscp code
operation MatchOperation Match op

PolicerHierarchical

Heirarchical Policer parameters

Field Type Description
aggregate_rate uint64 Bandwidth rate in bits per second
aggregate_burst_size uint64 Burst size in bits per second
premium_rate uint64 Bandwidth rate in bits per second
premium_burst_size uint64 Burst size in bits per second
discard bool Discard action

MatchIcmpType

Filter match Icmp Type, If min == max then match on exact value always min should be less than or equal max.

Field Type Description
min uint32 Minimum Icmp type
max uint32 Maximum Icmp type
operation MatchOperation Match op

ActionSetIpDscp

Filter action Set IP DSCP

Field Type Description
dscp uint32 DSCP for IP and IPv6

MatchFlexibleRange

A flexible match with range of values can be defined by providing start offset/position using reference of L3/L4 or payload and byte and bit positing from the start offset. The range of values can be defined using bit length field of MatchFlexibleRange

Field Type Description
start_offset FilterTermMatchFlexStartOffest Flex match start offset
bit_length uint32 Flex match bit length
bit_offset uint32 Flex match bit offset
byte_offset uint32 Flex match byte offset
range MatchFlexOffset Flex match range value

PolicerTwoRateThreeColor

Policer parameter for two rate three color policer

Field Type Description
committed_rate uint64 Bandwidth rate in bits per second
committed_burst_size uint64 Burst size in bits per second
excess_rate uint64 Bandwidth rate in bits per second
excess_burst_size uint64 Burst size in bits per second
discard bool Discard action
color_mode PolicerColorModeType Color mode

MatchPort

Filter match Port, If min == max then match on exact value always min should be less than or equal max.

Field Type Description
min uint32 Minimum port value
max uint32 Maximum port value
operation MatchOperation Match op

MatchMacAddress

Filter Match Mac address

Field Type Description
addr MacAddress Mac address
addr_length uint32 Mac address length
operation MatchOperation Match op

FilterTermCccNonTerminatingAction

CCC family non-terminating actions supported

Field Type Description
count ActionCounter Count the matching packets
log bool Log the matching packets
syslog bool Syslog the matching packets
policer ActionPolicer Policer action. Ensure that policer exists before it being used.
sample bool Sample
copy_to_host ActionCopyToHost Copy of matching packets to host

FilterTermMplsAction

An Filter list of Actions supported by MPLS family Filter

Field Type Description
actions_nt FilterTermMplsNonTerminatingAction List of non-terminating actions.
action_t FilterTermMplsTerminatingAction One terminating action

MatchFlexOffset

Flex Offset range match define with min and max values. If min == max then match on exact value, always min should be less than or equal max. Flexible match min and max values range depends on bit length configured in MatchFlexibleRange

Field Type Description
min uint32 Depends on bit length of MatchFlexibleRange
max uint32 Depends on bit length of MatchFlexibleRange
operation MatchOperation Match op

MatchTrafficClass

Filter match Traffic Class, If min == max then match on exact value always min should be less than or equal max.

Field Type Description
min uint32 Minimum Traffic Class value
max uint32 Maximum Traffic Class value
operation MatchOperation Match op

MatchFlexibleOffsetRange

Flexible offset range match as described in message MatchFlexibleRange

Field Type Description
flex_range_match MatchFlexibleRange Reference to flexible range match

FilterMplsTerm

The MPLS Filter Term

Field Type Description
term_name string FilterTerm name
term_op FilterTermOperation FilterTerm operation
adjacency FilterAdjacency Adjacency
matches FilterTermMatchMpls Matches
actions FilterTermMplsAction Actions

FilterEsTerm

An Ethernet Switching Filter Term

Field Type Description
term_name string FilterTerm name
term_op FilterTermOperation FilterTerm operation
adjacency FilterAdjacency Adjacency
matches FilterTermMatchEthernetSwitching Matches
actions FilterTermEsAction Actions

MatchIpAddress

Filter match IP address

Field Type Description
addr IpAddress address
prefix_length uint32 Prefix length range for IPv4 (0:32) or IPv6 (0:128) addresses
operation MatchOperation Match op

