On 15 March 2016 at 21:48, Chuck Anderson <c...@wpi.edu> wrote: Hey,
> On the MX/Trio platform, from a performance standpoint with large > prefix-lists (~10,000) and firewall filters, does it matter what order > the prefix-list is in? Will the firewall filter perform better if > shorter prefixes are listed first or if some other criteria is used > for sorting? Very good question. MX/Trio being NPU box, isn't by any means constant time platform and does not use TCAM. So ordering of does have relevance. I don't know if it's possible for operator to even affect the ordering, or does it pass through internal optimisation which will mask your high-level CLI config? You can, with considerable effort see what I believe is actual HW level program with 'show filter index N jnh' but it will take several days of motivated poking to reason what is happening there. I guess best bet is being empirical and testing in lab. If it works you should optimise so that the search is matched as early as possible, if majority of packets will flow through whole prefix-list without matches anyhow, then I doubt it matters what order it is in. -- ++ytti _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp