How many bits/bytes of a packet can be matched in a firewall rule on Juniper MX-series?

embolist embolist at pm.me
Thu Jul 8 20:15:11 EDT 2021


I'm trying to figure out how many bits/bytes of a packet I can match on in a firewall rule for a Juniper MX router. A lot of the documentation talks about a 128-bit match criteria, but then I see some examples which seem to imply that I can do multi-term matching, chaining match criteria together.

Am I understanding this correctly? If so, how many 128-bit matching criteria can I chain together? Or am I totally misunderstanding?

I'm a Juniper n00b (as if you couldn't tell), and would really appreciate any pointers. The documentation just doesn't seem to contain any information on how much of a packet I can match.


More information about the juniper-nsp mailing list