FilterTermMatchInet6

An Filter list of Matches for Inet6 Family Filter

Field Type Description
ipv6_dst_addrs MatchIpAddress List of Destination addresses
ipv6_src_addrs MatchIpAddress List of Source addresses
dst_ports MatchPort List of Destination ports
src_ports MatchPort List of Source ports
dscp_codes MatchDscpCode List of Dscp code points
payload_protocols MatchProtocol List of Protocols
icmp_types MatchIcmpType List of Icmp types
icmp_codes MatchIcmpCode List of Icmp codes
packet_lengths MatchPacketLength List of Packet lengths
fragment_flag FilterFragmentFlags Fragment flag
interface_units MatchInterfaceUnit Interface unit (e.g. ge-0/0/1.0 or unit's index)
traffic_classes MatchTrafficClass List of traffic classes
ipv6_addrs MatchIpAddress List of Addresses
flex_range MatchFlexibleOffsetRange Flex Ranges
flex_mask MatchFlexibleOffsetMask Flex Masks
ipv6_next_headers MatchNextHeader List of Next Header match
loss_priorities MatchLossPriority List of Loss Priority
forwarding_class MatchForwardingClass List of Forwarding Class
ports MatchPort List of Ports

FilterTermInetAction

An Filter list of Actions supported by Inet family Filter

Field Type Description
actions_nt FilterTermInetNonTerminatingAction List of non-terminating actions.
action_t FilterTermInetTerminatingAction One terminating action

PolicerParameter

Policer Parameter

Field Type Description
two_color_parameter PolicerTwoColor Two color
single_rate_tricolor_parameter PolicerSingleRateThreeColor Three color
two_rate_tricolor_parameter PolicerTwoRateThreeColor Three color
hierarchical_parameter PolicerHierarchical Hierarchcical

FilterTermMultiServiceAction

An Filter list of Actions supported by Multiservices family Filter

Field Type Description
actions_nt FilterTermMultiServiceNonTerminatingAction List of non-terminating actions.
action_t FilterTermMultiServiceTerminatingAction One terminating action

FilterTermEsAction

An Filter list of Actions supported by ES family Filter

Field Type Description
actions_nt FilterTermEsNonTerminatingAction List of non-terminating actions.
action_t FilterTermEsTerminatingAction One terminating action

MatchForwardingClass

Filter match Forwarding Class

Field Type Description
forwarding_class FilterForwardingClass Loss Priority match
operation MatchOperation Match op

ActionLossPriority

Filter action Loss Priority

Field Type Description
priority FilterLossPriority Set loss priority

PolicerTwoColor

Policer parameter for two color policer

Field Type Description
bandwidth uint64 Bandwidth rate in bits per second
burst_size uint64 Burst size, in bits per second
loss_priority FilterLossPriority Loss priority
forwarding_class_name string Forwarding class, user configured forwarding class name
discard bool Discard action

MatchCfmOpcode

Filter match CFM Opcode, If min == max then match on exact value always min should be less than or equal max.

Field Type Description
min uint32 Minimum cfm opcode value
max uint32 Maximum cfm opcode Value
operation MatchOperation Match op

FilterTermVplsNonTerminatingAction

VPLS family non-terminating actions supported

Field Type Description
count ActionCounter Count the matching packets
log bool Log the matching packets
syslog bool Syslog the matching packets
policer ActionPolicer Policer action. Ensure that policer exists before it being used.
sample bool Sample
next_term bool Next Term
no_mac_learn bool No Mac Learn
copy_to_host ActionCopyToHost Copy of matching packets to host

MatchProtocol

Filter match protocol, If min == max then match on exact value always min should be less than or equal max.

Field Type Description
min uint32 Minimum Protocol value
max uint32 Maximum Protocol value
operation MatchOperation Match op

MatchLearnVlanId

Match on Learn Vlan id. If min == max then match on exact value, always min should be less than or equal max.

Field Type Description
min uint32 Minimum Learn vlan id
max uint32 Maximum Learn vLan id
operation MatchOperation Match op

FilterVplsTerm

The VPLS Filter Term

Field Type Description
term_name string FilterTerm name
term_op FilterTermOperation FilterTerm operation
adjacency FilterAdjacency Adjacency
matches FilterTermMatchVpls Matches
actions FilterTermVplsAction Actions

FilterTermMatchMpls

An Filter list of Matches for MPLS Family Filter

Field Type Description
labels1 MatchMplsLabel Label-1 match
labels2 MatchMplsLabel Label-2 match
labels3 MatchMplsLabel Label-3 match
flex_range MatchFlexibleOffsetRange Flex Ranges
flex_mask MatchFlexibleOffsetMask Flex Masks

FilterTermInet6Action

An Filter list of Actions supported by Inet6 family Filter

Field Type Description
actions_nt FilterTermInet6NonTerminatingAction List of non-terminating actions.
action_t FilterTermInet6TerminatingAction One terminating action

