The S9500 series supports the longest match mode and packet-by-packet forwarding.
Precise match corresponds to flow forwarding, also known as “routing once and forwarding multiple times”. That is, after receiving the first packet, the switch searches the routing table for the outbound interface information about the next hop according to the destination IP address, and delivers the destination IP address and the outbound interface information to the hardware entries of the forwarding chip. Later, once packets from the same destination address are received, the forwarding chip directly searches for the hardware entries according to the destination IP address (precise match), obtaining the outbound interface information about the next hop for hardware forwarding. This match mode features a fast forwarding speed, but the disadvantage is that each destination IP address occupies a hardware entry. For this reason, the 128K hardware entries can be fully occupied quickly upon attacks by “code red worms” etc, so that new data flows cannot be forwarded as hardware forwarding entries are not available.
Longest match corresponds to packet-by-packet forwarding and hardware forwarding entries contain the destination network segment and outbound interface information. Each packet tries to match the longest network segment according to the destination IP address, and obtain the outbound interface information of the next hop to forward the packet. As the hardware forwarding entries contain the routing information about the destination network segment, their number is limited and they will not be occupied ceaselessly as the destination addresses increase (but they will in the precise match forwarding mode). Therefore, “code red worms” etc can be prevented very well.
该案例暂时没有网友评论
✖
案例意见反馈
亲~登录后才可以操作哦!
确定你的邮箱还未认证,请认证邮箱或绑定手机后进行当前操作