diff options
Diffstat (limited to 'docs/configuration/policy/examples.rst')
| -rw-r--r-- | docs/configuration/policy/examples.rst | 39 |
1 files changed, 34 insertions, 5 deletions
diff --git a/docs/configuration/policy/examples.rst b/docs/configuration/policy/examples.rst index e4c4b9da..7c7b9c46 100644 --- a/docs/configuration/policy/examples.rst +++ b/docs/configuration/policy/examples.rst @@ -8,10 +8,10 @@ BGP Example # Create policy set policy route-map setmet rule 2 action 'permit' - set policy route-map setmet rule 2 set as-path-prepend '2 2 2' + set policy route-map setmet rule 2 set as-path prepend '2 2 2' # Apply policy to BGP - set protocols bgp local-as 1 + set protocols bgp system-as 1 set protocols bgp neighbor 203.0.113.2 address-family ipv4-unicast route-map import 'setmet' set protocols bgp neighbor 203.0.113.2 address-family ipv4-unicast soft-reconfiguration 'inbound' @@ -83,7 +83,7 @@ interface, we use: .. code-block:: none - set interfaces ethernet eth1 policy route FILTER-WEB + set policy route FILTER-WEB interface eth1 ################ Multiple Uplinks @@ -129,8 +129,8 @@ Apply routing policy to **inbound** direction of out VLAN interfaces .. code-block:: none - set interfaces ethernet eth0 vif 10 policy route 'PBR' - set interfaces ethernet eth0 vif 11 policy route 'PBR' + set policy route 'PBR' interface eth0.10 + set policy route 'PBR' interface eth0.11 **OPTIONAL:** Exclude Inter-VLAN traffic (between VLAN10 and VLAN11) @@ -182,3 +182,32 @@ Add multiple source IP in one rule with same priority set policy local-route rule 101 source '203.0.113.253' set policy local-route rule 101 source '198.51.100.0/24' +########################### +Clamp MSS for a specific IP +########################### + +This example shows how to target an MSS clamp (in our example to 1360 bytes) +to a specific destination IP. + +.. code-block:: none + + set policy route IP-MSS-CLAMP rule 10 description 'Clamp TCP session MSS to 1360 for 198.51.100.30' + set policy route IP-MSS-CLAMP rule 10 destination address '198.51.100.30/32' + set policy route IP-MSS-CLAMP rule 10 protocol 'tcp' + set policy route IP-MSS-CLAMP rule 10 set tcp-mss '1360' + set policy route IP-MSS-CLAMP rule 10 tcp flags 'SYN' + +To apply this policy to the correct interface, configure it on the +interface the inbound local host will send through to reach our +destined target host (in our example eth1). + +.. code-block:: none + + set policy route IP-MSS-CLAMP interface eth1 + +You can view that the policy is being correctly (or incorrectly) utilised +with the following command: + +.. code-block:: none + + show policy route statistics |