MatchLossPriority

Filter match Loss Priority

Field Type Description
priority FilterLossPriority Loss Priority match
operation MatchOperation Match op

FilterTermCccTerminatingAction

CCC family terminating actions supported

Field Type Description
accept bool Accept the matching packets
discard bool Discard the matching packets
send_to_client ActionSendToClient Direct matching packets to client
send_to_host bool Direct matching packets to host

FilterBindObjBridgeDomain

Filter Bind object BridgeDomain

Field Type Description
bridge_domain string Bind object bd name where the Filter is to be bound
route_table string Bind object Routing Instance name of bridge domain where the Filter is to be bound

FilterInetTerm

An Inet Filter Term

Field Type Description
term_name string FilterTerm name
term_op FilterTermOperation FilterTerm operation
adjacency FilterAdjacency Adjacency
matches FilterTermMatchInet Matches
actions FilterTermInetAction Actions

FilterTermMatchCcc

An Filter list of Matches for CCC Family Filter

Field Type Description
packet_lengths MatchPacketLength List of Packet lengths
interface_units MatchInterfaceUnit Interface unit (e.g. ge-0/0/1.0 or unit's index)
ether_types MatchEtherType List of Ether type match
src_macs MatchMacAddress List Source MAC match
dst_macs MatchMacAddress List Destination MAC match
cfm_opcodes MatchCfmOpcode List of CFM Opcode match
cfm_levels MatchCfmLevel List of CFM Level match
flex_range MatchFlexibleOffsetRange Flex Ranges
flex_mask MatchFlexibleOffsetMask Flex Masks

MatchFlexibleOffsetMask

Flexible offset Mask match as described in message MatchFlexibleMask

Field Type Description
flex_mask_match MatchFlexibleMask Reference to Flexible mask parameters

ActionNextIp

Filter Action Next IP

Field Type Description
routing_instance_name string user configured routing-instance name, eg. __private2_.inet.0
addr IpAddress address either ipv4 or ipv6
prefix_length uint32 Destination prefix length range for IPv4 (0:32) or IPv6 (0:128) addresses

FilterMultiServiceTerm

The MultiServices Filter Term

Field Type Description
term_name string FilterTerm name
term_op FilterTermOperation FilterTerm operation
adjacency FilterAdjacency Adjacency
matches FilterTermMatchMultiService Matches
actions FilterTermMultiServiceAction Actions

MatchNextHeader

Filter match Next Header, If min == max then match on exact value always min should be less than or equal max.

Field Type Description
min uint32 Minimum next header value
max uint32 Maximum next header Value
operation MatchOperation Match op

MatchL2Token

Filter Match L2 Token

Field Type Description
token uint32 L2 token value
operation MatchOperation Match op

ActionCopyToHost

Filter Action Copy to client

Field Type Description
client_name string Client name (upto 64 characters)

MatchMeshGroup

Filter match Mesh Group Id

Field Type Description
mesh_group_id uint32 Mesh Group Id
operation MatchOperation Match op

FilterBindObjPoint

List of bind points where the Filter is to be bound

Field Type Description
interface_name string Bind object, interface name where the Filter is to be bound
forwarding_table string Bind object, forwarding table name where the Filter is to be bound
vlan FilterBindObjVlan Bind object, vlan where the Filter is to be bound
bridge_domain FilterBindObjBridgeDomain bind object, bridge domain where the Filter is to be bound

FilterTermMatchMultiService

An Filter list of Matches for Multiservices Family Filter

Field Type Description
ipv4_dst_addrs MatchIpAddress List of Destination addresses (V4)
ipv4_src_addrs MatchIpAddress List of Source addresses (V4)
ipv4_addrs MatchIpAddress List of addresses (V4)
dst_ports MatchPort List of Destination ports
src_ports MatchPort List of Source ports
ip_protocols MatchProtocol List of Protocols
payload_protocols MatchProtocol List of Protocols
icmp_types MatchIcmpType List of Icmp types
icmp_codes MatchIcmpCode List of Icmp codes
interface_units MatchInterfaceUnit Interface unit (e.g. ge-0/0/1.0 or unit's index)
ipv6_next_headers MatchNextHeader List of Next Header match
ether_types MatchEtherType List of Ether type match
src_macs MatchMacAddress List Source MAC match
dst_macs MatchMacAddress List Destination MAC match
vlan_ether_types MatchEtherType List of Ether type match
stp_state FilterStpMatchFlags STP state match
mesh_group_ids MatchMeshGroup List of mesh group id match
l2_tokens MatchL2Token List of L2 token match
packet_lengths MatchPacketLength List of Packet lengths

Filter

Basic Filter structure to identify perticular Filter by name and family.

