SRX

last person joined: 2 days ago 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.

  • 1.  SRX Packet flow - Session lookup

    Posted 08-20-2015 11:42

    Easy question here I think.

     

    When a packet arrives, for session lookup, it uses Source/Dest IP and Port, as well as the ingress interface.

    Is the ingress interface used to match other sessions tied to that interface?

    Or is the source interface used to match the zone it's attached to, then are all the sessions for that particular zone looked up?

     

    I'm trying to understand how it deals with asymmetric routing between interfaces in the same zone. Is there an exception for OSPF with ECMP?



  • 2.  RE: SRX Packet flow - Session lookup

     
    Posted 08-20-2015 17:44

    Hi,

     

    I suggest that you take a look at this link;

     

    https://kb.juniper.net/InfoCenter/index?page=content&id=KB16110&smlogin=true

     

    It has the packet processing diagram and walks through a flow debug step by step.

     

    If you have multiple interfaces that are in the same zone and you want to have ecmp there should be no problem.

     

    Tim



  • 3.  RE: SRX Packet flow - Session lookup

    Posted 08-23-2015 16:29

    It matches the zone.

     

    We've done ECMP OSPF routing across multiple interfaces & subnets which are all in the same zone, and the SRX does permit asymettric flows - but only between interfaces in the same zone.

     

     



  • 4.  RE: SRX Packet flow - Session lookup

    Posted 08-23-2015 20:12

    Thanks, I just wonder if it is an exception for ECMP or would two separate BGP interfaces in the same zone work the same way?



  • 5.  RE: SRX Packet flow - Session lookup

     
    Posted 08-23-2015 20:18

    Yep that would also work providing they are in the same zone.