RE: [j-nsp] OC-192 Perf issues with ACL's

• Next message: Hank Nussbacher: "[j-nsp] WCCP v2 support?"
• Previous message: Dave Curado: "Looking for a CAR'ish work around"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
• Mail actions: [ respond to this message ] [ mail a new topic ]

At 11:25 AM 3/8/2001 +0000, Morgan, Richard wrote:

>Can you give us an example of an access list that breaks a tree lookup ?

I'd have to find one of the ACL compiler guys who could. I can't.

>I understand that each term in a filter is evaluated in turn, thus a filter
>with 100 terms requires 100 lookups.

Not so at all. Those 100 terms gets compiled on the RE into a modified
radix tree that gets sent to the PFE. The PFE would likely do 2-4 lookups
per packet.

>See the example below, I have two
>identical filters do these have the same performance ?

Again, I don't know. Probably. They both get compiled down and if the
compiler produces maximum efficient code, then yes they will be the
same. But I don't positively know that it does maximum efficient code. I
*do* know they keep tuning the compiler to try to get there. (;->)

Since Orchestream has a support contract why not send that question to
'support@juniper.net' where the JTAC engineers and developers may be able
to give you more details without have competitors learn from it. (;->)

GK

>Rich
>
>/*
> Does one longest match first lookup
>*/
>filter fast {
> term 1 {
> from {
> address 10.0.0.0
> address 11.0.0.0
> address 12.0.0.0
> }
> then {
> discard;
> }
> }
>}
>
>/*
> Does three longest match first lookups
>*/
>filter slow {
> term 1 {
> from {
> address 10.0.0.0
> }
> then {
> discard;
> }
> term 2 {
> from {
> address 11.0.0.0
> then {
> discard;
> }
>
> term 3 {
> from {
> address 12.0.0.0
> }
> then {
> discard;
> }
> }
>}
>
>
>
>--
>This communication contains confidential information intended solely for
>the use of the individual/s and/or entity or entities to whom it was
>intended to be addressed. If you are not the intended recipient, be aware
>that any disclosure, copying, distribution, or use of the contents of this
>transmission is prohibited. If you have received this communication in
>error, please contact the sender immediately, delete this communication
>from your system, and do not disclose its contents to any third party, or
>use its contents. Any opinions expressed are solely those of the author
>and do not necessarily represent those of Orchestream Ltd or its group of
>companies unless otherwise specifically stated.

• Next message: Hank Nussbacher: "[j-nsp] WCCP v2 support?"
• Previous message: Dave Curado: "Looking for a CAR'ish work around"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
• Mail actions: [ respond to this message ] [ mail a new topic ]

This archive was generated by hypermail 2b29 : Mon Aug 05 2002 - 10:42:40 EDT