Field Type Description
name string Filter name
family FilterFamilies Filter family

FilterTermVplsTerminatingAction

Vpls family terminating actions supported

Field Type Description
accept bool Accept the matching packets
discard bool Discard the matching packets
send_to_client ActionSendToClient Direct matching packets to client
send_to_host bool Direct matching packets to host
nh ActionSetNexthop set nexthop idx

FilterTermMplsNonTerminatingAction

Mpls family non-terminating actions supported

Field Type Description
count ActionCounter Count the matching packets
policer ActionPolicer Policer action. Ensure that policer exists before it being used.

MatchTtl

Filter match TTL Opcode, If min == max then match on exact value always min should be less than or equal max.

Field Type Description
min uint32 Minimum Time to live
max uint32 Maximum Time to live
operation MatchOperation Match op

ActionSendToClient

Filter action Send to Client

Field Type Description
client_name string Client name (upto 64 characters)

FilterTermMatchInet

An Filter list of Matches supported by Inet family Filter

Field Type Description
ipv4_dst_addrs MatchIpAddress List of Destination addresses
ipv4_src_addrs MatchIpAddress List of Source addresses
dst_ports MatchPort List of Destination ports
src_ports MatchPort List of Source ports
dscp_codes MatchDscpCode List of Dscp code points
protocols MatchProtocol List of Protocols
icmp_types MatchIcmpType List of Icmp types
icmp_codes MatchIcmpCode List of Icmp codes
packet_lengths MatchPacketLength List of Packet lengths
ttls MatchTtl List of Ttl's
fragment_flag FilterFragmentFlags Fragment flag
frag_offsets MatchFragmentOffset List of fragment offset range
interface_units MatchInterfaceUnit Interface unit (e.g. ge-0/0/1.0 or unit's index)
ip_precedences MatchIpPrecedence List of ip precedence
ipv4_addrs MatchIpAddress List of Addresses
ports MatchPort List of Ports
flex_range MatchFlexibleOffsetRange Flex Ranges
flex_mask MatchFlexibleOffsetMask Flex Masks

Policer

Policer structure which is refered as action in Term

Field Type Description
name string Policer name
type PolicerType Policer type
flag PolicerFlag Policer Flag
params PolicerParameter Policer Paremeter

PolicerSingleRateThreeColor

Policer parameter for single rate three color policer

Field Type Description
committed_rate uint64 Bandwidth rate in bits per second
committed_burst_size uint64 Burst size in bits per second
excess_burst_size uint64 Burst size in bits per second
discard bool Discard action
color_mode PolicerColorModeType Color mode

FilterTermInetTerminatingAction

Inet family Inet terminating actions supported

Field Type Description
accept bool Accept the matching packets
discard bool Discard the matching packets
reject ActionIcmpRejectReason Reject the matching packets
routing_instance_name string user configured routing-instance name, eg. __private2_.inet.0

ActionTopologyRedirect

Filter action Topo Redirect

Field Type Description
routing_instance_name string user configured routing-instance name, eg. __private2_.inet.0
topology_name string Topology name

MatchIpPrecedence

Filter match Ip Precedence, If min == max then match on exact value always min should be less than or equal max.

Field Type Description
min FilterPrecedence Minimum precedence value
max FilterPrecedence Maximum precedence value
operation MatchOperation Match op

