SRX Services Gateway
Highlighted
SRX Services Gateway

SRX Traffic Flow

[ Edited ]
‎05-13-2011 01:42 AM

As i understand  , SRX check the routing table for the return traffic

It doesnot have the Netscreen option of : “ forward return traffic to the interface it previously came from “

When will SRX support that  ?

6 REPLIES 6
Highlighted
SRX Services Gateway

Re: SRX Traffic Flow

‎05-13-2011 05:01 AM

I think you are looking for Equal Cost Multipathing, just a flow-aware version of it, instead of per-packet. As to when that will be released, you'd have to get in touch with your Juniper SE. Roadmap information is typically under NDA.

Highlighted
SRX Services Gateway

Re: SRX Traffic Flow

‎05-13-2011 12:02 PM

Netscreen used to have this option of sending the return traffic back to the mac address where the flow originated from, without consulting the routing table. In the older versions, that even used to be the default behavior. Usually it just caused troubles (especially with hsrp involved) but there are edge cases where this functionality is interesting (especially for VPN traffic).

It doesn't exist in SRX yet and to be honest, this is the first time I see someone ask for it, so I don't expect it to be a high priority feature. But you'll have to talk to the SEs to see if its on the roadmap.

Highlighted
SRX Services Gateway

Re: SRX Traffic Flow

‎05-13-2011 07:22 PM

I met this issue too. Is there something  tentative solution to solve the problem?

Highlighted
SRX Services Gateway

Re: SRX Traffic Flow

‎05-14-2011 01:22 AM

Hi

 

I've also noticed that ScreenOS (at least version 5.4) does not need the route back, and SRX does need it.

 

But in some cases it is more tricky on SRX: when you forward traffic from one routing table to another (using e.g. "next table" option), the reverse route in the destination routing table is not needed. So the answer may also depend on your particular situation.

Best Regards,
PK

Juniper Ambassador, Juniper Networks Certified Instructor,
JNCIE-SEC #98, JNCIE-ENT #393, JNCIE-SP #2253
Twitter: @JuniperTrain
GitHub: https://github.com/pklimai
[Juniper Authorized Education & Support in Russia]
SRX Services Gateway

Re: SRX Traffic Flow

‎05-15-2011 07:40 PM

You can enable the "per packet" load balance in forwarding optin on SRX. Althought the name is "per packet", it is actually per session. You get the same result with "forward return traffic to the interface it previously came from" on NSM

Highlighted
SRX Services Gateway

Re: SRX Traffic Flow

[ Edited ]
‎05-30-2011 05:42 AM

Hi Gogogol,

 

Can you give me more detials about this options as i coldnot catch how it will achieve the result fo forward traffic to the interface it originally came from ?

Feedback