13-28 User Guide for the Avaya P580 and P882 Multiservice Switches, v6.1
Chapter 13
differentiate packets by protocol and port. These entries al l hash to th e same
value because they have the same source and destination address, and you
may observe a degradation of the switch performance.
Example To block SNMP access to the supervisor from the network, on IP interface
10.10.0.240/255.255.255.0, use the following ACL entry:
ip access-list SNMP 10 deny udp any host 10.10.0.240 eq 161
If you were to use the following command, the switch would block a ll in ter-
subnet SNMP traffic, but would also create a forwarding cache entry for
every flow that had a different SA, DA, source port, destination port, or
protocol.
ip access-list SNMP 10 deny udp any any eq 161

Interrelation with

Hash Mode Setting Using DA-only hashing generally reduces the overall number of forwar ding
entries, but it can cause performance issues if used when an ACL is enabled.
These performance issues are magnified when the ACL uses protocol and
port identifiers.
An ACL that specifies a source address, protocol ID, or port ID requires
closer analysis of packets than just the destination address. Every flow to
the destination needs its own forwarding cache entry based on the ACL
criteria, and all of the entries hash to the same value. In this scenario, the
switch must sequentially sea rch every entry in the forwardi ng cache that has
the same DA (thus hash-location ).
When you set the hash mode to SA-DA, each different source-destination
combination hashes to a different value. Thus the number of entries hashed
to a single value significantly decreases. However, SA-DA can also cause
performance issues in some situatio ns. If many entries that do not match the
ACL have similar hash values to those that do, DA-only hashing provides
more efficient usage of the forwarding memory.
Managing F-chip Memory
The reconfiguration of Hash Mode can cause a secondary effect: increased
cache usage. By default, the IP Uni cast Cache size is 15,000 entries p e r F-
chip. Although this can be used up simply due to a high number of flows
(for example, a proxy server for the internet), the SA-DA Hash Mode
setting always causes more flows to be identified than in the DA-only
mode.
The F-chip memory can accommodate approximately 70,000 total entries
for routed (L3) flows. This number comprises IP Unicast, IP Mult icast, and
IPX entries for that F-chip.