Understanding Flow Processing

In TCP/IP, a flow is defined as a set of packets that shares the same values in a number of header fields. The fields required to establish a flow can vary, but usually at least source and destination addresses and ports, along with the protocol and a few other fields, are more than enough. TCP sessions are good candidates for packet flows, and often are the only flows defined on a device. The SRX enforces security policy by processing the flow of packets through the device. Therefore, flow processing is an important concept in SRX configuration and management.

Let's look at how flow processing works in the SRX.

The SRX actually does many complex things before it looks at the established security policies (rules), and a lot depends on whether the SRX has already seen the flow (session). If so, a great deal of information about the flow already exists and is installed on the SRX. When there is no match for the session, the SRX subjects the packet to first path processing. If the packet header fields match an installed session, the SRX subjects the packet to fast path processing (about half the steps of first path processing).

imagesThe use of the term fast path is unfortunate, but at least the first path is no longer called the slow path. These were very relative terms and the term “slow path” did not imply that the SRX would grind to a halt if a lot of new ...

Get Junos® OS For Dummies®, 2nd Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.