Compare Products
Hide
VS
TCAM Classification
|
Application location
|
VFP ACL TCAM.
|
Used for QinQ and other scenarios to control outer VLAN changes.
|
IFP ACL TCAM.
|
Inbound ACL: perform access control in the inbound direction.
|
EFP ACL TCAM.
|
Outbound ACL: perform access control in the outbound direction.
|
Matching Domains
|
Illustration
|
Space occupied (bits)
|
Vid
|
Resources required for application on SVI interface or Layer 3 sub-interface
|
16
|
Etype
|
Matching message-type resources
|
16
|
Protocol
|
Resources matching IP protocol numbers
|
8
|
Port
|
Resources matching ports
|
8
|
PortGroup
|
Port reuse resources
|
12
|
IPv4 Src
|
Source IPv4 Resource
|
32
|
IPv4-Dst
|
Destination IPv4 Resource
|
32
|
IPv6_Src
|
Source IPv6 Resources
|
64 (prefix length is less than or equal to 64) or 128 (prefix length is greater than 64)
|
IPv6 Dst
|
Destination IPv6 Resource
|
|
Rangcheck
|
Match resources in the Layer 4 port number range
|
32
|
L4_Sport
|
Layer 4 source port
|
16
|
L4_Dport
|
Layer 4 destination port
|
16
|
TCP_Flag
|
Resources matching TCP Flag
|
8
|
Common services using TCAM resources
|
The service name displayed on the device
|
Use ACL on the interface
|
SECURITY / SECURITY(V6)
|
Use ACL globally
|
SECURITY-GBL/SECURITY-GBL(V6)
|
Traffic Statistics (Counter-only) Service
|
SECURITY-COUNT/SECURITY-COUNT(V6)
|
Policy Routing Service
|
PBR /PBR(V6)
|
ERSPAN Business
|
PBM / PBM(V6)
|
QOS Service
|
QOS/Q0S(V6)/QOS-CAR/QOS-CAR(V6)
|
INT Business
|
INT-INGRESS /INT-INGRESS(V6)
|
VXLAN Services
|
VXLAN-CPP/VXLAN-CPP(V6)
|
CPP Business
|
CPP/CPP(v6)
|
TCAM Mode
|
Suitable for use scenarios
|
Default mode
|
Suitable for common scenarios with few TCAM service types
|
ACL-MAX Mode
|
Suitable for IPv4/IPv6 dual-stack scenarios
|
ACL-SLICES-ALL Mode
|
A special mode of ACL-MAX mode, which increases the security ACL capacity based on ACL-MAX mode. Only some models of devices support it.
|
VXLAN Mode
|
Suitable for VXLAN scenarios
|
VXLAN-HASH Mode
|
Suitable for VXLAN scenarios that support VXLAN hash load balancing Suitable for general scenarios that support VXLAN hash load balancing
|
ACL-DEFAULT-VXLAN-HASH Mode
|
Suitable for use scenarios
|
EFP ACL Assessment for Box Switches
|
|
Evaluation conditions
|
Evaluation results
|
Required for outbound services is less than the number of EFP ACL slices.
|
Slice has sufficient resources.
|
The number of EFP ACL slices is less than the number of slices required for outbound services.
|
Adjust TCAM mode or integrate used services
|
IFP ACL Evaluation for Box Switches
|
|
Evaluation conditions
|
Evaluation results
|
The number of slices required for inbound services is less than the number of IFP ACL common slices.
|
Slice has sufficient resources.
|
The number of IFP ACL common slices < the number of slices required for inbound services < the total number of IFP ACL slices
|
Configure the deployed services to the actual data centre switch model for verification.
|
The total number of IFP ACL slices is less than the number of slices required for inbound services.
|
Adjust TCAM mode or integrate used services.
|
Frame switch evaluation
|
|
Evaluation conditions
|
Evaluation results
|
The total number of slices required for inbound and outbound services is less than the number of IFP/EFPACL common slices.
|
Slice has sufficient resources.
|
The number of IFP/EFP ACL common slices < the total number of slices required for inbound and outbound services < the total number of IFP/EFP ACL slices
|
Configure the deployed services to the actual data centre switch model for verification.
|
The total number of IFP/EFP ACL slices is less than the total number of slices required for inbound and outbound services.
|
Adjust TCAM mode or integrate the services used.
