Once your firewall filters and policers are defined, you must apply them so they can take effect. Generally speaking, a filter is applied at the IFL level for a given family or at the IFL itself when using any family. In contrast, a policer can be applied to an IFL either directly or indirectly via a filter that calls the policer function. You can also apply a policer to the entire IFD in what is referred to as a physical interface policer.

This section details options for applying filters and policers on an MX router.

Filter Application Points

Firewall filters can be applied in a number of different locations along a packet’s processing path through the router; it’s critical to understand these options and their implications when you deploy a filter to ensure expected behavior.

The reader will recall that Chapter 1 provides a detailed description of packet flow through a Trio-based MX router. Figure 3-8 details filter and policer application points for a Trio-based MX router.

Figure 3-8. Trio PFE Filter Application Points.

Loopback Filters and RE Protection

The top of the figure shows how an lo0 filter is applied to filter traffic moving to or from the RE. An lo0 filter does not affect transit traffic directly. You typically apply an lo0 filter in the input direction to filter incoming remote access and routing protocol traffic that is received on the OOB ...