Throughput Performance

CBAC uses a hash table to search for packets that belong to a specific session. It is possible to have entries for a certain pattern of addresses hashed into the same bucket, hence causing collisions in the table. This results in poor performance of hash function distribution. A small hash table size might negatively impact throughput performance when a large number of sessions are active.

The ip inspect hashtable command enables users to dynamically change the size of the session hash table without having to reload the router. Increasing the size of the hash table allows for the reduction of the number of sessions per hash bucket, which would improve the throughput performance of the CBAC engine.

0 0

Post a comment