Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
ON THIS PAGE
 

scale-optimized

Syntax

Hierarchy Level

Description

Specify to optimize the interface specific firewall filters in the PFE itself.

When an interface specific firewall filter is configured with multiple Interface bind point instances, the PTX halp software allocates resources for each interface instance separately, and the resources consumption is directly proportional to the number of bind points. This happens because, RE Junos dfw software creates independent instances for each bind point of an interface specific filter.

For example, if an interface specific firewall filter with ‘x’ number of prefix matches is bound to ‘y’ number of interfaces (bind points), the Junos software sends ‘x’ number of independent firewall instances to the PFE software each with ‘y’ numbers of prefix matches. This automatically consumes ‘x * y’ numbers of prefixes in the Alpha match block of FLT, and this leads to Alpha block prefix scale issue in FLT. When you add the scale-optimized flag under the filter hierarchy, the interface specific firewall filters are optimized in the PFE itself.

The scale-optimized flag has the following limitations:

  • Can only be configured along with interface-specific flag.

  • Applicable only to IPv6 and IPv4 families.

  • Does not support the next term action.

  • Does not work with filter lists. Filter lists create unique interface-specific filter for each interface they are applied on. Filters lists do not have a template filter, from which they are copied. It does not add any advantage having scale-optimized flag.

  • Cannot be applied to both input and output directions for an interface.

  • The scale-optimized flag should be configured along with filter configuration. If you add the scale-optimized flag to an existing filter configuration, the filter counters do not increase. To resolve the filter counter issue, create a new filter with the scale-optimized flag, replace the filter on the interface and commit it.

Required Privilege Level

interface—To view this statement in the configuration.

interface-control—To add this statement to the configuration.

Release Information

Statement introduced in Junos OS Release 18.1.

Related Documentation