Ana iya aiwatar da ACLs (Jerin Sarrafa Shiga) akan na'urorin cibiyar sadarwa duka a cikin hardware da software, ko fiye da magana, hardware da tushen ACLs. Kuma idan komai ya kamata ya bayyana tare da ACL na tushen software - waɗannan ƙa'idodi ne waɗanda ake adanawa da sarrafa su a cikin RAM (watau akan Jirgin Kulawa), tare da duk ƙuntatawa masu zuwa, to zamu fahimci yadda ake aiwatar da ACL na tushen kayan masarufi kuma muyi aiki da mu. labarin. A matsayin misali, za mu yi amfani da masu sauyawa daga jerin ExtremeSwitching daga Extreme Networks.
Tun da muna sha'awar ACLs na tushen kayan masarufi, aiwatar da ciki na Jirgin Bayanai, ko ainihin kwakwalwan kwamfuta (ASICs) da aka yi amfani da su, yana da mahimmanci a gare mu. An gina dukkan layukan sauya hanyoyin sadarwa na Extreme Networks akan Broadcom ASICs, sabili da haka yawancin bayanan da ke ƙasa za su kasance gaskiya ga sauran masu sauyawa a kasuwa waɗanda aka aiwatar akan ASICs iri ɗaya.
Kamar yadda ake iya gani daga adadi a sama, "ContentAware Engine" yana da alhakin gudanar da ACLs a cikin kwakwalwan kwamfuta, daban don "shiga" da "egress". A tsarin gine-gine, iri ɗaya ne, kawai “egress” ba shi da ƙima da ƙarancin aiki. A zahiri, duka "Injin ContentAware" sune ƙwaƙwalwar ajiyar TCAM tare da dabaru masu rahusa, kuma kowane mai amfani ko tsarin tsarin ACL ƙayyadaddun abin rufe fuska ne da aka rubuta zuwa wannan ƙwaƙwalwar ajiya. Abin da ya sa chipset ɗin ke aiwatar da fakitin zirga-zirga ta fakiti kuma ba tare da lalata aikin ba.
A zahiri, Ingress / Egress TCAM guda ɗaya, bi da bi, an raba shi cikin ma'ana cikin sassa da yawa (dangane da adadin ƙwaƙwalwar kanta da dandamali), abin da ake kira "ACL slices". Misali, abu iri ɗaya yana faruwa tare da HDD iri ɗaya akan kwamfutar tafi-da-gidanka lokacin da kuka ƙirƙiri faifan ma'ana da yawa akansa - C:>, D:>. Kowane yanki na ACL, bi da bi, ya ƙunshi ƙwayoyin ƙwaƙwalwar ajiya a cikin nau'in "strings" inda aka rubuta "dokoki" (ka'idoji / bit masks).
Rarraba TCAM zuwa ACL-yanke yana da takamaiman dabaru a bayansa. A cikin kowane ɗayan ACL-yanke, kawai "dokokin" waɗanda suka dace da juna za a iya rubuta su. Idan wani daga cikin "dokokin" ba su dace da na baya ba, to, za a rubuta shi zuwa ACL-slice na gaba, ba tare da la'akari da yawan layin kyauta na "dokokin" da aka bari a baya ba.
Daga ina ne wannan dacewa ko rashin jituwa na dokokin ACL ya fito? Gaskiyar ita ce, daya TCAM "layi", inda aka rubuta "dokoki", yana da tsawon 232 rago kuma an raba shi zuwa wurare da yawa - Kafaffen, Field1, Field2, Field3. 232 bit ko 29 byte TCAM ƙwaƙwalwar ajiya ya isa don yin rikodin mashin-mask na takamaiman MAC ko adireshin IP, amma ƙasa da cikakken madaidaicin fakitin Ethernet. A cikin kowane guda ACL-slice, ASIC na yin bincike mai zaman kansa bisa ga abin rufe fuska da aka saita a F1-F3. Gabaɗaya, ana iya yin wannan binciken ta amfani da baiti 128 na farko na shugaban Ethernet. A zahiri, daidai saboda ana iya yin binciken sama da bytes 128, amma bytes 29 kawai za a iya rubuta, don bincika daidai dole ne a saita kashewa dangane da farkon fakitin. Ana saita kashe kuɗin kowane yanki na ACL lokacin da aka rubuta ƙa'idar farko zuwa gare shi, kuma idan, lokacin rubuta ƙa'idar da ta biyo baya, an gano buƙatun wani ƙari, to ana ɗaukar irin wannan ka'ida ba ta dace da na farko ba kuma an rubuta shi zuwa ga Rahoton da aka ƙayyade na ACL.
Teburin da ke ƙasa yana nuna tsari na dacewa da sharuɗɗan da aka kayyade a cikin ACL. Kowane layi yana ƙunshe da abin rufe fuska-bit wanda ya dace da juna kuma bai dace da sauran layin ba.
Kowane fakitin da ASIC ta sarrafa yana gudanar da bincike mai kama da juna a cikin kowane yanki na ACL. Ana yin rajistan har sai wasan farko a cikin yanki na ACL, amma ana ba da izinin matches da yawa don fakiti ɗaya a cikin sassa daban-daban na ACL. Kowane mutum "dokar" yana da daidai aikin da dole ne a yi idan yanayin (bit-mask) ya dace. Idan wasa ya faru a cikin ɓangarorin ACL da yawa a lokaci ɗaya, to a cikin toshe "Aikin Rikicin Rikici", dangane da fifikon yanki na ACL, an yanke shawarar abin da za a yi. Idan ACL ya ƙunshi duka "aiki" (izni / ƙaryatawa) da "mai gyara ayyuka" (ƙidaya / QoS / log / ...), to idan akwai matches da yawa kawai za a aiwatar da "aikin" mafi girma, yayin da "aiki" -modifier” duk za a kammala. Misalin da ke ƙasa yana nuna cewa za a ƙara yawan ƙididdiga guda biyu kuma za a aiwatar da “ƙin yarda” mafi girma.
tare da ƙarin cikakkun bayanai game da aikin ACL a cikin yankin jama'a akan gidan yanar gizon . Duk wata tambaya da ta taso ko ta saura za a iya yi wa ma'aikatan ofishinmu koyaushe - .
source: www.habr.com