SPI Affinity (asg_spi_affinity)
The asg_spi_affinity command helps you improve VPN performance with more efficient traffic assignment to SGMs and SGM cores. Typically, most VPN traffic goes to the same tunnel IP addresses. Because traffic is normally assigned to SGMs based on the destination IP address, VPN traffic is often assigned to the same SGMs. The solution is to assign VPN traffic to SGMs based on the SPI field in the packet header instead of the IP address.
A related issue occurs with Multi-core VLAN traffic, where traffic is assigned to CPU cores based on IP addresses. As with VPN traffic, asg_spi_affinity can also assign VLAN traffic to CPU cores based on the SPI field.
You must run this command in the Expert mode.
:
# asg_spi_affinity mode <ssm_id|all> <on|off>
# asg_spi_affinity vlan <ssm_id|all> <on|off>
# asg_spi_affinity verify
Parameter
|
Description
|
mode
|
Configure VPN affinity for specified SSM.
|
vlan
|
Configure VLAN affinity for the specified SSM interfaces.
|
verify
|
Show SPI affinity status.
|
<ssm_id>
|
SSM identifier (1-4 or all)
|
on/off
|
Enable\Disable SPI affinity. You must enable vlan and mode (VPN) affinity separately.
|
Notes:
- When some SSM interfaces not configured as VLANs, we recommend that you enable VLAN affinity only if most traffic passes through VLAN interfaces.
- SPI affinity can affect the distribution of clear packets. We recommend that you use SPI affinity only if most of the inbound traffic is VPN traffic.
Examples
# asg_spi_affinity mode 1 on - Enable VPN affinity for SSM 1
# asg_spi_affinity mode 2 off - Disable VPN affinity for SSM 2
# asg_spi_affinity vlan all on - Enable VLAN affinity for all SSM interfaces
# asg_spi_affinity vlan all off - Disable VLAN affinity for all SSM interfaces
|
