Understanding Session Characteristics for J Series Services Routers
Sessions are created, based on routing and other classification information, to store information and allocate resources for a flow. Sessions have characteristics, some of which you can change, such as when they terminated. For example, you might want to ensure that a session table is never entirely full to protect against an attacker's attempt to flood the table and thereby prevent legitimate users from starting sessions.
Depending on the protocol and service, a session is programmed with a timeout value. For example, the default timeout for TCP is 30 minutes. The default timeout for UDP is 1 minute. When a flow is terminated, it is marked as invalid, and its timeout is reduced to 10 seconds.
If no traffic uses the session before the service timeout, the session is aged out and freed to a common resource pool for reuse. You can affect the life of a session in the following ways:
- You can specify circumstances to terminate sessions using
any of the following methods:
- Aggressively age out invalid sessions aggressively based on a timeout value.
- Age out sessions based on how full the session table is.
- Set an explicit timeout for aging out TCP sessions.
- Configure a TCP session to be invalidated when it receives a TCP RST (reset) message.
- You can configure sessions to accommodate other systems
as follows:
- Disable TCP packet security checks.
- Accommodate end-to-end communication.
The following topics show you how to modify a session's characteristics. For details, see the JUNOS Software CLI Reference.
Related Topics
- JUNOS Software Feature Support Reference for SRX Series and J Series Devices
- Understanding Stateful and Stateless Data Processing for J Series Services Routers
- Example: Controlling Session Termination for J Series Services Routers
- Example: Disabling TCP Packet Security Checks for J Series Services Routers
- Example: Accommodating End-to-End TCP Communication for J Series Services Routers