per-route-accounting
Syntax
(per-route-accounting | no-per-route-accounting);
Hierarchy Level
[edit logical-systems name routing-instances name routing-options flow], [edit logical-systems name routing-options flow], [edit logical-systems name tenants name routing-instances name routing-options flow], [edit routing-instances name routing-options flow], [edit routing-options flow], [edit tenants name routing-instances name routing-options flow]
Description
Typically, in the BGP FlowSpec filter, an individual counter was added for each
FlowSpec term configured. As part of optimization to FlowSpec, starting from
Junos OS Evolved Release 21.1R1 this behavior is changed, and counter action
is not added by default.
We now support a higher scale of flows in BGP FlowSpec filter. You can
achieve this by reducing the number of terms in the BGP FlowSpec filter
using the filter optimization techniques without affecting the
functionality. The per-route-accounting is not configured
by default. To create room for term compression, the default per-term
counters are disabled. However, to enable per-term counter a new CLI
command, per-route-accounting has been introduced under the existing
[edit routing-options-flow] hierarchy level.
The new algorithm used for term compression does not need branching.
- Algorithm for Term Compression
- Term merging conditions: Case 1
- Example
- Term merging conditions: Case 2
- Example
Algorithm for Term Compression
Consider the current term and the next term, if these two terms are capable of being merged (see "Term merging conditions" section), merge these two terms.
If the two terms are merged, use the merged term as the current term and repeat this process.
If the two terms cannot be merged, use the consecutive next term as the current term and repeat this process.
Term merging conditions: Case 1
Both the terms have same set of actions.
Both the terms have same type and same number of match conditions.
If there are ’n’ match conditions, at least ’n-1’ match conditions must have identical values.
In a term, maximum 1 match can have non-identical values. And the values of this match from the second term can be merged with the corresponding values in the first term.
The second term will be eliminated if it is merged.
Example
Term t1 and t2 differ only by protocol values
Term t1 {
from {
source-address 10.10.10.1/32
source-port 40
protocol udp
}
then accept
}
Term t2 {
from {
source-address 10.10.10.1/32
source-port 40
protocol tcp
}
then accept
}
Term t1 after merging: protocol values got merged, term t2 is eliminated:
Term t1 {
from {
source-address 10.10.10.1/32
source-port 40
protocol udp tcp
}
then accept
} Term merging conditions: Case 2
For every match in first term there should be a corresponding match of same type in second term.
All the match conditions in the first term have values which are identical to or superset of the values present in the corresponding match in the second term.
The match conditions present in first term fully covers the corresponding matches in the second term. Hence the second term will not get hit. So, that leads to:
The second term can have additional match conditions of different type.
The action present in second term need not match with that of first term.
If the above conditions are satisfied, then the second term will be eliminated.
Example
Term t1 has match conditions values are superset/identical to that of term t2
Term t1 {
from {
source-address { <<<<<<<<<<<<< Super set of term2’s match condition values
10.10.10.1/32
10.10.10.2/32
}
source-port 40-50 <<<<<<<<<<<<< Super set of term2’s match condition values
protocol tcp udp <<<<<<<<<<<<< Super set of term2’s match condition values
}
then discard
}
Term t2 {
from {
source-address 10.10.10.1/32
source-port 40
protocol udp
destination-port 50 <<<<<<<<<< Term2 can have additional match conditions
}
then accept <<<<<<<<<< Actions may differ
}
In this case, term t2 will be eliminated. There is no match values merge in this case.
As a result:
Term t1 {
from {
source-address {
10.10.10.1/32
10.10.10.2/32
}
source-port 40-50
protocol tcp udp
}
then discard
}Required Privilege Level
routing—To view this statement in the configuration.
routing-control—To add this statement to the configuration.
Release Information
Statement introduced in Junos OS Evolved Release 21.1R1.