> What do you do if you have 100 rules of form: > if source ip = ip1 then class1 > if source ip = ip2 then class2 > if source ip = ip3 then class3 > ... > I assume you have to try them until one matches or you run out. If these are different filters then yes. But you can use u32's hash to match them all in one step. > However, I believe that you now support filters at interior classes. > This means that at the top you could do something like > if source ip in 10.0.0.0 - 10.0.0.50 then class1 > if source ip in 10.0.0.51 - 10.0.0.99 then class2 > and then in class1 put filters: > if source ip in 10.0.0.0 - 10.0.0.25 then class3 > if source ip in 10.0.0.26 - 10.0.0.50 then class3 > etc. Then you'd only have to match o(log(n)) filters. Oh yes. But the you can't use classes for balancing rates - because you will need balanced binary tree .. But if you use inner classes then you are right it will be always better (faster). But for large ip count I'd use u32 hash table. devik