|
The default mode of modular switches
|
|
KEY Resource Type
|
KEY Resource Type
|
IFP ACL KEY resource
|
7
|
EFP ACL KEY resource
|
2
|
ACL-MAX Mode for Module Switches
|
|
KEY Resource Type
|
KEY Resource Type
|
IFP ACL IPv4 KEY resource
|
7
|
IFP ACL IPV6 KEY resource
|
7
|
EFP ACL KEY resource
|
2
|
Business Name
|
Business Configuration
|
Equipment business name
|
TCAM Resource Type
|
CPP (IPv4 )
|
CPP
|
IFP
|
|
Use ACL on the interface (IP4)
|
ip access-list extended IPV4 ACL IN
|
SECURITY
|
IFP
|
10 permit tcp host 1.1.1.1 eq 1111 host 2.2.2.2 eq 2222
|
|||
p access-list extended IPy4 ACL OUT
|
|||
10 permit tcp host 1.1.1.1 eq 1111 host 2.2.2.2 eq 2222
|
|||
interfaceTFGigabitEthernet 0/1
|
AFP
|
||
ip access-group IPv4 ACL IN in
|
|||
ip access-group IPV4 ACL OUT out
|
|||
Traffic Statistics (Counter-only) (IPV4)
|
ip access-list extended COUNT IN
|
SECURITY-COUNT
|
IFP
|
10 permit tcp host 1.1.1.1 eq 1111 host 2.2.2.2 eq 2222
|
|||
20 permit ip any any
|
|||
Ip access list extended COUNT OUT.
|
|||
10 permit tcp host 1.1.1.1 eq 1111 host 2.2.2.2 eg 2222
|
|||
20 permit ip any any
|
AFP
|
||
interface TFGigabitEthernet 0/2
|
|||
ip access-group COUNT IN in counter-only
|
|||
ip access-group COUNT OUT out counter-only
|
|||
Global ACL (IPv4)
|
ip access-list extended GBL IN
|
SECURITY-GBL
|
IFP
|
10 permit tcp host 1.1.1.1 eq 1111 host 2.2.2.2 eq 2222
|
|||
20 permit ip any any
|
|||
ip access-group GBL IN in
|
|||
Policy Routing (IPV4)
|
ip access-list extended PBR IPv4
|
PBR
|
IFP
|
10 permit tcp host 1.1.1.1 eq 1111 host 2.2.2.2 eq 2222
|
|||
route-map PBR IPv4 permit 10
|
|||
Match IP address PBR IPv4.
|
|||
Set ip next-hop 3.3.3.3
|
|||
interface TFGigabitEthernet 0/3
|
|||
ip policy route-map PBR IPv4
|
|||
QOS (IPV4 )
|
mac access-list extended ARP NO FORWARDING
|
QOS-CAR
|
AFP
|
10 permit any arp
|
|||
class-maP ARP_NO_FORWARDING
|
|||
Match access-grouP ARP NO FORWARDING.
|
|||
policy-maP ARP NO FORWARDING
|
|||
class ARP NO FORWARDING
|
|||
police 00exceed-action drop
|
|||
service-policy output ARP NO FORWARDING
|
|||
QOS (IPV4 )
|
expert access-list extended RoCEv2-Cnp
|
QOS
|
IFP
|
10 permit udp any any any any eq 4791 dscp 35
|
|||
Expert access-list extended RoCEv2-Data.
|
|||
10 permit udp any any any any eq 4791 dscp af41
|
|||
class-map RoCEv2-Data
|
|||
match access-group RoCEv2-Data
|
|||
class-map RoCEv2-Cnp
|
|||
match access-group RoCEv2-Cnp
|
|||
policy-map RoCEv2
|
|||
class RoCEv2-Data
|
|||
Set cos 1 priority
|
|||
class RoCEv2-Cnp
|
|||
Set cos 2 priority
|
|||
service-policy input RoCEv2
|
|||
ERSPAN
|
expert access-list extended RDMA
|
PBM
|
IFP
|
10 permit udp any any any any eq 4791 udf 1 l5 _head 0 0x8100 0xFF00
|
|||
20 permit udp any any any any eq 4791 udf 1 15 head 0 0x1100 0xFF00udf 2 15 head 12 0x6000 0xFF00
|
|||
Monitor session 1 span-source
|
|||
source interface HundredGigabitEthernet 0/56 rx acI RDMA
|
|||
original IP address 1.1.1.1
|
|||
destination IP address 2.2.2.2
|
Business Name
|
Business Configuration
|
Business Configuration
|
TCAM Resource Type
|
Enable IPv6 configuration
|
interface VLAN 100
|
CPP(v6)
|
IFP
|
ipv6 enable
|
|||
ipv6 address FC01::1/64
|
|||
ACL Interface (IPv6)
|
ipv6 access-list IPv6 ACL IN
|
SECURITY(v6)
|
IFP
|
10 permit icmp host FC01::1 host FC01::2
|
|||
ipv6 access-list IPV6_ACL OUT
|
|||
10 permit icmp host FC01::l host FC01::2
|
|||
interfaceTFGigabitEthernet 0/1
|
AFP
|
||
ipv6 traffic-filter IPv6_ACL_IN in
|
|||
ipv6 traffic-filter IPv6_ACL_OUT out
|
Business Name
|
Business Configuration
|
Equipment business name
|
TCAM Resource Type
|
CPP (IPv4)
|
CPP
|
IFP
|
|
Enable IPv6
|
interface VLAN 100
|
CPP(v6)
|
IFP
|
ipv6 enable
|
|||
ipv6 address FC01::1/64
|
|||
Global ACL
|
ip access-list extended IPv4_ACL IN
|
SECURITY-GBL
|
IFP
|
10 permit tcp host 1.1.1.1 eq 1111 host 2.2.2.2 eq 2222
|
|||
20 permit ip any any
|
|||
ip access-group IPv4_ACL_IN in
|
|||
Global ACL (IPv6)
|
ipv6 access-list IPv6 ACL IN
