Training and Certification

 View Only
last person joined: 2 days ago 

How to get the most from Juniper's education services and get advice on your certification journey.
  • 1.  Forwarding Options

    Posted 03-15-2022 23:00
    Hello guys, 

    I am new here, I'm studying for the JNCIA and already have some experience with Junos OS. I was watching the Lab session of the Routing Fundamentals module and they showed this command set forwarding-options family inet6 mode packet-based.

    I got curious about this concept and if it matters to the JNCIA level., so I went through the documentation but I don't how I would apply it in the real world. Could someone give an example?




    Tks guys.

    Allan.

    ------------------------------
    ALLAN ZANELLA
    ------------------------------


  • 2.  RE: Forwarding Options

    Posted 03-16-2022 05:00
    Hi,

    That knob is use of u want make vSRX function as total router.


    Thanks


  • 3.  RE: Forwarding Options

    Posted 03-16-2022 08:18
    Allan:

    This configuration option is specific to the SRX Series devices (or vSRX) to disable flow based operation (default mode), effectively allowing the device to function as a standard switch or router.

    See documentation link below:
    https://www.juniper.net/documentation/us/en/software/junos/flow-packet-processing/topics/topic-map/security-packet-based-forwarding.html

    ------------------------------
    STEPHEN FLYNN
    ------------------------------



  • 4.  RE: Forwarding Options

    Posted 03-16-2022 08:50
    Hi,

    Tks for this, in packet-based would spare the CPU processing then?

    ------------------------------
    ALLAN ZANELLA
    ------------------------------



  • 5.  RE: Forwarding Options

    Posted 03-16-2022 09:02
    Possibly yes --- however that isn't the purpose of disabling the flow-based processing.  By disabling flow-based processing, you are also disabling functionality of the SRX series device.  You are configuring the purpose built firewall to no longer be a stateful firewall, but now a stateless packet processing device.

    The only reason to switch the modes on an SRX series device is for lab purposes, or if you are not wanting to use the SRX firewall -- as a stateful firewall.
    The only time I have ever switched an SRX (or vSRX) to packet-based mode is when I am using this device in my lab (EVE-NG) and needing to emulate an EX switch or router functionality.  I also use vMX for more powerful lab routing purposes.

    ------------------------------
    STEPHEN FLYNN
    ------------------------------