Screen OS

last person joined: 8 months ago 

This is a legacy community with limited Juniper monitoring.

  • 1.  ScreenOS sessions

    Posted 07-12-2011 17:43

     

    Today I saw a valid session in my Netscreen when there was no return route for the server. In order to have one session I need two flows? Which implies the return traffic is working. When I look at the sessions everything appears to be working fine, but the server is unreachable due to no return route. Can someone explain this behavior? 

     

     

    -Damon

     

     



  • 2.  RE: ScreenOS sessions
    Best Answer

    Posted 07-13-2011 00:53

    Hi,

     

    This is in any case a single flow because the flow is bidirectional.

    If the reverse route lookup is performed while processing the response packets and how it is performed depends on "set flow reverse-route ...". The default setting is "set flow reverse-route clear-text prefer". This means (as explained in the CLI guide):

    clear text prefer

    Perform reverse route lookup during session

    creation. If a route is found, use that route. If no route is found,

    traffic arriving in the reverse direction is sent back using the cached

    MAC address. This is the default.

    You can also find a couple of KB articles using "set flow reverse-route " and "set arpalways-on-dest" as a search criteria.



  • 3.  RE: ScreenOS sessions

    Posted 07-13-2011 17:33

    Edouard,

     

    Thanks for your reply 🙂

     

    -damon