Director
Understand pending and active filters
To understand the actions of filter commands such as filter commit, filter discard, and filter delete, it is helpful to visualize the pending filter list and the CAM that holds the active filters.
The previous section explained how the active filters are stored in a CAM, which can be thought of as list of active filters. These filters, which are actively running in the device, may be referred to as active, running, or committed. Pending filters, that is, filters that have been defined using filter add and filter ins commands but not yet committed, are kept in a pending filter list that shadows the CAM. These filters may be referred to as pending or uncommitted. The following table shows which filter commands affect the pending filter list and which affect the CAM.
Commands apply to
Pending filter list | CAM |
|
|
filter add | commit |
filter del | filter clear |
filter discard | filter commit |
filter ins | filter running |
filter list |
|
filter sync |
|
As can be seen from the table, most of the time you work with the contents of the pending filter list. When you have the filters set up the way you want them in the pending filter list, a commit or filter commit command transfers the con- tents of the pending filter list to the CAM, activating that filter
A common workflow for changing the Director filter configuration might be as follows.
To change the Director filter configuration:
|
| Pending filter list |
|
| CAM |
|
|
|
|
|
|
|
|
| Address | Filter |
| Address | Filter |
|
|
|
|
|
|
|
|
|
|
|
| 1 | n1.1 ip_proto=UDP action=drop |
|
|
|
|
|
|
|
|
|
|
|
| 2 | n1.1 m.1 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Figure 39: Starting state
36