Reset Search
 

 

Article

What does the log "<Noti:ACL.Policy.hardRefresh>: Policy:hard refresh:<policy name>" mean?

« Go Back

Information

 
TitleWhat does the log "<Noti:ACL.Policy.hardRefresh>: Policy:hard refresh:<policy name>" mean?
Question
What does the log "<Noti:ACL.Policy.hardRefresh>: Policy:hard refresh:<policy name>" mean?
Environment
  • Summit All
  • EXOS All
  • Blackdiamond All
Answer
SMART REFRESH:
Normally, when changes are made to a policy and a policy is refreshed, the switch uses what is called a “smart refresh”. This basically means when a change in the policy is detected, only the ACL changes needed to modify the ACLs are sent to the hardware, and the unchanged entries remain
.

HARD REFRESH:
Smart Refresh works well up for up to 200 changes. If the number of changes exceeds 200, you will see this message: "Policy file has more than 200 new rules. Smart refresh cannot be carried out" and you will get the following prompt - "Note, the current setting for Access-list Refresh Blackhole is Enabled. Would you like to perform a full refresh?"

In this situation, the switch carries out a “hard refresh”; All ACLs previously defined in the policy are to be removed in the hardware, and the new refreshed ACL entries are to be installed. In such a scenario, when a "refresh policy" command is used, the aforementioned message will be logged.

"Hard refresh" is also carried out when the number of entries in the policy changes i.e., when a rule is added or deleted in the policy.
Additional notes
Excerpt from the User Guide: For ACL policies only, during the time that an ACL policy is refreshed, packets on the interface are blackholed, by default. This is to protect the switch during the short time that the policy is being applied to the hardware.

Based on this, if "blackhole" is disabled, it is conceivable that unwanted packets that were supposed to be subjected to the ACL (specifically "deny" policies) will be forwarded until the policy has been applied/refreshed.

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255