ActionSetNexthop

Filter action set nexthop

Field Type Description
index uint32 Set nexthop index of 32 bit value

FilterTermMatchVpls

An Filter list of Matches for Vpls Family Filter

Field Type Description
ipv4_dst_addrs MatchIpAddress List of Destination addresses (V4)
ipv4_src_addrs MatchIpAddress List of Source addresses (V4)
ipv6_dst_addrs MatchIpAddress List of Destination addresses (V6)
ipv6_src_addrs MatchIpAddress List of Source addresses (V6)
dst_ports MatchPort List of Destination ports
src_ports MatchPort List of Source ports
dscp_codes MatchDscpCode List of Dscp code points
ip_protocols MatchProtocol List of Protocols
payload_protocols MatchProtocol List of Protocols
icmp_types MatchIcmpType List of Icmp types
icmp_codes MatchIcmpCode List of Icmp codes
interface_units MatchInterfaceUnit Interface unit ( e.g. ge-0/0/1.0 or unit's index)
traffic_classes MatchTrafficClass List of traffic classes
ipv6_next_headers MatchNextHeader List of Next Header match
ether_types MatchEtherType List of Ether type match
src_macs MatchMacAddress List Source MAC match
dst_macs MatchMacAddress List Destination MAC match
vlan_ether_types MatchEtherType List of Ether type match
learn_vlan_ids MatchVlanId List of Vlan Id match
user_vlan_ids MatchVlanId List of Vlan Id match
learn_vlan_priorities MatchLearnVlanPriority List of Vlan Id match
stp_state FilterStpMatchFlags STP state match
mesh_group_ids MatchMeshGroup List of mesh group id match
cfm_opcodes MatchCfmOpcode List of CFM Opcode match
cfm_levels MatchCfmLevel List of CFM Level match
l2_tokens MatchL2Token List of L2 token match
ipv6_addrs MatchIpAddress List of Ipv6 addresses (V6)
flex_range MatchFlexibleOffsetRange Flex Ranges
flex_mask MatchFlexibleOffsetMask Flex Masks
packet_lengths MatchPacketLength List of Packet lengths

MatchVlanId

Filter match Vlan Id, If min == max then match on exact value always min should be less than or equal max.

Field Type Description
min uint32 Minimum Vlan id
max uint32 Maximum Vlan id
operation MatchOperation Match op

FilterTermCccAction

An Filter list of Actions supported by CCC family Filter

Field Type Description
actions_nt FilterTermCccNonTerminatingAction List of non-terminating actions.
action_t FilterTermCccTerminatingAction One terminating action

ActionPolicerInstance

Filter action Policer Instance is used to program new instance of existing policer with instance specific policer flags.

Field Type Description
policer Policer The policer
policer_instance string Policer Instance name

MatchIcmpCode

Filter match Icmp Code, If min == max then match on exact value always min should be less than or equal max.

Field Type Description
min uint32 Minimum Icmp code
max uint32 Maximum Icmp code
operation MatchOperation Match op

MatchMplsLabel

Filter match MPLS Label, If min == max then match on exact value always min should be less than or equal max.

Field Type Description
min uint32 Minimum Label value
max uint32 Maximum Label Value
operation MatchOperation Match op

MatchFragmentOffset

Filter match Fragment offset, If min == max then match on exact value always min should be less than or equal max.

Field Type Description
min uint32 Minimum Fragment offset
max uint32 Maximum Fragment offset
operation MatchOperation Match op

FilterCccTerm

The CCC Filter Term

Field Type Description
term_name string FilterTerm name
term_op FilterTermOperation FilterTerm operation
adjacency FilterAdjacency Adjacency
matches FilterTermMatchCcc Matches
actions FilterTermCccAction Actions

FilterTermEsTerminatingAction

Ethernet Switching family terminating actions supported

Field Type Description
accept bool Accept the matching packets
discard bool Discard the matching packets
nh ActionSetNexthop Next hop
send_to_host bool Send to host

FilterTermInet6NonTerminatingAction

Inet6 family non-terminating actions supported

Field Type Description
count ActionCounter Count the matching packets
log bool Log the matching packets
syslog bool Syslog the matching packets
policer ActionPolicer Policer action. Ensure that policer exists before it being used.
sample bool Sample
next_term bool Next Term
port_mirror bool port mirror action
loss_priority ActionLossPriority set loss priority to matched packets
forwarding_class ActionForwardingClass set Forwarding class to matched packets
forwarding_priority ActionForwardingPriority set Forwarding Priority to matched packets
next_interface ActionNextInterface set Next interface to matched packets
next_ip ActionNextIp set Next IPv4 to matched packets
ip_dscp ActionSetIpDscp set IP DSCP to matched packets
copy_to_host ActionCopyToHost Copy of matching packets to host
policer_inst ActionPolicerInstance Policer instance. Ensure that policer exists before it being used.

FilterTermVplsAction

An Filter list of Actions supported by Vpls family Filter

Field Type Description
actions_nt FilterTermVplsNonTerminatingAction List of non-terminating actions.
action_t FilterTermVplsTerminatingAction One terminating action

FilterBindObjVlan

Filter Bind object Vlan

Field Type Description
vlan_name string Bind object VLAN name where the Filter is to be bound
route_table string Bind object Routing Instance name of vlan where the Filter is to be bound

MatchInterfaceUnit

Filter match on interface unit Index or name e.g. ge-0/0/1.0 or unit's index

Field Type Description
unit_name string Interface unit Name
unit_index uint32 Interface unit index

