![]() >asymmetric reverse flow routing on SRX in flow-mode. >On SRX, the reverse flow is taken care of automatically during 1st session establishment, and You can't influence reverse flow is meant to pass RI B-> RI C On SRX, the reverse flow is taken care of automatically during 1st session establishment, and You can't influence asymmetric reverse flow routing on SRX in flow-mode. You will need to use static in 1 direction and FBF in another, to let this legit bidir stream to pass.īUT - on SRX., You can let this legit bidir packet stream to pass by configuring only 1 line: Set routing-instances B routing-options static route W.Z.Y.X next-table A.inet.0 Then You would need this config to let it pass: However, You might have a legit bidir packet stream with src.IP W.Z.Y.X and dst.ip X.Y.Z.W, going between interfaces in RI A & B. Set routing-instances B routing-options static route X.Y.Z.W next-table A.inet.0 Set routing-instances A routing-options static route X.Y.Z.W next-table B.inet.0 To create recursion between 2 tables, You need something like this: Is my understanding correct, or am I missing something from that paragraph? My understanding is that if I had a next-table loop in an SRX, then route-lookup process would never complete due to infinite recursion and the session wouldn't establish in the first place. I understand how you can get a next-table routing loop, but I don't see how the bidirectional flow is meant to alleviate that. ![]() Recall that routing (and its reverse path) is set up in the first packet flow" However, this method becomes more useful with Junos security devices because bidirectional flow is enabled once the session is established. This option has specific unidirectional applications and is not a generally preferred method dude to the possibility of looping traffic between routing instances on Junos stateless devices. "One more method exists to route between routing instances, using the next-table option of a static route. I'm currently studying for JNCIP-SEC, and I came across a paragraph, as below:
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |