- Table of Contents
-
- 11-Layer 3—IP Services Configuration Guide
- 00-Preface
- 01-ARP configuration
- 02-IP addressing configuration
- 03-DHCP configuration
- 04-DNS configuration
- 05-IP forwarding basics configuration
- 06-Fast forwarding configuration
- 07-Multi-CPU packet distribution configuration
- 08-Adjacency table configuration
- 09-IP performance optimization configuration
- 10-IPv6 basics configuration
- 11-DHCPv6 configuration
- 12-IPv6 fast forwarding configuration
- Related Documents
-
Title | Size | Download |
---|---|---|
06-Fast forwarding configuration | 71.19 KB |
Contents
Restrictions and guidelines: Fast forwarding configuration
Configuring the aging time for fast forwarding entries
Configuring fast forwarding load sharing
Enabling DSCP-based fast forwarding for GRE and VXLAN packets
Enabling fast forwarding for service request packets with one hardware chip
Enabling incremental checksum encapsulation for outgoing packets on hardware fast forwarding chips
Enabling alteration detection for outgoing packets on hardware fast forwarding chips
Specifying an action for packet alteration events
Ignoring interface sequence numbers during hardware fast forwarding
Display and maintenance commands for fast forwarding
Configuring fast forwarding
About fast forwarding
Fast forwarding reduces route lookup time and improves packet forwarding efficiency by using a high-speed cache and data-flow-based technology. It identifies a data flow by using the following fields: source IP address, source port number, destination IP address, destination port number, and protocol number. After a flow's first packet is forwarded through the routing table, fast forwarding creates an entry and uses the entry to forward subsequent packets of the flow.
Restrictions and guidelines: Fast forwarding configuration
Fast forwarding can process fragmented IP packets, but it does not fragment IP packets.
Fast forwarding can be implemented by software or hardware. Unless otherwise noted, fast forwarding in this chapter refers to software fast forwarding.
Configuring the aging time for fast forwarding entries
About this task
The fast forwarding table uses an aging timer for each forwarding entry. If an entry is not updated before the timer expires, the device deletes the entry. If an entry has a hit within the aging time, the aging timer restarts.
Procedure
1. Enter system view.
system-view
2. Configure the aging time for fast forwarding entries.
ip fast-forwarding aging-time aging-time
By default, the aging time is 30 seconds.
Configuring fast forwarding load sharing
About this task
Fast forwarding load sharing enables the device to identify a data flow by using the packet information.
If fast forwarding load sharing is disabled, the device identifies a data flow by the packet information and the input interface.
Procedure
1. Enter system view.
system-view
2. Configure fast forwarding load sharing. Choose one option as needed:
¡ Enable fast forwarding load sharing.
ip fast-forwarding load-sharing
¡ Disable fast forwarding load sharing.
undo ip fast-forwarding load-sharing
By default, fast forwarding load sharing is enabled.
Enabling DSCP-based fast forwarding for GRE and VXLAN packets
About this task
This feature uses the DSCP value in the outer header instead of the source port number among the identification criteria to identify GRE and VXLAN traffic flows.
Procedure
1. Enter system view.
system-view
2. Enable DSCP-based fast forwarding for GRE and VXLAN packets.
ip fast-forwarding dscp
By default, DSCP-based fast forwarding for GRE and VXLAN packet is disabled.
3. (Optional.) Specify the destination UDP port number for identifying VXLAN packets
ip fast-forwarding vxlan-port port-number
By default, the destination UDP port number is 4789.
Enabling fast forwarding for service request packets with one hardware chip
About this task
This feature enables a dual hardware chip module to fast forward service request packets with only one hardware chip as needed. After you shift the traffic processing mode, only service reply packets are processed by dual hardware chips.
Restrictions and guidelines
This feature takes effect only after you reboot the specified module.
After you shift the traffic processing mode of an engine (a service module) in a security engine group, you must perform the following tasks for the shift to take effect:
1. Shift the traffic processing mode of the other modules in the group to the desired one.
2. Reboot all modules in the group.
For more information about security engine groups, see configuring contexts in Virtual Technologies Configuration Guide.
This feature is not applicable to single hardware chip modules.
