SPI Affinity (asg_spi_affinity)
The asg_spi_affinity command helps you improve VPN performance with more efficient traffic assignment to SGMs and SGM cores. Typically, most VPN traffic goes to the same tunnel IP addresses. Because traffic is usually assigned to SGMs based on the destination IP address, VPN traffic is frequently assigned to the same SGMs. The solution is to assign VPN traffic to SGMs based on the SPI field in the packet header as an alternative to the IP address.
A related issue occurs with Multi-core VLAN traffic, where traffic is assigned to CPU cores based on IP addresses. As with VPN traffic, asg_spi_affinity can also assign VLAN traffic to CPU cores based on the SPI field.
You must run this command in Expert mode.
Syntax
# asg_spi_affinity mode|vlan <ssm_id> on|off
# asg_spi_affinity verify
Parameter
|
Description
|
mode
|
Configure VPN affinity for specified SSM.
|
vlan
|
Configure VLAN affinity for the specified SSM interfaces.
|
verify
|
Show SPI affinity status.
|
<ssm_id>
|
SSM ID
Valid values:
- Integer between
1 and 4 all - All SSMs
|
on|off
|
Enable or disable SPI affinity. You must enable vlan and mode (VPN) affinity separately.
|
Notes:
- When some SSM interfaces are not configured as VLANs, we recommend that you enable VLAN affinity only if most traffic passes through VLAN interfaces.
- SPI affinity can affect the distribution of clear packets. We recommend that you use SPI affinity only if most of the inbound traffic is VPN traffic.
Examples
# asg_spi_affinity mode 1 on - Enable VPN affinity for SSM 1
# asg_spi_affinity mode 2 off - Disable VPN affinity for SSM 2
# asg_spi_affinity vlan all on - Enable VLAN affinity for all SSM interfaces
# asg_spi_affinity vlan all off - Disable VLAN affinity for all SSM interfaces
|
