This section describes the new features and enhancements to existing features in Junos OS Release 19.3 for vSRX and vSRX 3.0.
For more information see Overview of the available virtual SRX models, vSRX and vSRX 3.0.
What’s New in Junos OS Release 19.3R3 for vSRX
There are no new features or enhancements to existing features for vSRX in Junos OS Release 19.3R3.
What’s New in Junos OS Release 19.3R2 for vSRX
There are no new features or enhancements to existing features for vSRX in Junos OS Release 19.3R2.
What’s New in Junos OS Release 19.3R1 for vSRX
Class of Service (CoS)
Improved CoS performance with different interface speeds (vSRX and vSRX 3.0)—Starting in Junos OS Release 19.3R1, class of service (CoS) features can be configured on the physical interface with speed rates of 1-Gbps, 10-Gbps, 40-Gbps, and 100-Gbps.
You can now configure CoS features on the physical interfaces with the new speed rates.
Previously, the interface speed was always set as 1- Gbps, irrespective of the physical interface actual speed. As a result, you could enable CoS to provide 1-Gigabit Ethernet bandwidth even though the interface can support different speed rates.
Use the show interfaces terse command to check the supported interface speeds and use the show interfaces <interface-name> command to check the speed of the configured interface.
Performance and Scaling
Contrail 5.X integration and VMware ESXi 6.7 support (vSRX 3.0)—Starting in Junos OS Release 19.3R1, you can deploy vSRX 3.0 instances using VMware ESXi hypervisor 6.7 version and Contrail 5.X versions. Adding this support improves the vSRX 3.0 vNIC supportability for the use cases with different vNIC requirements on public cloud and vCPE deployments.
Improved Performance of GTP Traffic with TEID-based hash distribution and SWRSS support (vSRX 3.0)—Starting in Junos OS Release 19.3R1, GTP traffic performance is improved with tunnel endpoint identifier (TEID) based hash distribution and the software receive side scaling (SWRSS) feature.
If you use TEID-based hash distribution for creating GTP-U sessions, then you can enable vSRX instances to process asymmetric fat tunnels.
With asymmetric fat tunnels, you can split a fat GTP session into multiple slim GTP sessions and distribute them to different cores. This helps to increase the bandwidth for fat GTP tunnel on the vSRX instances.
If PMI mode is enabled, then PMI performance is improved with this enhancement.
This feature is enabled when SWRSS is enabled and when you configure the set security forwarding-process application-services enable-gtpu-distribution command.
Software receive side scaling support (vSRX 3.0)—Starting in Junos OS Release 19.3R1, vSRX and vSRX 3.0 instances support the software receive side scaling (SWRSS) feature.
SWRSS is a technique in the networking stack to increase parallelism and improve performance for multiprocessor systems.
The SWRSS feature supports multicore CPU scaling functionality for NICs in vSRX 3.0 architecture by implementing a software-based packet distribution and packet transmission mechanism to various flow cores. Similar to hardware RSS, network throughput improvements with SWRSS have a linear correlation with CPU utilization.
If NICs do not have a sufficient number of queues as flow threads based on vSRX type, then SWRSS is enabled by the flowd process.
Platform and Infrastructure
Support for Google Cloud Platform (vSRX 3.0)—Starting in Junos OS Release 19.3R1, vSRX 3.0 can be deployed on Google Cloud Platform (GCP). You can launch vSRX 3.0 instances on GCP that use the KVM-based hypervisors.
vSRX 3.0 support on GCP ensures security for multicloud environments, and provides consistent management and automated threat remediation.
Authentication and cipher algorithm mode traffic in PowerMode IPsec mode (SRX4100, SRX4200, SRX5400, SRX5600, SRX5800, and vSRX)—Starting in Junos OS Release 19.3R1, authentication algorithm (SHA1: hmac-sha1-96 and SHA2: hmac-sha-256-128) and cipher algorithms (aes-128-cbc, aes-192-cbc, and aes-256-cbc) mode traffic is processed through Power-Mode IPsec module to provide IPsec performance improvements.