Routing Policy and Firewall Filters
Support for secure vector routing (NFX Series, SRX300, SRX320, SRX340, SRX345, SRX380, SRX1500, SRX4100, SRX4200, SRX4600, and vSRX 3.0)—
Starting in Junos OS Release 21.4R1, you can deploy SVR-based distributed routing and network services with SRX Series or NFX Series devices. The secure vector routing (SVR) services provide session-aware routing for IPv4 networks, while the SRX or NFX devices provide a secure SD-WAN gateway and reliable service delivery. With this release of Junos, these devices can inter-operate directly with SVR.
For targeted sessions, the SRX Series or NFX Series device can be the first hop from the client or the last hop to the server. Vector routing packets that enter the device are tagged with source-tenant and destination-service and select the SVR path while non-vector-routing packets such as tunnels while non-targeted flows such as tunnels, are passed through.
To support vector routing, we've introduced new CLI commands at the
[edit services vector-routing]hierarchy level.Identify the routers you will use with SVR:
router-name router-name { node-name node-name { interfaces name } service-route service-route-name { destination-service destination-service-name peer peer-name } }You can then define the source and destination sessions:
services { vector-routing { authority-name authority-name source-tenant name { interface name ip-prefix value } } destination-service name { ip-prefix value transport <tcp | udp | icmp | gre> port-range value } access-policy source-tenant-name permission permit | deny cipher-suite cipher-suite-name } }