Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Flow-Based and Packet-Based Processing

  • TCP proxy short-circuit (SRX Series)—Starting in Junos OS Release 21.2R1, for a session with an active TCP proxy plug-in, the SRX Series device disables TCP proxy if there is no further requirement for the TCP proxy plug-in based on the user-defined configuration or the state of the flow. This enhancement significantly improves the session flow performance.

  • Automated Express Path+ (SRX4600, SRX5400, SRX5600, and SRX5800)—To enable Express Path+ (formerly known as services offloading) in releases before Junos OS Release 21.2R1, administrators need to manually define individual policies that they want to accelerate with network processing (NP) ASICs. Starting in Junos OS Release 21.2R1, administrators can use automated Express Path+ on the listed SRX Series devices to automatically offload all the eligible sessions to the ASIC network processors. This enhancement significantly improves the session flow performance.

    Automated Express Path+ requires underlying network processor cache (NP-cache) infrastructure. Starting in Junos OS Release 21.2R1, we've enabled NP-cache by default on the SRX5000 line of devices. Before this release, the SRX4600 had NP-cache enabled by default.

    [See Express Path.]

  • GRE acceleration enhancement (NFX Series, SRX Series, and vSRX)—Starting in Junos OS Release 21.2R1, security devices support the existing PMI and GRE acceleration for non software-defined WAN (SD-WAN) deployments.

    PMI and GRE acceleration improve GRE and MPLS-over-GRE performance.

    [See gre-performance-acceleration and show security flow status.]

  • Multicast support in SD-WAN deployments (NFX150, NFX250, NFX350, SRX300, SRX320, SRX340, SRX345, SRX380, SRX550M, SRX4100, SRX4200, SRX4600, and vSRX)—Starting in Junos OS Release 21.2R1, we've added support for multicast traffic on security devices in Provider Edge (PE) for SD-WAN deployments. The support for multicast traffic is available when the security device is operating with forwarding option set as flow-based.

    Support for multicast traffic results in bandwidth preservation and more efficient traffic flows.

    [See mode (Security Forwarding Options) and Virtual Routing and Forwarding Instances in SD-WAN Deployments.]

  • Support for logging and session-close reasons (SRX300, SRX320, SRX340, SRX345, SRX380, SRX550 HM, SRX1500, SRX4200, SRX4600, cSRX, and vSRX)—Starting in Junos OS Release 21.2R1, we've enhanced the logging feature with support for the following flow functions:

    • Log for session-update
    • Support for 64-bit unified session-id
    • Adding new session close reason in session-close log

    We’ve introduced a CLI command log session-update that you can use to update the session details.

    [See Information Provided in Session Log Entries for SRX Series Services Gateways.]

  • Carrier-grade NAT (CGNAT) J-Flow logging (MX240, MX480, and MX960 with MX-SPC3 card)—Starting in Junos OS Release 21.2R1, we’ve enhanced NAT logging using J-Flow version 9 and IPFIX format to generate logs. While creating or deleting events in NAT44 or NAT64 sessions, jflow-logs are generated.

    [See Understanding NAT Event Logging in Flow Monitoring Format on an MX Series Router or NFX250.]