Firewall filter match conditions for MPLS-tagged IPv4 traffic

This article provides information on how to match the IPv4 packet header address or port fields in MPLS flows.

To match an MPLS-tagged IPv4 packet on the source or destination address field in the IPv4 header, specify the match condition at the [edit firewall family mpls filter filter-name term term-name from ip-version ipv4] hierarchy level. But this will work only for T-series routers. This option is not supported on M/MX-series routers.

To match MPLS-tagged IPv4 packets on M/MX-series routers, perform the following procedure:

1. Create a firewall filter for the IPv4 family under the group.

2. Create a firewall filter for the MPLS family and call the defined group under this firewall filter. For example, matching ICMP packets that are passing through LSP.

There is a LSP between R1and R3:

 

About the author

Prasanna

Leave a Comment