Understanding Aggressive Session Aging
The session table is a limited resource for SRX Series devices. If the session table is full, any new sessions will be rejected by the device.
The aggressive session-aging mechanism accelerates the session timeout process when the number of sessions in the session table exceeds the specified high-watermark threshold. This mechanism minimizes the likelihood that the SRX Series devices will reject new sessions when the session table becomes full.
Configure the following parameters to perform aggressive session aging:
high-watermark–The device performs aggressive session aging when the number of sessions in the session table exceeds the high-watermark threshold.
low-watermark–The device exits aggressive session aging and returns to normal when the number of sessions in the session table dips below the low-watermark threshold.
early-ageout –During aggressive session aging, the sessions with an age-out time lower than the early-ageout threshold are marked as invalid.
On SRX1400, SRX3400, SRX3600, SRX5600, and SRX5800 devices, the SPU checks the session table, locates the sessions for which the timeout value is lower than the early-ageout time value, and then marks them as invalid. (Platform support depends on the Junos OS release in your installation.)