Procedure
1. Enter system view.
system-view
2. Enable fast forwarding for service request packets with one hardware chip.
In standalone mode:
hardware fast-forwarding standalone [ slot slot-number [ cpu cpu-number ] ]
In IRF mode:
hardware fast-forwarding standalone [ chassis chassis-number slot slot-number [ cpu cpu-number ] ]
By default, service request packets are fast forwarded by dual hardware chips.
Enabling incremental checksum encapsulation for outgoing packets on hardware fast forwarding chips
1. Enter system view.
system-view
2. Enable incremental checksum encapsulation for outgoing packets on hardware fast forwarding chips.
In standalone mode:
hardware fast-forwarding checksum encap incremental [ slot slot-number cpu cpu-number ]
In IRF mode:
hardware fast-forwarding checksum encap incremental [ chassis chassis-number slot slot-number cpu cpu-number ]
By default, the incremental checksum is encapsulated into the outgoing packets on hardware fast forwarding chips.
Enabling alteration detection for outgoing packets on hardware fast forwarding chips
1. Enter system view.
system-view
2. Enable alteration detection for outgoing packets on hardware fast forwarding chips
In standalone mode:
hardware fast-forwarding checksum inspect [ l3 | l4 [ tcp | udp ] ] enable [ slot slot-number cpu cpu-number ]
In IRF mode:
hardware fast-forwarding checksum inspect [ l3 | l4 [ tcp | udp ] ] enable [ chassis chassis-number slot slot-number cpu cpu-number ]
By default, alteration detection is enabled for outgoing packets on hardware fast forwarding chips.
Specifying an action for packet alteration events
1. Enter system view.
system-view
2. Specify an action for packet alteration events.
In standalone mode:
hardware fast-forwarding checksum inspect action { drop-err | log } [ slot slot-number cpu cpu-number ]
In IRF mode:
hardware fast-forwarding checksum inspect action { drop-err | log } [ chassis chassis-number slot slot-number cpu cpu-number ]
By default, the device forwards the altered packet and generates a log message when the device detects a packet alteration event.
Ignoring interface sequence numbers during hardware fast forwarding
About this task
On a network that has two equal-cost egresses, the device might receive the return packets of a forward flow on different interfaces. By default, the device determines that the return packets are in different traffic flows, because their incoming interfaces are different. As a result, the device cannot implement hardware fast forwarding for the return packets in a different flow.
To resolve this issue, enable the device to ignore interface sequence numbers during hardware fast forwarding. The device can perform hardware fast forwarding for the return packets of a forward flow even if they are received on different interfaces.
Restrictions and guidelines
This feature takes effect only after you enable hardware fast forwarding.
If a forwarding error occurs, you can disable this feature for debugging.
Procedure
1. Enter system view.
system-view
2. Ignore interface sequence numbers during hardware fast forwarding.
In standalone mode:
hardware fast-forwarding ifsn match enable [ slot slot-number cpu cpu-number ]
In IRF mode:
hardware fast-forwarding ifsn match enable [ chassis chassis-number slot slot-number cpu cpu-number ]
By default, the device does not ignore interface sequence numbers during hardware fast forwarding.
Display and maintenance commands for fast forwarding
Execute display commands in any view and reset commands in user view.
Task |
Command |
Display the aging time of fast forwarding entries. |
display ip fast-forwarding aging-time |
Display fast forwarding entries. |
In standalone mode: display ip fast-forwarding cache [ ip-address ] [ slot slot-number [ cpu cpu-number ] ] In IRF mode: display ip fast-forwarding cache [ ip-address ] [ chassis chassis-number slot slot-number [ cpu cpu-number ] ] |
Display fast forwarding entries about fragmented packets. |
In standalone mode: display ip fast-forwarding fragcache [ ip-address ] [ slot slot-number [ cpu cpu-number ] ] In IRF mode: display ip fast-forwarding fragcache [ ip-address ] [ chassis chassis-number slot slot-number [ cpu cpu-number ] ] |
Clear the fast forwarding table. |
In standalone mode: reset ip fast-forwarding cache [ slot slot-number [ cpu cpu-number ] ] In IRF mode: reset ip fast-forwarding cache [ chassis chassis-number slot slot-number [ cpu cpu-number ] ] |