Security association. An IPSec term that describes an agreement between two parties about what rules to use for authentication and encryption algorithms, key exchange mechanisms, and secure communications.


Method where the sampling key based on the IPv4 header is sent to the Routing Engine. There, the key is placed in a file, or cflowd packets based on the key are sent to a cflowd server.


  1. Session Announcement Protocol. Used with multicast protocols to handle session conference announcements.

  3. Service access point. Device that identifies routing protocols and provides the connection between the network interface card and the rest of the network.



Segmentation and reassembly. Buffering used with ATM.


System Control Board. On an M40 router, the part of the Packet Forwarding Engine that performs route lookups, monitors system components, and controls FPC resets.


Switch-card chassis. Term used by the JUNOS command-line interface (CLI) to refer to the TX Matrix platform in a routing matrix.


SONET Clock Generator. On a T640 routing node, provides the Stratum 3 clock signal for the SONET/SDH interfaces. Also provides external clock inputs.

scheduler maps

In class of service, associate schedulers with forwarding classes. See also schedulers and forwarding classes.


Define the priority, bandwidth, delay buffer size, rate control status, and RED drop profiles to be applied to a particular forwarding class for packet transmission. See also scheduler maps.


Method of determining which type of packet or queue is transmitted before another. An individual router interface can have multiple queues assigned to store packets. The router then decides which queue to service based on a particular method of scheduling. This process often involves a determination of which type of packet should be transmitted before another. For example, first in, first out (FIFO). See also FIFO.


Source class usage. A means of tracking traffic originating from specific prefixes on the provider core router and destined for specific prefixes on the customer edge router, based on the IP source and destination addresses.


Secure copy. Means of securely transferring computer files between a local and remote host or between two remote hosts, using the Secure Shell (SSH) protocol.


Synchronous Digital Hierarchy. A CCITT variation of the SONET standard.


Session Description Protocol. Used with multicast protocols to handle session conference announcements.


Synchronous dynamic random access memory. An electronic standard where the inputs and outputs of SDRAM data are synchronized to an externally-supplied clock, allowing for extremely fast consecutive read and write capacity.

secure copy

See SCP.

Secure Hash Algorithm

See SHA-1.

Secure Shell

See SSH.

Secure Shell with Transport Layer Security


secure sockets layer

See SSL.

security association

See SA.

Security Parameter Index

See SPI.

segmentation and reassembly

See SAR.

service access point

See SAR.

Service Profile Identifier


Serving GPRS Support Node


Session Announcement Protocol

See Session Announcement Protocol. Used with multicast protocols to handle session conference announcements..

session attribute object

RSVP message object used to control the priority, preemption, affinity class, and local rerouting of the LSP.

Session Description Protocol

See SDP.

Session Initiation Protocol

See SIP.


Switching and Forwarding Module. On an M160 router, a component of the Packet Forwarding Engine that provides route lookup, filtering, and switching to FPCs.


Small form-factor pluggable transceiver. Optical transceivers that provide support for SX, LX, and LH optics, and can be removed from a PIC. SFPs are hot-insertable and hot-removable.


Serving GPRS Support Node. Device in the mobile network that requests PDP contexts with a GGSN.


Secure Hash Algorithm 1. A secure hash algorithm standard defined in FIPS PUB 180-1 (SHA-1). Developed by the National Institute of Standard Technology (NIST), SHA-1 (which effectively replaces SHA-0) produces a 160-bit hash for message authentication. Longer-hash variants include SHA-224, SHA-256, SHA-384, and SHA-512 (sometimes grouped under the name "SHA-2"). SHA-1 is more secure than MD5.

shaping rate

In class of service, controls the maximum rate of traffic transmitted on an interface. See also traffic shaping.

shared tree

Multicast forwarding tree established from the rendezvous point (RP) to the last-hop router for a particular group address.