FilterTermInet6TerminatingAction

Inet6 family terminating actions supported

Field Type Description
accept bool Accept the matching packets
discard bool Discard the matching packets
reject ActionIcmp6RejectReason Reject the matching packets
routing_instance_name string user configured routing-instance name, eg. __private2_.inet.0
topo_redirect ActionTopologyRedirect Direct matching packets to a routing instance
send_to_client ActionSendToClient client name
send_to_host bool Direct matching packets to host
nh ActionSetNexthop set nexthop idx

FilterTermMultiServiceNonTerminatingAction

Multiservices family non-terminating actions supported

Field Type Description
count ActionCounter Count the matching packets
log bool Log the matching packets
syslog bool Syslog the matching packets
policer ActionPolicer Policer Action. Ensure that policer exists before it being used.
sample bool Sample
next_term bool Next Term
copy_to_host ActionCopyToHost Copy of matching packets to host

ActionInterfaceUnit

Interface format, Interface unit Index or name in filter action. eg. ge-0/0/1.0 or unit's index

Field Type Description
unit_name string Interface Unit Name
unit_index uint32 Interface unit Index

ActionForwardingClass

Filter action Forwarding Class

Field Type Description
fc FilterForwardingClass set forwarding class id

FilterTermEsNonTerminatingAction

Ethernet Switching family non-terminating actions supported

Field Type Description
count ActionCounter Count the matching packets
log bool Log the matching packets
syslog bool Syslog the matching packets
policer ActionPolicer Policer action. Ensure that policer exists before it being used.
next_term bool Next Term
lp ActionLossPriority Loss priority

MatchLearnVlanPriority

Match on Learn Vlan priority. If min == max then match on exact value, always min should be less than or equal max.

Field Type Description
min uint32 Minimum Learn vlan priority
max uint32 Maximum Learn vLan priority
operation MatchOperation Match op

MatchCfmLevel

Filter match CFM Level

Field Type Description
cfm_level uint32 CFM level
operation MatchOperation Match op

FilterTermMultiServiceTerminatingAction

Multiservices family terminating actions supported

Field Type Description
accept bool Accept the matching packets
discard bool Discard the matching packets
send_to_client ActionSendToClient Direct matching packets to client
send_to_host bool Direct matching packets to host

MatchPacketLength

Filter match Packet Length, If min == max then match on exact value always min should be less than or equal max.

Field Type Description
min uint32 Minimum Packet length
max uint32 Maximum Packet length
operation MatchOperation Match op

ActionForwardingPriority

Filter action Forwarding Priority

Field Type Description
priority uint32 priority

Enum(s)

StatusCode

Filter Bind Add response internal status codes

Value Description
EOK Success
EINVALID_MESSAGE Wrong input
EINTERNAL Server Internal error
EUNSUPPORTED_OP Operation not supported
NO_RESOURCE Resource not available at server

StatusCode

Filter counter get response internal status codes

Value Description
EOK Success
EINVALID_MESSAGE Wrong input
EINTERNAL Server Internal error
EUNSUPPORTED_OP Operation not supported
NO_RESOURCE Resource not available at server
TIMEOUT Stats timeout

FilterTermOperation

Filter Term operation

Value Description
TERM_OPERATION_INVALID Invalid Term operation
TERM_OPERATION_ADD Can be used Add Term in Filter
TERM_OPERATION_DELETE Delete a existing term in given Filter.
TERM_OPERATION_REPLACE

PolicerType

Policer types which can be configured.

Value Description
POLICER_INVALID Invalid policer type
TWO_COLOR_POLICER Single rate two color
SINGLE_RATE_THREE_COLOR_POLICER Singel rate three color
TWO_RATE_THREE_COLOR_POLICER Two rate three color
HIERARCHICAL_POLICER Hierarchical

FilterFragmentFlags

Fragment Flags

Value Description
FRAGMENT_NONE None
DONT_FRAGMENT Dont fragment flag
IS_FRAGMENT Is fragment flag
FIRST_FRAGMENT First fragment flag
LAST_FRAGMENT More last fragment flag

FilterForwardingClass

Forwarding Class

Value Description
FORWARDING_CLASS_INVALID Invalid
FORWARDING_CLASS_ASSURED Assured
FORWARDING_CLASS_BEST_EFFORT Best Effort
FORWARDING_CLASS_EXPEDITED Expedited
FORWARDING_CLASS_NETWORK_CONTROL Network Control

FilterAdjacencyType

Adjacency Type which determines the Term order in an Filter

Value Description
TERM_AFTER Add next to the given term
TERM_BEFORE Add before the given term

