Net Optics Smart Filtering none User Manual

38

*** Confidential - DO NOT Distribute ***

Director

Be aware of these similar pairs of commands:

filter discard

•

clears the pending filter list, while filter clear clears the CAM

filter list

•

shows the pending filter list, while filter running shows the CAM

filter commit

•

copies the pending filter list to the CAM, while filter sync copies the CAM to the pending filter list

Pending filter list

Address

Filter

1

2

filter discard to clear
filter list to view contents

CAM

Address

Filter

1

2

filter clear to clear
filter running to view contents

filter commit

filter sync

Pairs of similar filter commands

Figure 45:

User interactions

When multiple users are logged into Director at the same time, each user has a separate pending filter list in which to

create filter configurations. However, there is only one CAM, so any time a user executes a commit or filter commit

command, the CAM takes on the filter configuration from that user's pending filter list, and those become the active

filters on Director. For this reason, it is a good idea to use a filter sync to get the current contents of the CAM before

adding or modifying filters; that way, the filters that you don't touch remain unaffected after you commit.

Filter capacity

The capacity of Director's filtering function is roughly 1,000 filter elements per chassis, where a filter element is

a port list or a filter parameter. For example, filter add in_ports=n1.1-n1.7 ip_proto=6 vlan=100 action=redir

redir_ports=m.1-m.5,m.10 has four filter elements:

in_ports=n1.1-n1.7

1.

ip_proto=6

2.

vlan=100

3.

redir_ports=m.1-m.5,m.10

4.

Counting filter elements is only a rough gauge of filter utilization, and is not recommended. Instead, examine the

pending filter list or CAM contents with filter list and filter running commands. The CAM has 512 locations, so

the number of filter entries or filter IDs is an indication of how much filtering capacity has been utilized. For example,

if the highest filter ID is 256, then half of the filter capacity is utilized. The actual capacity may exceed 1,000 filter

elements because one CAM location can contain multiple filter elements. However, be aware that IPv6 addresses (when

available) require additional CAM space and therefore fill the CAM more quickly than IPv4 addresses.