forwarding-options (Security)

Enable sleep on dataplane.

Specify the protocol family to be used for packet forwarding.

• inet6—Specify forwarding options for IPv6 traffic.

  • drop—Drop IPv6 packets. This is the default setting.

  • flow-based—Perform flow-based packet forwarding.

  • packet-based—Perform simple packet forwarding.

• iso—Specify forwarding options for IS-IS traffic.

  • packet-based—Perform simple packet forwarding.

• mpls—Specify forwarding options for MPLS traffic.

  • flow-based—Perform flow-based packet forwarding.

  • packet-based—Perform simple packet forwarding.

Specify a mirror filter for filtering X2 packets to be mirrored and sent to a packet analyzer.

Specify TAP or Sniffer mode.

• tap—Specify TAP mode.

  • inspect-pass-through-tunnel—Specify TAP mode to inspect pass through IP-IP or GRE tunnel.

  • interface—Specify TAP mode interface name. You can configure up to eight TAP interfaces.

Receive side scaling (RSS) enables the efficient distribution of network receive processing across multiple CPUs in multiprocessor systems.

• nic-rss—The NIC distributes packets by applying a filter to each packet that assigns it to one of a small number of logical flows. Packets for each flow are steered to a separate receive queue, which in turn can be processed by separate CPUs. On reception, a NIC can send different packets to different queues to distribute processing among CPUs. NIC must have same number of receiving (RX) and transmitting (TX) queues as number of vSRX data plane CPU to support multi core vSRX flavors.

  • mode—Specify the mode of NIC RSS.

    • disable—Disable the NIC RSS mode.

• software-rss—Software RSS (SWRSS) removes this limitation of NIC HW queues to run vSRX multi-core flavors by implementing software-based packet spraying across various FLT thread. Software RSS offloads the handling of individual flows to one of the multiple kernel, so the flow thread that takes the packets from the NIC can process more packets. SWRSS implements software model of packet distribution across FLTs after obtaining the packets from NIC receiving queues. By removing NIC HW queue limitation, SWRSS helps to scale vCPUs by supporting various vSRX instance types.

  • io-thread-number—Specify the software RSS IO thread number.

    • Range: 1 through 8

  • mode—Specify the mode of Software RSS.

    • automatic—Auto select the Software RSS mode. This is the default mode.

    • disable—Disable the Software RSS mode.

    • enable—Enable the Software RSS mode.

Display forward option status, the CPU, and memory allocated for the advance services to verify the vCPU allocation between routing engine and flow RT threads.

• cpu—Specify CPU resources.

  • Default: 1

  • Range: 1 through 3

• enhanced-logging—Specify a dedicated CPU resource for on-box logging.

Specify a name for the secure wire interface mapping.

Security service actions when memory resource is in shortage. The system resource management guarantees the resources are used according to priorities.

• fail-open—Ignores Layer 7 services with resource requirements, creates a flow session without Layer 7 services, and forward the packet out.