StatusCode

Filter policer counter get response internal status codes

Value Description
EOK Success
EINVALID_MESSAGE Wrong input
EINTERNAL Server Internal error
EUNSUPPORTED_OP Operation not supported
NO_RESOURCE Resource not available at server
TIMEOUT Stats timeout

StatusCode

Policer Add response internal status codes

Value Description
EOK Success
EINVALID_MESSAGE Wrong input
EINTERNAL Server Internal error
EUNSUPPORTED_OP Operation not supported
NO_RESOURCE Resource not available at server

FilterBindObjType

Filter Bind object type

Value Description
BIND_OBJ_TYPE_INVALID Invalid
BIND_OBJ_TYPE_INTERFACE Interface
BIND_OBJ_TYPE_FWD_TABLE Forwarding table
BIND_OBJ_TYPE_VLAN Forwarding table
BIND_OBJ_TYPE_BRG_DOMAIN Bridge domain

PolicerColorModeType

Color mode for SRTCM and TRTCM

Value Description
COLOR_MODE_INVALID Invalid type
COLOR_MODE_COLOR_BLIND Color Blind
COLOR_MODE_COLOR_AWARE Color Aware

StatusCode

Filter Modify response internal status codes

Value Description
EOK Success
EINVALID_MESSAGE Wrong input
EINTERNAL Server Internal error
EUNSUPPORTED_OP Operation not supported
NO_RESOURCE Resource not available at server

PolicerFlag

Policer Flags to define scope of policer in Filter

Value Description
POLICER_FLAG_INVALID Invalid Flag
POLICER_FLAG_TERM_SPECIFIC The policer instance is activated for each Term its referenced.
POLICER_FLAG_FILTER_SPECIFIC The policer instance is activated at global Filter level.

FilterTypes

Filter types.

Value Description
TYPE_INVALID Invalid Filter type
TYPE_CLASSIC Classic Filter type

ActionIcmp6RejectReason

Various Icmp6 Reject Action Reasons.

Value Description
ICMP6_ADMINISTRATIVELY_PROHIBITED Send Administratively Prohibited message
ICMP6_NO_ROUTE_TO_DESTINATION Send No route to destination message
ICMP6_BEYOND_SCOPE Send Beyond scope message
ICMP6_ADDRESS_UNREACHABLE Send Address unreachable message
ICMP6_PORT_UNREACHABLE Send "Port unreachable" message
ICMP6_TTL_EQUAL_TO_ZERO_DURING_TRANSIT Send "TTL is Zero during transit" message
ICMP6_TTL_EQUAL_TO_ZERO_DURING_REASSEMBLY Send "TTL is Zero during reassembly" message
ICMP6_IP6_HEADER_BAD Send "Ip6 header bad" message
ICMP6_UNRECOGNIZED_OPTION Send "Unrecognized option" message
ICMP6_UNRECOGNIZED_NEXT_HEADER Send "Unrecognized Next Header" message
ICMP6_ROUTER_RENUMBERING_COMMAND Send "Router renumbering command" message
ICMP6_ROUTER_RENUMBERING_RESULT Send "Router renumbering result" message
ICMP6_SEQUENCE_NUMBER_RESET Send "Sequence number reset" message

FilterBindDirection

Direction, input or output in which an Filter is bound. Higher priority to the Filter bound as compared to cli configured filter if exists. The order of filters execution as shown below In Input direction: input_interface-> Client Filter -> CLI Filter -> route_lookup In Output direction: route_lookup -> CLI Filter -> Client Filter -> output_interface.

Value Description
BIND_DIRECTION_INVALID Invalid bind direction
BIND_DIRECTION_INPUT Bind on ingress before cli filter.
BIND_DIRECTION_OUTPUT Bind on egress after cli filters.

FilterPrecedence

Precedence

Value Description
PRECEDENCE_ROUTINE Routine precedence
PRECENCE_PRIORITY Priority precedence
PRECENCE_IMMEDIATE Immediate precedence
PRECENCE_FLASH Flash precedence
PRECENCE_FLASH_OVERRIDE Flash override precedence
PRECENCE_CRITICAL_ECP Critical ecp precedence
PRECENCE_INTERNET_CONTROL Internet control precedence
PRECENCE_NET_CONTROL Network control precedence

FilterFamilies

Filter Families.

