Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

SRX1400, SRX3400, and SRX3600 Services Gateway Module Overview

 

The modules described in this guide let you upgrade and customize your SRX1400, SRX3400, or SRX3600 Services Gateway to suit the needs of your network. The following types of modules are available for the SRX1400, SRX3400, and SRX3600 Services Gateways:

  • I/O cards (IOCs) are common form-factor module (CFM) cards that provide additional physical network connections to the services gateway to supplement the Ethernet ports on the Switch Fabric Board (SFB). Their primary function is to deliver data packets arriving on the physical ports to the Network Processing Card (NPC) and to forward data packets out the physical ports after services processing.

  • Network Processing I/O Cards (NP-IOCs) are IOCs that have their own network processing units (NPUs), so that traffic traversing the IOC does not have to traverse the services gateway bus to a remote NPC. This feature makes them well-suited to low-latency applications.

  • Services Processing Cards (SPCs) are CFM cards that provide the processing power to run integrated services such as firewall, IPsec, and IDP. All traffic traversing the services gateway is passed to an SPC to have service processing applied to it. Traffic is intelligently distributed by NPCs to SPCs for service processing, including session setup based on policies, fast packet processing for packets that match a session, encryption and decryption, and IKE negotiation.

  • NPCs are CFM cards that receive inbound traffic from the IOCs and direct it to the appropriate SPC for processing. Once services processing is complete, the NPC receives outbound traffic from the SPC(s) and directs it back to the appropriate IOC. Additionally, the NPC buffers incoming traffic and queues outgoing traffic, and also performs advanced traffic management, including DoS/DDoS protective measures. For example, it can drop traffic to or from a particular IP address, protecting from ICMP, UDP, and TCP SYN flooding, and buffering bursty traffic to protect the SPC.

  • The Routing Engine is a PowerPC platform that runs the Junos operating system (Junos OS). Unlike other modules, the Routing Engine is not in the CFM form factor, and so has an assigned slot within the chassis (RE0). Software processes that run on the Routing Engine maintain the routing tables, manage the routing protocols used on the services gateway, control the services gateway interfaces, control some chassis components, and provide the interface for system management and user access to the services gateway.

  • The SRX Clustering Module (SCM) is a card that you can install in the services gateway to enable the dual control link feature for chassis cluster supported in Junos OS Release 10.2 and later. Unlike other modules, the SCM is not in the CFM form factor, and so has an assigned slot within the chassis (RE1).