The JUNOS Internet software provides a policy framework, which is a collection of JUNOS policies that allows you to control flows of routing information and packets. The policy framework is composed of routing policy, which allows you to control the routing information or change between the routing protocols and the routing tables and between the routing tables and the forwarding table and firewall filter policy, which allows you to control packets transiting the router to a network destination and packets destined for and sent by the router. NOTE The term firewall filter policy is used here to emphasize that a firewall filter is a policy and shares some fundamental similarities with a routing policy. However, when referring to a firewall filter policy in the remainder of this book, the term firewall filter is used. The JUNOS policies affect the following router flows:
Figure 8.1 illustrates the flows of routing information and packets through the router. Although the flows are very different from each other, they are also interdependent. Routing policies determine which routes are placed in the forwarding table. The forwarding table in turn has an integral role in determining the appropriate physical interface through which to forward a packet. Figure 8.1. Flows of Routing Information and Packets
You can configure routing policies to control which routes the routing protocols place in the routing tables and to control which routes the routing protocols advertise from the routing tables (see Figure 8.2). The routing protocols advertise active routes only from the routing tables. (An active route is a route that is chosen from all routes in the routing table to reach a destination.) Figure 8.2. Routing Policies to Control Routing Information Flow
You can also use routing policies to change specific route characteristics, which allow you to control which route is selected as the active route to reach a destination, to effect changes to the default BGP route flap- damping values, to perform per-packet load balancing, and to enable class of service (CoS). Firewall filters provide a means of protecting your router from excessive traffic transiting the router to a network destination or destined for the Routing Engine. Firewall filters that control local packets can also protect your router from external aggressions such as denial-of-service (DoS) attacks. You can configure firewall filters to control which data packets are accepted on and transmitted from the physical interfaces and which local packets are transmitted from the physical interfaces to the Routing Engine (see Figure 8.3). Figure 8.3. Firewall Filters to Control Packet Flow
|