7.1 MLS Processes
7.1.8 Cache aging issues
MLS cache is an area in memory where the MLS entries are stored. To prevent the MLS cache from overflowing, an aging process must be run. This is a software-controlled operation that runs in the background. Although the architecture of the current MLS-SE can theoretically hold 128,000 entries, it is recommended to keep the total number of entries below 32,000 on current versions of the card. MLS supports three separate aging times:
  • Quick
  • Normal
  • Fast

Quick aging is utilized to age out partial shortcut entries that never get completed by an enable packet. The aging period for these entries is fixed at five seconds.

Normal aging is used for the typical sort of data transfer flow. This is a user-configurable interval that can range from 64 to 1920 seconds with the set mls agingtime [agingtime] command. The default is 256 seconds. When changing the default value, it is rounded to the nearest multiple of 64 seconds.

Fast aging is used to age short-term data flows such as Domain Name System (DNS), ping, and Trivial File Transfer Protocol (TFTP). The fast aging time can be adjusted with the set mls agingtime fast [fastagingtime] [pkt_threshold] command. If the entry does not have more than pkt_threshold packets within fastagingtime  seconds, the entry is removed. By default, fast aging is not enabled because the fastagingtimeme  parameter is set to 0. The possible fastagingtime  values are 0, 32, 64, 96, and 128 seconds (it uses the nearest value if a different value is entered). The pkt_threshold parameter can be set to 0, 1, 3, 7, 15, 31, or 63 (again, other values can be entered and it uses the closest possible value).

Other events, such as applying access lists, routing changes, or reconvergence, normal cam aging, or disabling MLS on the switch, can cause MLS entries to be purged.