Filter
Top Products
13-28 User Guide for the Avaya P580 and P882 Multiservice Switches, v6.1
Chapter 13
differentiate packets by protocol and port. These entries all hash to the same
value because they have the same source and destination address, and you
may observe a degradation of the switch performance.
Example To block SNMP access to the supervisor from the network, on IP interface
10.10.0.240/255.255.255.0, use the following ACL entry:
ip access-list SNMP 10 deny udp any host 10.10.0.240 eq 161
If you were to use the following command, the switch would block all inter-
subnet SNMP traffic, but would also create a forwarding cache entry for
every flow that had a different SA, DA, source port, destination port, or
protocol.
ip access-list SNMP 10 deny udp any any eq 161
Interrelation with
Hash Mode Setting
Using DA-only hashing generally reduces the overall number of forwarding
entries, but it can cause performance issues if used when an ACL is enabled.
These performance issues are magnified when the ACL uses protocol and
port identifiers.
An ACL that specifies a source address, protocol ID, or port ID requires
closer analysis of packets than just the destination address. Every flow to
the destination needs its own forwarding cache entry based on the ACL
criteria, and all of the entries hash to the same value. In this scenario, the
switch must sequentially search every entry in the forwarding cache that has
the same DA (thus hash-location).
When you set the hash mode to SA-DA, each different source-destination
combination hashes to a different value. Thus the number of entries hashed
to a single value significantly decreases. However, SA-DA can also cause
performance issues in some situations. If many entries that do not match the
ACL have similar hash values to those that do, DA-only hashing provides
more efficient usage of the forwarding memory.
Managing F-chip Memory
The reconfiguration of Hash Mode can cause a secondary effect: increased
cache usage. By default, the IP Unicast Cache size is 15,000 entries per F-
chip. Although this can be used up simply due to a high number of flows
(for example, a proxy server for the internet), the SA-DA Hash Mode
setting always causes more flows to be identified than in the DA-only
mode.
The F-chip memory can accommodate approximately 70,000 total entries
for routed (L3) flows. This number comprises IP Unicast, IP Multicast, and
IPX entries for that F-chip.