* Pavel Lunin: >> 3. The issues raised below (I didn't realize this myself ) about sessions >> destined to the router still being processed as flow mode, which can tear >> down TCP sessions under certain circumstances. >> >> > Does anyone have a proof link for this?
This is based on: > Make sure to configure host-bound TCP traffic to use flow-based > forwarding—exclude this traffic when specifying match conditions for > the firewall filter term containing the packet-mode action > modifier. Any host-bound TCP traffic configured to bypass flow is > dropped. <http://www.juniper.net/techpubs/software/junos-security/junos-security10.0/junos-security-admin-guide/config-stateless-packet-option-section.html> We tried to enable MPLS (which is not really advertised as a way to disable flow-based processing, BTW), but the device still couldn't forward our tiny amount of traffic we deal with. -- Florian Weimer <fwei...@bfk.de> BFK edv-consulting GmbH http://www.bfk.de/ Kriegsstraße 100 tel: +49-721-96201-1 D-76133 Karlsruhe fax: +49-721-96201-99 _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp