The service-filter directs matching packets to a particular service-set.
So in a sense, service-filter is executed first because match happens on
ingress interface, and service-set execution happens inside AS|MS-PIC|DPC
when matching packets have entered the ingress interface+crossed the
forwarding plane.
HTH
Rgds
Alex
- Original Message -
From: "Vasanth R S"
To:
Sent: Friday, October 26, 2012 12:22 PM
Subject: [j-nsp] Juniper Services Question ?
If you have service-set and service-filter, which one will get serviced
first ?
set interfaces ge-1/0/0 unit 1 family inet service input service-set
ss-nat
service-filter nat-exclude-input
set interfaces ge-1/1/0 unit 2 family inet service input service-set
ss-nat
service-filter nat-exclude-input
set firewall family inet service-filter nat-exclude-input term rfc1918
from
destination-address 10.0.0.0/8
set firewall family inet service-filter nat-exclude-input term rfc1918
from
destination-address 172.16.0.0/12
set firewall family inet service-filter nat-exclude-input term rfc1918
from
destination-address 192.168.0.0/16
set firewall family inet service-filter nat-exclude-input term rfc1918
then
skip
set firewall family inet service-filter nat-exclude-input term public from
destination-prefix-list -public-nat-exclude
set firewall family inet service-filter nat-exclude-input term public then
skip
set firewall family inet service-filter nat-exclude-input term default
then
service
--
Regards,
Vasanth R S
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
