Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Flow-Based and Packet-Based Processing

  • Support for PowerMode IPsec (PMI) solution (SRX4100, SRX4200, SRX4600, SRX5400, SRX5600, SRX5800 with SPC3 cards, vSRX, and vSRX3.0) and GRE acceleration solution (SRX Series and NFX Series)—Starting in Junos OS Release 21.1R1, we support the PMI and GRE acceleration solutions to improve the software-defined WAN (SD-WAN) performance.

    Table 1: Solutions and Details

    Solution

    How to Enable?

    PMI

    Include the power-mode-ipsec and gre-performance-acceleration statements at the [edit security flow] hierarchy level.

    Note:

    PMI supports both IPsec and GRE. In this case, traffic flows through the PMI data path.

    GRE acceleration

    Include the gre-performance-acceleration statement at the [edit security flow] hierarchy level.  

    Note:

    By default, gre-performance-acceleration is turned off. In this case, traffic flows through the GRE acceleration data path.

    [See gre-performance-acceleration (Security Flow), flow (Security Flow), and show security flow status.]

  • Enhanced monitoring and troubleshooting of the flow session (SRX Series)—Starting in Junos OS Release 21.1R1, we’ve introduced additional filters to the show security flow session operational command. The additional filters allow you to generate specified outputs in a list so that you can easily monitor the flow session. We’ve also introduced the show security flow session pretty and show security flow session plugins operational commands to view detailed information about the flow session.

    You can also trace the packet-drop information without committing the configuration using the monitor security packet-drop operational command. This command output is displayed on the screen until you press Ctrl+c or until the security device collects the requested number of packet drops. The command includes various filters to generate the output fields per your requirement.

    [See show security flow session, show security flow session pretty, show security flow session plugins, and monitor security packet-drop.]

  • Packet-based ECMP support for Express Path (SRX5400, SRX5600, and SRX5800)—In earlier releases, Express Path supported only session-based ECMP traffic. Starting in Junos OS Release 21.1R1, Express Path also supports packet-based ECMP traffic from different network processors of the SRX Series device. In the packet-based ECMP mode, the SPU creates multiple network processor sessions on multiple network processors at a time. This feature is enabled by default.

    [See Express Path.]