Value Description
FAMILY_INVALID Invalid
FAMILY_INET IPv4 family
FAMILY_INET6 IPv6 family
FAMILY_ES Ethernet Switching family
FAMILY_VPLS VPLS family
FAMILY_MULTISERVICE MULTISERVICE family
FAMILY_CCC CCC family
FAMILY_MPLS MPLS family

FilterStpMatchFlags

STP match Flags

Value Description
STP_FLAG_INVALID Invalid
STP_FLAG_BLOCKING Blocking
STP_FLAG_FORWARDING Forwarding

FilterLossPriority

Loss Priority values

Value Description
LOSS_PRIORITY_INVALID Invalid
LOSS_PRIORITY_HIGH High
LOSS_PRIORITY_MEDIUM_HIGH Medium High
LOSS_PRIORITY_MEDIUM_LOW Medium low
LOSS_PRIORITY_LOW low

StatusCode

Filter Delete response internal status codes

Value Description
EOK Success
EINVALID_MESSAGE Wrong input
EINTERNAL Server Internal error
EUNSUPPORTED_OP Operation not supported
NO_RESOURCE Resource not available at server

StatusCode

Filter Bind delete response internal status codes

Value Description
EOK Success
EINVALID_MESSAGE Wrong input
EINTERNAL Server Internal error
EUNSUPPORTED_OP Operation not supported
NO_RESOURCE Resource not available at server

MatchOperation

Supported Match Operations

Value Description
OP_INVALID Invalid Filter Match operation
OP_EQUAL Match operation equal
OP_NOT_EQUAL Match operation not equal

StatusCode

Policer Delete response internal status codes

Value Description
EOK Success
EINVALID_MESSAGE Wrong input
EINTERNAL Server Internal error
EUNSUPPORTED_OP Operation not supported
NO_RESOURCE Resource not available at server

StatusCode

Policer counter set response internal status codes

Value Description
EOK Success
EINVALID_MESSAGE Wrong input
EINTERNAL Server Internal error
EUNSUPPORTED_OP Operation not supported
NO_RESOURCE Resource not available at server

StatusCode

Filter Add response internal status codes

Value Description
EOK Success
EINVALID_MESSAGE Wrong input
EINTERNAL Server Internal error
EUNSUPPORTED_OP Operation not supported
NO_RESOURCE Resource not available at server

FilterTermMatchFlexStartOffest

Start offet used in match MatchFlexibleRange

Value Description
FLEX_OFFSET_INVALID Invalid Flex match start offset
FLEX_OFFSET_LAYER_THREE Layer-3 Flex match start offset
FLEX_OFFSET_LAYER_FOUR Layer-4 Flex match start offset
FLEX_OFFSET_PAYLOAD Payload Flex match start offset

ActionIcmpRejectReason

Various Icmp Reject Action Reasons.

Value Description
ICMP_ADMINISTRATIVELY_PROHIBITED Send ICMP Administratively Prohibited message
ICMP_BAD_HOST_TOS Send ICMP Bad Host ToS message
ICMP_BAD_NETWORK_TOS Send ICMP Bad Network ToS message
ICMP_FRAGMENTATION_NEEDED Send ICMP Fragmentation Needed message
ICMP_HOST_PROHIBITED Send ICMP Host Prohibited message
ICMP_HOST_UNKNOWN Send ICMP Host Unknown message
ICMP_HOST_UNREACHABLE Send ICMP Host Unreachable message
ICMP_NETWORK_PROHIBITED Send ICMP Network Prohibited message
ICMP_NETWORK_UNKNOWN Send ICMP Network Unknown message
ICMP_NETWORK_UNREACHABLE Send ICMP Network Unreachable message
ICMP_PORT_UNREACHABLE Send ICMP Port Unreachable message
ICMP_PRECEDENCE_CUTOFF Send ICMP Precedence Cutoff message
ICMP_PRECEDENCE_VIOLATION Send ICMP Precedence Violation message
ICMP_PROTOCOL_UNREACHABLE Send ICMP Protocol Unreachable message
ICMP_SOURCE_HOST_ISOLATED Send ICMP Source Host Isolated message
ICMP_SOURCE_ROUTE_FAILED Send ICMP Source Route Failed message
ICMP_TCP_RESET Send TCP Reset message

StatusCode

Policer Modify response internal status codes

Value Description
EOK Success
EINVALID_MESSAGE Wrong input
EINTERNAL Server Internal error
EUNSUPPORTED_OP Operation not supported
NO_RESOURCE Resource not available at server

FilterFlags

Any filter property flag to be enabled at the Filter level.

Value Description
FLAGS_NONE None

StatusCode

Filter counter set response internal status codes

Value Description
EOK Success
EINVALID_MESSAGE Wrong input
EINTERNAL Server Internal error
EUNSUPPORTED_OP Operation not supported
NO_RESOURCE Resource not available at server