547
edits
Ingress filter: Difference between revisions
Jump to navigation
Jump to search
→Settings
| Line 53: | Line 53: | ||
==== Settings ==== | ==== Settings ==== | ||
{| class="wikitable" | |||
|- | |||
! Option !! Description | |||
|- | |||
| Enabled || Turns the packet deduplication filter on and off. | |||
|- | |||
| Reserved memory (MB) || Controls how much memory in megabytes is reserved for packet deduplication. This memory then cannot be used for other statistics. Changes to this value will need a restart of the processing to take effect. | |||
|- | |||
| Packet timeout (ms) || The time in milliseconds after which a packet hash is removed form the packet deduplication. If the time is between identical packets is longer than this value the packets will not be detected as duplicates. | |||
|- | |||
| Compare starting at layer || Here it is possible to choose where the packet deduplication will start to analyze the packet. If e.g. 'Layer 3' is chosen it is possible for two packets to have different MAC addresses and still be detected as duplicates. | |||
|- | |||
| Layer 7 length limit for compare (bytes) || This value controls how many bytes of the application payload are actually used for the hash calculation. A very high value may affect the performance while a vary low value may increase the risk of false positives. | |||
|- | |||
| Ignore VLAN || The VLAN tag will not be used by the packet deduplication so that two packets from different VLANs can still be detected as duplicates. | |||
|- | |||
| Ignore IP TOS and traffic class || The IP 'type of service' and 'traffic class' fields will not be used by the packet deduplication so that two packets with different values in these fields can still be detected as duplicates. | |||
|- | |||
| Ignore IP TTL and HOP || The IP 'time to live' and 'hop counter' fields will not be used by the packet deduplication so that two packets with different values in these fields can still be detected as duplicates. | |||
|- | |||
| Ignore TCP SEQ and ACK numbers || The TCP sequence and acknowledgement numbers will not be used by the packet deduplication so that two packets with different TCP sequence and acknowledgement numbers can still be detected as duplicates. | |||
|- | |||
| Ignore TCP options || Any TCP options will not be used by the packet deduplication so that two packets with different TCP options can still be detected as duplicates. | |||
|} | |||
==== Limitations ==== | ==== Limitations ==== | ||
# In some circumstances, real duplicates cannot be distinguished from retransmissions. For example, for TCP in IPv6 traffic a retransmitted ACK packet might be byte-wise identical to the original ACK packet. The IPv6 header does not have an IP-ID field by default so it is identical and the TCP header is identical too if both the sequence and acknowledge number are the same and no timestamp option header is used. In this case it might help to decrease the packet timeout in the deduplication configuration since real duplicates in a network setup usually appear much faster than actual retransmissions. | # In some circumstances, real duplicates cannot be distinguished from retransmissions. For example, for TCP in IPv6 traffic a retransmitted ACK packet might be byte-wise identical to the original ACK packet. The IPv6 header does not have an IP-ID field by default so it is identical and the TCP header is identical too if both the sequence and acknowledge number are the same and no timestamp option header is used. In this case it might help to decrease the packet timeout in the deduplication configuration since real duplicates in a network setup usually appear much faster than actual retransmissions. | ||