Understanding Session Characteristics for J Series Services Routers

Sessions are created, based on routing and other classification information, to store information and allocate resources for a flow. Sessions have characteristics, some of which you can change, such as when they are terminated. For example, you might want to ensure that a session table is never entirely full to protect against an attacker's attempt to flood the table and thereby prevent legitimate users from starting sessions.

Depending on the protocol and service, a session is programmed with a timeout value. For example, the default timeout for TCP is 1800 seconds. The default timeout for UDP is 60 seconds. When a flow is terminated, it is marked as invalid, and its timeout is reduced to 10 seconds.

If no traffic uses the session before the service timeout, the session is aged out and freed to a common resource pool for reuse. You can affect the life of a session in the following ways:

• You can specify circumstances for terminating sessions using any of the following methods:
  • Aggressively age out invalid sessions based on a timeout value
  • Age out sessions based on how full the session table is
  • Set an explicit timeout for aging out TCP sessions
  • Configure a TCP session to be invalidated when it receives a TCP RST (reset) message
• You can configure sessions to accommodate other systems as follows:
  • Disable TCP packet security checks
  • Accommodate end-to-end communication

The following topics show you how to modify a session's characteristics. For details, see the Junos OS CLI Reference.

Related Topics

• Junos OS Feature Support Reference for SRX Series and J Series Devices
• Understanding Stateful and Stateless Data Processing for J Series Services Routers
• Example: Controlling Session Termination for J Series Services Routers
• Example: Disabling TCP Packet Security Checks for J Series Services Routers
• Example: Accommodating End-to-End TCP Communication for J Series Services Routers