> Now, you can of course construct really really bad access
> lists that will
> break any kind of tree look up and if you do this (as
> competitors might)
> then performance sucks. If on the other hand you use *real*
> filters (even
> several 100s of terms long) it works at line rate.
Can you give us an example of an access list that breaks a tree lookup ?
I understand that each term in a filter is evaluated in turn, thus a filter
with 100 terms requires 100 lookups. See the example below, I have two
identical filters do these have the same performance ?
Rich
/*
Does one longest match first lookup
*/
filter fast {
term 1 {
from {
address 10.0.0.0
address 11.0.0.0
address 12.0.0.0
}
then {
discard;
}
}
}
/*
Does three longest match first lookups
*/
filter slow {
term 1 {
from {
address 10.0.0.0
}
then {
discard;
}
term 2 {
from {
address 11.0.0.0
then {
discard;
}
term 3 {
from {
address 12.0.0.0
}
then {
discard;
}
}
}
-- This communication contains confidential information intended solely for the use of the individual/s and/or entity or entities to whom it was intended to be addressed. If you are not the intended recipient, be aware that any disclosure, copying, distribution, or use of the contents of this transmission is prohibited. If you have received this communication in error, please contact the sender immediately, delete this communication from your system, and do not disclose its contents to any third party, or use its contents. Any opinions expressed are solely those of the author and do not necessarily represent those of Orchestream Ltd or its group of companies unless otherwise specifically stated.
This archive was generated by hypermail 2b29 : Mon Aug 05 2002 - 10:42:40 EDT