scale-optimized
Syntax
scale-optimized;
Hierarchy Level
[edit firewall family protocol-family-name filter filter-name], [edit logical-systems logical-system-name firewall family protocol-family-name filter filter-name]
Description
Specify to optimize the interface specific firewall filters in the PFE itself.
When an interface specific firewall filter is configured with multiple Interface bind point instances, the PTX halp software allocates resources for each interface instance separately, and the resources consumption is directly proportional to the number of bind points. This happens because, RE Junos dfw software creates independent instances for each bind point of an interface specific filter.
For example, if an interface specific firewall filter with ‘x’ number of prefix matches is bound to ‘y’ number of interfaces (bind points), the Junos software sends ‘x’ number of independent firewall instances to the PFE software each with ‘y’ numbers of prefix matches. This automatically consumes ‘x * y’ numbers of prefixes in the Alpha match block of FLT, and this leads to Alpha block prefix scale issue in FLT. When you add the scale-optimized
flag under the filter hierarchy, the interface specific firewall filters are optimized in the PFE itself.
The scale-optimized
flag has the following limitations:
Can only be configured along with
interface-specific
flag.Applicable only to IPv6 and IPv4 families.
Does not support the
next term
action.Does not work with filter lists. Filter lists create unique interface-specific filter for each interface they are applied on. Filters lists do not have a template filter, from which they are copied. It does not add any advantage having scale-optimized flag.
Cannot be applied to both input and output directions for an interface.
The
scale-optimized
flag should be configured along with filter configuration. If you add thescale-optimized
flag to an existing filter configuration, the filter counters do not increase. To resolve the filter counter issue, create a new filter with thescale-optimized
flag, replace the filter on the interface and commit it.
Required Privilege Level
interface—To view this statement in the configuration.
interface-control—To add this statement to the configuration.
Release Information
Statement introduced in Junos OS Release 18.1.