beautypg.com

Web agent procedure, Cli command, Using protocol or port ids in access rules – Avaya 580 User Manual

Page 447: Potential hashing issues, Using protocol or port ids in access rules -27

background image

Document No. 10-300077, Issue 2

13-27

Configuring Access Lists

SA-DA mode can cause a noticeable increase in the total flows identified
and result in an increased usage of F-chip memory.

See “

Managing F-chip Memory

in this case.

*Important: Changing the Hash Mode setting affects every L3-

enabled F-chip on the P580 or P882.

Web Agent
Procedure

To use the Web Agent to manually change the IP unicast hash mode from
DA-only to SA-DA:

1. In the navigation pane, expand the Routing > L3 Forwarding Cache >

Cache Configuration. The Layer-3 Forwarding Cache Configuration
Web page is displayed in the content pane.

2. In the Hash Mode field for IP Unicast traffic, select SA-DA.

3. Click APPLY.

CLI Command

To use the CLI to manually change the IP unicast hash mode from DA-only
to SA-DA, enter the following command:

(configure)#

ip unicast route-cache hash-mode sa-da

Using Protocol or Port IDs in Access Rules

Potential Hashing
Issues

Using a port or protocol identifier in an access rule can cause the switch to
add many entries to the forwarding cache when traffic between two
endpoints includes many flows. The extra entries resulting from the port or
protocol identifier hash to the same locations in the forwarding cache
because they have the same source and destination address.

For safe, efficient ACLs, do not use:

SA and DA wildcards with any protocol or port identifiers.

DA wildcard with any protocol or port identifiers.

Be very careful if you use a source wildcard and single destination with
protocol or port identifiers. This configuration works for local interface
addresses, since all packets destined to local interfaces are forwarded to the
slow-path anyway. The interface simply compares the packets to the ACL
before processing them and forwarding them to the supervisor.

However, if the destination specified in the access rule is a network host and
many simultaneous flows exist, switch performance can degrade. This
performance degradation occurs because the switch must generate a large
number of forwarding cache entries for the simultaneous flows to further

This manual is related to the following products: