Overview of Stateful and Stateless Data Processing

Traffic that enters and exits a services gateway running JUNOS software is processed according to features you configure, such as packet filters, security policies, and screens. For example, the software can determine:

• Whether the packet is allowed into the device
• Which firewall screens to apply to the packet
• The route the packet takes to reach its destination
• Which class of service (CoS) to apply to the packet, if any
• Whether to apply Network Address Translation (NAT) to translate the packet’s IP address
• Whether the packet requires an Application Layer Gateway (ALG)

Packets that enter and exit a services gateway undergo both packet-based and flow-based processing.

• Flow-based packet processing treats related packets, or a stream of packets, in the same way. Packet treatment depends on characteristics that were established for the first packet of the packet stream, which is referred to as a flow.

  For the distributed processing architecture of the SRX-series services gateway, all flow-based processing occurs on the SPU.

• Packet-based, or stateless, packet processing treats packets discretely. Each packet is assessed individually for treatment.

  For the distributed processing architecture of the SRX-series services gateway, some packet-based processing, such as traffic shaping, occurs on the NPU. Some packet-based processing, such as application of classifiers to a packet, occurs on the SPU.