Allied Telesis x900-24 series - Manuals

Allied Telesis x900-24 series – Manual in PDF format online.

Manuals:

Manual

Manual Allied Telesis x900-24 series

Summary

Page 2 - Introduction; What information will you find in this document?; This document contains the following:

Page 2 | AlliedWare™ OS How To Note: Hardware Filters Introduction What information will you find in this document? This document contains the following: Introduction ........................................................................................................................................

Page 3 - Creating dedicated hardware filters; Configuring packet classification; Generic Classifier

Page 3 | AlliedWare™ OS How To Note: Hardware Filters Creating dedicated hardware filters Creating dedicated hardware filters Before we get into the details of the filter creation, we need to look at the underlying packet classification process. Configuring packet classification Dedicated hardware f...

Page 4 - Configuring Layer 4 source and destination port number masks; Outer VLAN parameters

Page 4 | AlliedWare™ OS How To Note: Hardware Filters Creating dedicated hardware filters Configuring Layer 4 source and destination port number masks A common filtering requirement is the ability to filter on a range of TCP or UDP port numbers. For example, we often want to be able to allow through...

Page 5 - When nested VLANs are being used, the parameters; tpid; and; vlanpriority; cannot be; Creating hardware filters; For example, imagine you have the following set of filters:

Page 5 | AlliedWare™ OS How To Note: Hardware Filters Creating dedicated hardware filters z When packets arrive at a customer port of a nested VLAN, the “inner” parameters will match the attributes of the first tag in the packets. This is because when the packet is forwarded from the core port, that...

Page 6 - The logic of the operation of the hardware filters; Let us consider the effect of each the possible action keywords.; Action

Page 6 | AlliedWare™ OS How To Note: Hardware Filters Creating dedicated hardware filters The logic of the operation of the hardware filters The operation of the filters follows the standard ACL logic: if a packet matches an filter, the comparison process stops and the action attached to the filter ...

Page 7 - Combining hardware filters and QoS; If the hardware filter actions include; discard; , then this is not a problem, because the packet; forward; , and the packet would also be matched by a QoS; How many filters can you create?; . The filter rules table; You create a hardware filter.

Page 7 | AlliedWare™ OS How To Note: Hardware Filters Combining hardware filters and QoS Combining hardware filters and QoS The switch compares the packet with every hardware filter before it compares the packet with any QoS flow group. If the packet matches a hardware filter, the switch takes the a...

Page 8 - Extra rules used when combining QoS and hardware filters; have; to start at the top of the table—it can start at other; packets start at the top of the rule table and run to the last; all; rule; Port

Page 8 | AlliedWare™ OS How To Note: Hardware Filters How many filters can you create? Extra rules used when combining QoS and hardware filters In fact, QoS can cause the limit on the number of hardware filters to be reduced rather more radically than might be initially evident. To see why this is, ...

Page 9 - The following figure shows the copies of these rules.

Page 9 | AlliedWare™ OS How To Note: Hardware Filters How many filters can you create? The following figure shows the copies of these rules. When a QoS policy has been applied to ports 4 and 5, all the hardware filter rules have to be replicated further down in the rule table, and the QoS-specific r...

Page 10 - destination; Are there enough bytes for your set of filters?; the total number of

Page 10 | AlliedWare™ OS How To Note: Hardware Filters How many filters can you create? Protocol type—2 bytes Ethernet format—2 bytes VLAN ID—2 bytes IP protocol type (TCP, UDP, etc)— 1 byte source IP address—4 bytes destination IP address—4 bytes TCP port number—2 bytes UDP port number—2 bytes DSCP...

Page 11 - Some protocols also use filters, so use some of the length; disable mldsnooping

Page 11 | AlliedWare™ OS How To Note: Hardware Filters How many filters can you create? Okay length For example, this set of filters would work: source MAC addresssource UDP portdestination IP address + destination TCP port The total number of bytes for the switch to check in a packet would be: sour...

Page 12 - How to see the current filter resource usage on the switch; The; show switch; Command output

Page 12 | AlliedWare™ OS How To Note: Hardware Filters How many filters can you create? How to see the current filter resource usage on the switch The show switch command outputs a number of counters that display the current usage of filtering resources. A typical output from this command, and a dis...

Page 13 - Appendix A: How to use the layer 4 mask in classifiers

Page 13 | AlliedWare™ OS How To Note: Hardware Filters Appendix A: How to use the layer 4 mask in classifiers Appendix A: How to use the layer 4 mask in classifiers This section describes the use of L4 mask in classifiers and gives some examples on L4 masks. The way that L4 masks work is similar to ...

Page 14 - Example; FF FC; Points to remember

Page 14 | AlliedWare™ OS How To Note: Hardware Filters Appendix A: How to use the layer 4 mask in classifiers Example 1 : ports 2000-2003 Let’s say we want to have a UDP port range of 2000-2003, then the mask we need to have is: The changed bits from 2000-2003 are bolded. We must now write a L4 mask...

Page 15 - But remember that if we set the last 5 bits to 0, the mask will cover 2

Page 15 | AlliedWare™ OS How To Note: Hardware Filters Appendix A: How to use the layer 4 mask in classifiers Example 2: ports 5004-5008 In some more complex situations, we may need more than one classifier to cover all the range we want to. Let’s take UDP destination ports between 5004-5008 Accordi...

Page 16 - So our biggest block fits into the range 5; Port range

Page 16 | AlliedWare™ OS How To Note: Hardware Filters Appendix A: How to use the layer 4 mask in classifiers So our biggest block fits into the range 5 1 2-767. The next second biggest block is 1 28 in our example … it should fit into 384-5 11 . With these 2 blocks, we cover from 384-767. If we kee...

Page 17 - The following table shows the port ranges for the largest blocks.

Page 17 | AlliedWare™ OS How To Note: Hardware Filters Appendix A: How to use the layer 4 mask in classifiers The following table shows the port ranges for the largest blocks. L4 mask: FC00 F800 F000 E000 C000 8000 0000 number of ports: 1 024 2048 4096 8 1 92 1 6384 32768 65536 0 0 0 0 0 0 0 1 024 2...