policy-based-route app-cache real-refresh enable

This command is supported in V600R007C20SPC500 and later versions.

By default, real-time update of application association entries of PBR is disabled.

If an application matching condition is configured for PBR, application matching is performed only during the last quarter of the TTL. If an application is matched against an application association entry of PBR and the application is considered unreliable, the device sends the application to the content security engine for application identification and then updates the application ID in the session table. If the application ID in the session table is not updated within the last quarter of the TTL, the application ID is not updated in the session table after the application association entry ages out. In such a case, if the session update is triggered again, PBR matching fails.

After the policy-based-route app-cache real-refresh enable command is run to enable real-time update of application association entries of PBR, the device sends an application to the content security engine for application identification and updates the application ID in the session table once the application is matched against an application association entry.

After this function is enabled, each traffic flow matching an application association entry is sent to the content security engine for application identification, which affects device performance. Therefore, exercise caution when running this command.