Conceptually, that is correct: your first jump rule would match everything going to vlan10, if not, it would skip directly to the second jump rule ... etc, adding one evaluation for the rules to vlan10, 2 evaluations but removing a 100 evaluations for the rules to vlan20, and 3 evaluations but removing 200 evalutions for the rules to vlan30. In that scenario and supposing that the hits are fairly distributed across all the rules - and they may not be - you would go from an average of 150 evaluations down to 51-ish evaluations and 1 jump on average.
In the second level table, for example "IntoVlan10", you can also have jumps depending on whether the packet comes from vlan20 or vlan30, and have the final actions in that 3rd level table, which means that packets from vlan30 would skip the processing of the rules from vlan20.
Determining whether it would improve router performances is a bit more delicate: imagine that out of your 300 rules, one is hit 99% of the time - and we are not talking established but really a rule for new connections. Depending on where it is located in your rulebase, you may end up having one more evaluation. In that case, a performance boost would be to move it before evaluating to which table the evaluator should jump.
In the second level table, for example "IntoVlan10", you can also have jumps depending on whether the packet comes from vlan20 or vlan30, and have the final actions in that 3rd level table, which means that packets from vlan30 would skip the processing of the rules from vlan20.
Determining whether it would improve router performances is a bit more delicate: imagine that out of your 300 rules, one is hit 99% of the time - and we are not talking established but really a rule for new connections. Depending on where it is located in your rulebase, you may end up having one more evaluation. In that case, a performance boost would be to move it before evaluating to which table the evaluator should jump.
Statistics: Posted by vingjfg — Tue Jan 16, 2024 10:53 pm