Skip to main content

CBAC concurrent sessions

another trick that I just learned. If you want to limit the number of the concurrent sessions going through the inspect rules you can use:


"RouterXXX(config)#ip inspect hashtable number"



Usage Guidelines

Use the ip inspect hashtable command to increase the size of the hash table when the number of concurrent sessions increases or to reduce the search time for the session. Collisions in a hash table result in poor hash function distribution because many entries are hashed into the same bucket for certain patterns of addresses. Even if a hash function distribution evenly dispenses the input across all of the buckets, a small hash table size will not scale well if there are a large number of sessions. As the number of sessions increase, the collisions increase, which increases the length of the linked lists, thereby, deteriorating the throughput performance.

Popular posts from this blog

IOS on Unix (IOU)

source http://evilrouters.net/2011/01/18/cisco-iou-faq/ What is IOU? From the Cisco Engineering Education web site (a long time ago): IOS on Unix (IOU) is a fully working version of IOS that runs as a user mode UNIX (Solaris) process. IOU is built as a native Solaris image and run just like any other program. IOU supports all platform independent protocols and features. What operating systems does IOU run on? It is my understanding that, initially, IOU was Solaris (SPARC) only. Nowadays, however, there are also builds for OS X and Linux. Similar to dynamips, IOU allows you to build out a network topology on a computer, without the need for physical routers. This is useful for validating designs, proof-of-concept testing, and certification self-study. Is my system compatible with IOU? You will need to be running the operating system that your IOU image were built for, obviously. Other than that, there are no special requirements to run IOU. It is not very CPU- or memory-intensive, unlik...

Impressed with Poly brand for conference headphones

I previously used my Sony XM4 headphones for calls and initially found them versatile for multiple purposes. However, as my meetings extended to several hours, I noticed they became less comfortable. To address this, I upgraded to wireless headphones from Poly, which offer significantly improved comfort. While I don’t plan to use them for music listening, my initial impression is very positive.

Juniper IS-IS summary

##################################################################################################### ## ISIS ##################################################################################################### # Be sure to set family iso on the interface to be placed into ISIS set interfaces <interface> family iso # By default Junos places interfaces as L1/L2 # Default route leaking:         L1 to L2 - all internal routes         L2 to L1 - 0/0 route # L1/L2 will send the attached-bit down to L1 and it will act as a NSSA-like area.  When the L1 interface # receives the attached-bit it will inject a 0/0 route into the RIB point to the L1/L2 interface. # To disable the attached bit use: set protocols isis ignore-attached-bit # Be careful with the "interface all" command, as it may have some unexpected consequences such as trying # to establish a neighbor on your fxp0 management...