forwarding-options (Security)
Syntax
forwarding-options {
family {
inet6 {
mode (drop | flow-based | packet-based);
}
iso {
mode packet-based;
}
mpls {
mode (flow-based | packet-based);
}
}
mode {
tap {
inspect-pass-through-tunnel {
gre;
ipip;
}
interface [ interface ... ];
}
}
no-allow-dataplane-sleep;
resource-manager {
cpu {
re re;
}
}
secure-wire name {
interface [ interface ... ];
}
}
Hierarchy Level
[edit security]
Description
Determine how the inet6, iso, and mpls protocol families manage security
forwarding options.
Packet-based processing is not supported on the following SRX Series devices: SRX5400, SRX5600, and SRX5800.
On SRX Series devices, the default mode for processing traffic is flow mode. You can configure SRX Series devices to operate in packet mode to process MPLS packets.
To configure the packet mode on SRX Series device, use the following command:
user@host# set security forwarding-options family mpls mode packet-basedSelective stateless packet-based services allows you to configure the device to provide only packet-based processing for selected traffic based on input filter terms.
Starting in Junos OS Release 20.3R1, you can enable or disable dataplane sleep using the option
no-allow-dataplane-sleep.
Options
| mode | Specify TAP mode. |
| inspect-pass-through-tunnel | Specify TAP mode to inspect pass through IP-IP or GRE tunnel. |
| interface | Specify TAP mode interface name. You can configure up to eight TAP interfaces. |
| no-allow-dataplane-sleep | Disable dataplane sleep by configuring this option. To enable sleep on dataplane, delete this configuration. |
| resource-manager | Display forward option status and the CPU and memory allocated for the advance services and to verify the vCPU allocation between routing engine and flow RT threads. |
| secure-wire | Specify a name for the secure wire interface mapping. |
| interface-name-1 interface-name-2 | Specify a pair of peer logical interfaces that constitutes the secure wire mapping. |
The remaining statements are explained separately. See CLI Explorer.
Required Privilege Level
security—To view this statement in the configuration.
security-control—To add this statement to the configuration.
Release Information
Statement introduced in Junos OS Release 8.5.
secure-wire option introduced in Junos OS Release 19.3R1.
resource-manager option introduced in Junos OS Release 19.4R1 for vSRX.
mode option
introduced in Junos OS Release 20.1R1.
no-allow-dataplane-sleep option introduced in Junos OS Release 20.3R1 for vSRX 3.0.
Dedicated CPU resource assigned for on-box logging in Junos OS Release 23.1R1.