The firewall gre inner hash enable command enables the function of selecting a CPU based on the hash value calculated according to GRE inner packet information.
The undo firewall gre inner hash enable command enables the function of selecting a CPU based on the hash value calculated according to GRE outer packet information.
By default, the FW selects a CPU based on the hash value calculated according to the GRE inner packet information.
When GRE inner packets are IPv4 or IPv6 packets, the FW supports CPU selection based on the inner hash value.
When GRE outer packets are fragmented packets, the FW does not support CPU selection based on the inner hash value.
In a scenario where outer information-based hash is used, after receiving GRE packets, the FW calculates the hash value based on the outer information and sends the packets to the corresponding CPU for decapsulation based on the hash value. Then, the calculates the hash value based on the inner information and sends the packets to the corresponding CPU for subsequent processing.
For traffic of the same tunnel, the FW sends the traffic to the same CPU for decapsulation, in that the outer source and destination IP addresses are the same. When traffic is concentrated on several tunnels, the traffic may be unevenly distributed among CPUs. In this case, you need to enable inner information-based hash.
In a scenario where inner information-based hash is used, after receiving GRE packets, the FW calculates the hash value based on the inner information and sends the packets to the corresponding CPU for decapsulation and subsequent processing, without selecting another CPU.