Filter Policies
Router Configuration Guide 479
downloaded to any line cards, the cache returns values of 0 (zero). If a cache entry represents
an ACL filter entry that was removed from a line card since the previous refresh, the current
refresh will reload the cache with the most recent values from hardware. The cache has to be
rebuilt on a High Availability (HA) switchover, thus initial statistics requests after an HA
switchover may require reads from hardware.
Operational notes:
• Two consecutive bulk requests for one entry will return the same values if the cache
has not been refreshed between the two requests. The refresh interval is platform/
release dependent. Please contact your Alcatel-Lucent representative for further
details.
• The cache is currently used only for Open Flow statistics retrieval. Please see the
“Hybrid OpenFlow Switch” section for more details.
• Conditional action match criteria filter entries for ttl, hop-limit, packet-length, and
payload-length support logging and statistics when the condition is met, allowing
visibility of filter matched and action executed. If the condition is not met, packets
are not logged and statistics against the entry are not incremented.
Filter Policy Logging
SR OS supports logging of the information from the packets that match given filter policy.
Logging is configurable per filter policy entry by specifying preconfigured filter log (config>
filter>log). A filter log can be applied to ACL filters and CPM hardware filters. Operators
can configure multiple filter logs and specify: memory allocated to a filter log destination,
syslog id for filter log destination, filter logging summarization, and wrap-around behavior.
Notes related to filter log summarization:
• The implementation of the feature applies to filter logs with destination syslog.
• Summarization logging is the collection and summarization of log messages for 1
specific log-id within a period of time.
• The summarization interval is 100 seconds.
• Upon activation of a summary, a mini-table with src/dst-address and count is created
for each type (IP/IPv6/MAC).
• Every received log packet (due to filter hit) is examined for source or destination
address.
• If the log packet (source/destination address) matches a source/destination address
entry in the mini-table a packet received previously), the summary counter of the
matching address is incremented.
To Next Page
Loading...