|
SECURITY-GBL(v6)
|
IFP
|
10 permit icmp host FC01::l host FC01::2
|
|||
ipv6 traffic-filter IPv6_ACL_IN in
|
The default mode of modular switches
|
|
KEY Resource Type
|
KEY Resource Type
|
IFP ACL KEY resource
|
7
|
EFP ACL KEY resource
|
2
|
Business Name
|
Business Configuration
|
Equipment business name
|
Equipment business name
|
ERSPAN (IPv4)
|
ip access-list extended ERSPAN IPv4
|
PBM
|
IFP
|
10 permit tcp host 1.1.1.1 eq 1111 host 2.2.2.2 eq 2222
|
|||
Monitor session 4 span-source
|
|||
source interface TenGigabitEthernet 2/1 rx aCI ERSPAN IPV4
|
|||
original IP address 1.1.1.1
|
|||
destination address 2.2.2.2
|
ACL-MAX Mode for Module Switches
|
|
KEY Resource Type
|
KEY Resource Type
|
IFP ACL IPV4 KEY resource
|
7
|
IFP ACL IPv6 KEY resource
|
7
|
EFP ACL KEY resource
|
2
|
Related Blogs:
Exploration of Data Center Automated Operation and Maintenance Technology: Zero Configuration of Switches
Technology Feast | How to De-Stack Data Center Network Architecture
Technology Feast | A Brief Discussion on 100G Optical Modules in Data Centers
Research on the Application of Equal Cost Multi-Path (ECMP) Technology in Data Center Networks
Technology Feast | How to build a lossless network for RDMA
Technology Feast | Distributed VXLAN Implementation Solution Based on EVPN
Exploration of Data Center Automated Operation and Maintenance Technology: NETCONF
Technical Feast | A Brief Analysis of MMU Waterline Settings in RDMA Network
Technology Feast | Internet Data Center Network 25G Network Architecture Design
Technology Feast | The "Giant Sword" of Data Center Network Operation and Maintenance
Technology Feast: Routing Protocol Selection for Large Data Centre Networks
Technology Feast | BGP Routing Protocol Planning for Large Data Centres
Technology Feast | Talk about the next generation 25G/100G data centre network
Ruijie Networks websites use cookies to deliver and improve the website experience.
See our cookie policy for further details on how we use cookies and how to change your cookie settings.
Cookie Manager
When you visit any website, the website will store or retrieve the information on your browser. This process is mostly in the form of cookies. Such information may involve your personal information, preferences or equipment, and is mainly used to enable the website to provide services in accordance with your expectations. Such information usually does not directly identify your personal information, but it can provide you with a more personalized network experience. We fully respect your privacy, so you can choose not to allow certain types of cookies. You only need to click on the names of different cookie categories to learn more and change the default settings. However, blocking certain types of cookies may affect your website experience and the services we can provide you.
Through this type of cookie, we can count website visits and traffic sources in order to evaluate and improve the performance of our website. This type of cookie can also help us understand the popularity of the page and the activity of visitors on the site. All information collected by such cookies will be aggregated to ensure the anonymity of the information. If you do not allow such cookies, we will have no way of knowing when you visited our website, and we will not be able to monitor website performance.
This type of cookie is necessary for the normal operation of the website and cannot be turned off in our system. Usually, they are only set for the actions you do, which are equivalent to service requests, such as setting your privacy preferences, logging in, or filling out forms. You can set your browser to block or remind you of such cookies, but certain functions of the website will not be available. Such cookies do not store any personally identifiable information.
Contact Us
How can we help you?
Your opinions and feelings are crucial for our improvement.
Fill in the survey