Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Understanding IOC Hardware Properties

On SRX5600 and SRX5800 firewalls, two IOCs (40x1GE IOC and 4x10GE IOC) are supported on which you can configure schedulers and queues. You can configure 15 VLAN sets per Gigabit Ethernet (40x1GE IOC) port and 255 VLAN sets per 10-Gigabit Ethernet (4x10GE IOC) port. The IOC performs priority propagation from one hierarchy level to another, and drop statistics are available on the IOC per color per queue instead of just per queue.

SRX5600 and SRX5800 firewalls with IOCs have Packet Forwarding Engines that can support up to 512 MB of frame memory, and packets are stored in 512-byte frames. Table 1 compares the major properties of the Packet Forwarding Engine within the IOC.

Table 1: Packet Forwarding Engine Properties within 40x1GE IOC and 4x10GE IOC

Feature

PFE Within 40x1GE IOC and 4x10GE IOC

Number of usable queues

16,000

Number of shaped logical interfaces

2,000 with 8 queues each, or 4,000 with 4 queues each.

Number of hardware priorities

4

Priority propagation

Yes

Dynamic mapping

Yes: schedulers per port are not fixed.

Drop statistics

Per queue per color (PLP high, low)

Additionally, the IOC features also support hierarchical weighted random early detection (WRED).

The IOC supports the following hierarchical scheduler characteristics:

  • Shaping at the physical interface level

  • Shaping and scheduling at the service VLAN interface set level

  • Shaping and scheduling at the customer VLAN logical interface level

  • Scheduling at the queue level

The IOC supports the following features for scalability:

  • 16,000 queues per PFE

  • 4 PFEs per IOC

    • 4000 schedulers at logical interface level (level 3) with 4 queues each

    • 2000 schedulers at logical interface level (level 3) with 8 queues each

  • 255 schedulers at the interface set level (level 2) per 1-port PFE on a 10-Gigabit Ethernet IOC (4x10GE IOC )

  • 15 schedulers at the interface set level (level 2) per 10-port PFE on a 1-Gigabit Ethernet IOC (40x1GE IOC )

  • About 400 milliseconds of buffer delay (this varies by packet size and if large buffers are enabled)

  • 4 levels of priority (strict-high, high, medium, and low)

Note:

The exact option for a transmit-rate (transmit-rate rate exact) is not supported on the IOCs on SRX Series Firewalls.

Note:

The above information is mostly for IOC1 cards. For MPC (IOC2), MPC3 (IOC3), and IOC4 cards (which use a subset of the CoS features available on IOC1), you can configure IEEE 802.1p classifiers, IEEE 802.1p rewrites, eight priority queues, and schedulers. After configuration, the classifiers and rewrites can be applied to logical interfaces, and queues and schedulers can be applied to physical interfaces.

  • Due to hardware limitation, per-unit-scheduler or hierarchical-scheduler is not supported. Only the default mode is supported for egress scheduling and queuing.

  • When an SPU is too busy to process every ingress packets from NG-IOCs, some high priority packets - for example, voice packets - may be delayed or dropped inside the SRX5600 or SRX 5800 chassis.

Related Documentation