Symmetric high-speed digital subscriber line. A standardized multirate symmetric DSL that transports rate-adaptive symmetrical data across a single copper pair at data rates from 192 Kbps to 2.3 Mbps, or from 384 Kbps to 4.6 Mbps over two pairs, covering applications served by HDSL, SDSL, T1, E1, and services beyond E1. SHDSL conforms to the following recommendations: ITU G.991.2 G.SHDSL, ETSI TS 101-524 SDSL, and the ANSI T1E1.4/2001-174 G.SHDSL. See also G.SHDSL.

shim header

Location of the MPLS header in a data packet. The JUNOS software always places (shims) the header between the existing Layer 2 and Layer 3 headers.

shortest path first

See SPF.

shortest-path tree

See SPT.

short message service

See SMS.


Switch Interface Board. On a T640 routing node, provides the switching function to the destination Packet Forwarding Engine.

signaled path

In traffic engineering, an explicit path; that is, a path determined using RSVP signaling. The ERO carried in the packets contains the explicit path information.

Signaling System 7

See SS7.

Simple Network Management Protocol


simplex interface

Interface that assumes that packets it receives from itself are the result of a software loopback process. The interface does not consider these packets when determining whether the interface is functional.

single-mode fiber

Optical fiber designed for transmission of a single ray or mode of light as a carrier and is used for long-distance signal transmission. For short distances, multimode fiber is used. See also MMF.


Session Initiation Protocol. An Adaptive Services application protocol option used for setting up sessions between endpoints on the Internet. Examples include telephony, fax, videoconferencing, file exchange, and person-to-person sessions.

small form-factor pluggable transceiver

See SFP.


Short message service. A GSM service that enables short text messages to be sent to and from mobile telephones.


System Network Architecture. IBM proprietary networking architecture comprised of a protocol stack that is used primarily in banks and other financial transaction networks.


Simple Network Management Protocol. A protocol governing network management and the monitoring of network devices and their functions.

soft state

In RSVP, control state in hosts and routers that expires if not refreshed within a specified amount of time.


Synchronous Optical Network. A high-speed (up to 2.5 Gbps) synchronous network specification developed by Bellcore and designed to run on optical fiber. STS1 is the basic building block of SONET. Approved as an international standard in 1988. See also SDH.

SONET Clock Generator

See SCG.

source-based tree

Multicast forwarding tree established from the source of traffic to all interested receivers for a particular group address. It is often seen in a dense-mode forwarding environment.

source class usage

See SCU.

source service access point


source-specific multicast

See SSM.

sparse mode

Method of operating a multicast domain where sources of traffic and interested receivers meet at a central rendezvous point. A sparse-mode network assumes that there are very few receivers for each group address.


Shortest path first. An algorithm used by IS-IS and OSPF to make routing decisions based on the state of network links. Also called the Dijkstra algorithm.


Security Parameter Index. In IPSec, a numeric identifier used with the destination address and security protocol to identify an SA. When IKE is used to establish an SA, the SPI is randomly derived. When manual configuration is used for an SA, the SPI must be entered as a parameter.


Service Profile Identifier. Used only in Basic Rate Interface (BRI) implementations of ISDN. The SPID specifies the services available on the service provider switch and defines the feature set ordered when the ISDN service is provisioned.

split horizon

Method used in distance-vector networks to avoid routing loops. Each router does not advertise routes back to the neighbor from which it received them.


Strict-priority queuing. A dequeuing method that provides a special queue that is serviced until it is empty. The traffic sent to this queue tends to maintain a lower latency and more consistent latency numbers than traffic sent to other queues. See also APQ.


Shortest-path tree. An algorithm that builds a network topology that attempts to minimize the path from one router (the root) to other routers in a routing area.

src port

TCP or UDP port for the source IP address in a packet.


Signaling System 7. A protocol used in telecommunications for delivering calls and services.


Source service access point. Device that identifies the origin of an LPDU on a DLSw network.


System and Switch Board. On an M20 router, a Packet Forwarding Engine component that performs route lookups and component monitoring and monitors FPC operation.


Secure Shell. An application that uses strong authentication and encryption for remote access across a nonsecure network. SSH provides remote login, remote program execution, file copy, and other functions. In a UNIX environment, SSH is intended as a secure replacement for rlogin, rsh, and rcp.


