SRX

 View Only
last person joined: yesterday 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.

  • 1.  SRX CPU consumption / Routing Instance and Firewall Filters.

    Posted 09-14-2018 06:40

    HI All,

    i deployed a IPSEC VPN in a specific routing instance. The interface tunnel (st0.x) are deployed in a routing instance A, and the user segment that need to use this IPSEC tunnel, are associated with the default instance (inet.0). After the VPN is established, the SRX has installed a route 10.0.0.0/8 in ther instance A, but the user can´t access all 10.0.0.0/8 due some address conflict.

    So, i applied a firewall filter with specific destination that need to be routed to instance A. This is working fine. However, i´m afraid with the cpu consumption. What is most recommended? 

    1- Use firewall filter;

    2-apply specific static routes using "next-table INST-A";

     

    Thanks,

    João Victor



  • 2.  RE: SRX CPU consumption / Routing Instance and Firewall Filters.
    Best Answer

    Posted 09-14-2018 06:49

    Hello,

     

    @joaov wrote:

     What is most recommended? 

    1- Use firewall filter;

    2-apply specific static routes using "next-table INST-A";

      

     

    [1] is recommended. [2] causes packet "recirculation"/re-evaluaton of the IP header which will halve Your SRX PPS capacity.

    HTH

    Thx

    Alex

     



  • 3.  RE: SRX CPU consumption / Routing Instance and Firewall Filters.

    Posted 09-14-2018 07:30

    Ok, i will keep this design with firewall filter. 

    Thanks a lot for you quick repply.