For example, I will configure unicast RPF (reverse-path forwarding) on Juniper MX204.
RPF allows you to reduce the impact of DOS-type attacks on IPv4 and IPv6 interfaces.
Let’s create a filter first:
edit firewall filter rpf-pass-dhcp-ixnfo
set term allow-dhcp from destination-port dhcp
set term allow-dhcp from destination-address 255.255.255.255/32
set term allow-dhcp then count rpf-dhcp-traffic
set term allow-dhcp then accept
set term discard-all then discard
And now apply it to the desired dynamic profile:
edit dynamic-profiles
edit DHCP-IP-Demux interfaces demux0 unit "$junos-interface-unit" family inet
set mac-validate strict
set rpf-check fail-filter rpf-pass-dhcp-ixnfo
Unicast RPF has strict and loose modes, dynamic profile uses strict mode by default, an example of enabling free mode:
set rpf-check mode loose
Starting from version 19.1R1, you can view statistics on the dynamic logical interface:
run show interfaces statistics demux0 detail | match RPF
If the dynamic profile is already in use by users, then to apply changes to it, you can end the session (if this is not critical):
run show subscribers
run clear dhcp server binding all
commit
Or you can enable an option that will apply the new version of the dynamic profile to new users, and the old version will be used until the users reconnect:
set system dynamic-profile-options versioning
See also my article:
Juniper MX204 setup