Secure Shell with Transport Layer Security. A combination of two standard methods used to secure communications over the Internet. TLS is the name of a standard protocol based on SSL 3.0 and is defined in RFC 2246. In combination, SSH/TLS is also known as SSHv2 and uses FIPS-restricted cipher sets in a FIPS environment.


Secure sockets layer. A protocol that encrypts security information using public-private key technology, which requires a paired private key and authentication certificate, before transmitting data across a network.


Source-specific multicast. A service that allows a client to receive multicast traffic directly from the source. Typically, SSM uses a subset of the PIM sparse-mode functionality along with a subset of IGMPv3 to create a shortest-path tree between the client and the source, but builds the shortest-path tree without the help of a rendezvous point.


Switch-to-Switch Protocol. Protocol implemented between two DLSw routers that establishes connections, locates resources, forwards data, and handles error recovery and flow control.


Synchronous Static Random Access Memory. Used for storing routing tables, packet pointers, and other data such as route lookups, policier counters, and other statistics to which the microprocessor needs quick access.

standard AAL5 mode

Transport mode that allows multiple applications to tunnel the protocol data units of their Layer 2 protocols over an ATM virtual circuit. You use this transport mode to tunnel IP packets over an ATM backbone. See also AAL5 mode, cell-relay mode, Layer 2 circuits, and trunk mode.

stateful firewall

Type of firewall filter that evaluates the context of connections, permits or denies traffic based on the context, and updates this information dynamically. Context includes IP source and destination addresses, port numbers, TCP sequencing information, and TCP connection flags. The context received in the first packet of a TCP session must match the context contained in all subsequent packets if a session is to remain active.

static LSP

See static path.

static path

In the context of traffic engineering, a static route that requires hop-by-hop manual configuration. No signaling is used to create or maintain the path. Also called a static LSP.

static route

Explicitly configured route that is entered into the routing table. Static routes have precedence over routes chosen by dynamic routing protocols.

static RP

One of three methods of learning the rendezvous point (RP) to group address mapping in a multicast network. Each router in the domain must be configured with the required RP information.

S/T interface

System reference point/terminal reference point interface. A four-pair connection between the ISDN provider service and the customer terminal equipment.


Synchronous transport module. CCITT specification for SONET at 155.52 Mbps.


In the context of traffic engineering, a route that must go directly to the next address in the path. (Definition from RFC 791, modified to fit LSPs.)

strict hop

Routers in an MPLS named path that must be directly connected to the previous router in the configured path.

strict-priority queue

See SPQ.


Synchronous transport signal. Synchronous transport signal level 1 is the basic building block signal of SONET, operating at 51.84 Mbps. Faster SONET rates are defined as STS-n, where n is a multiple of 51.84 Mbps. See also SONET.

stub area

In OSPF, an area through which, or into which, AS external advertisements are not flooded.

subnet mask

Number of bits of the network address used for the host portion of a Class A, Class B, or Class C IP address.

subrate value

Value that reduces the maximum allowable peak rate by limiting the HDLC-encapsulated payload. The subrate value must exactly match that of the remote channel service unit (CSU).

summary link advertisement

OSPF link-statement advertisement flooded throughout the advertisement's associated areas by area border routers to describe the routes that they know about in other areas.


Switched virtual connection. A dynamically established, software-defined logical connection that stays up as long as data is being transmitted. Once transmission is complete, the software tears down the SVC. See also PVC.

switch-card chassis

See SCC.

switched virtual connection

See SVC.

Switching and Forwarding Module

See SFM.

Switch Interface Board

See SIB.

Switch-to-Switch Protocol

See SSP.

symmetric high-speed digital subscriber line


Synchronous Digital Hierarchy

See SDH.

synchronous dynamic random access memory


Synchronous Optical Network


Synchronous Static Random Access Memory


synchronous transport module

See STM.

synchronous transport signal

See STS.


System identifier. Portion of the ISO nonclient peer. The system ID can be any six bytes that are unique throughout a domain.


System log. A method for storing messages to a file for troubleshooting or record-keeping purposes. It can also be used as an action within a firewall filter to store information to the messages file.

System and Switch Board

See SSB.

System Control Board

See SCB.

system ID

See sysid.

system log

See syslog.

System Network Architecture

See SNA.