Hiki ke hoʻokō ʻia nā ACL (Access Control List) ma nā ʻaoʻao pūnaewele ma nā lako lako a me nā lako polokalamu, a i ʻole ka ʻōlelo maʻamau, nā lako a me nā ACL e pili ana i ka polokalamu. A inā maopopo nā mea a pau me nā ACL e pili ana i ka polokalamu - he mau lula kēia i mālama ʻia a mālama ʻia i loko o ka RAM (ʻo ia hoʻi ma ka Plane Manaʻo), me nā kaohi a pau e hiki mai ana, a laila e hoʻomaopopo mākou i ka hoʻokō ʻia ʻana o nā ACL i hoʻokumu ʻia i ka hardware a hana i kā mākou. ʻatikala. No ka laʻana, e hoʻohana mākou i nā hoʻololi mai ka moʻo ExtremeSwitching mai Extreme Networks.
No ka mea makemake mākou i nā ACL e pili ana i nā lako, ʻo ka hoʻokō kūloko o ka Plane Data, a i ʻole nā chipsets maoli (ASICs) i hoʻohana ʻia, he mea nui ia iā mākou. Kūkulu ʻia nā laina hoʻololi a pau o Extreme Networks ma Broadcom ASICs, a no laila ʻo ka hapa nui o ka ʻike ma lalo nei e ʻoiaʻiʻo nō hoʻi no nā hoʻololi ʻē aʻe ma ka mākeke i hoʻokō ʻia ma nā ASIC like.
E like me ka mea i ʻike ʻia mai ka kiʻi ma luna, ʻo ka "ContentAware Engine" ke kuleana pololei no ka hana ʻana o nā ACL i ka chipset, kaʻawale no ka "ingress" a me "egress". ʻO ka Architecturally, ua like lākou, ʻo ka "egress" wale nō ka liʻiliʻi a me ka liʻiliʻi o ka hana. Ma ke kino, ʻo nā "ContentAware Engines" he hoʻomanaʻo TCAM me nā loina e pili pū ana, a ʻo kēlā me kēia mea hoʻohana a i ʻole ʻōnaehana ʻōnaehana ACL he mea maʻalahi i kākau ʻia i kēia hoʻomanaʻo. ʻO ia ke kumu e hana ai ka chipset i ka ʻeke kalepa ma ka ʻeke a me ka ʻole o ka hōʻino ʻana i ka hana.
ʻO ke kino, ʻo ka Ingress / Egress TCAM, ua māhele ʻia i loko o nā ʻāpana he nui (e pili ana i ka nui o ka hoʻomanaʻo ponoʻī a me ka paepae), ka mea i kapa ʻia ʻo "ACL slices". No ka laʻana, hiki i ka mea like me ka HDD like ʻole ma kāu kamepiula ke hana ʻoe i nā kaila loiloi ma luna o ia - C:>, D:>. ʻO kēlā me kēia ACL-slice, ma ka huli ʻana, aia nā cell memory ma ke ʻano o "nā kaula" kahi i kākau ʻia ai nā "rules" (rules/bit masks).
ʻO ka māhele o TCAM i nā'āpana ACL he manaʻo ma hope o ia. I loko o kēlā me kēia ʻāpana ACL, hiki ke kākau ʻia nā "rula" i kūpono me kekahi. Inā kūponoʻole kekahi o nā "rula" me ka mea mua, a laila e kākauʻia i ka'āpana ACL e hiki mai ana, me ka nānāʻole i ka nui o nā laina kūʻokoʻa no nā "rules" i koe i ka mua.
No hea mai kēia kūlike a i ʻole like ʻole o nā lula ACL? ʻO ka mea ʻoiaʻiʻo, ʻo kahi "laina" TCAM, kahi i kākau ʻia ai nā "rules", he 232 bits ka lōʻihi a ua māhele ʻia i kekahi mau māla - Paʻa, Field1, Field2, Field3. Ua lawa ka hoʻomanaʻo TCAM 232 bit a i ʻole 29 byte e hoʻopaʻa i ka bit-mask o kahi kikoʻī MAC a i ʻole IP address, akā ʻoi aku ka liʻiliʻi ma mua o ke poʻo poʻomanaʻo Ethernet piha. I kēlā me kēia ACL-slice, hana ka ASIC i kahi nānā kūʻokoʻa e like me ka bit-mask i hoʻonohonoho ʻia ma F1-F3. Ma keʻano laulā, hiki ke hana ʻia kēia nānā me ka hoʻohana ʻana i nā 128 bytes mua o ke poʻo Ethernet. ʻOiaʻiʻo, no ka mea hiki ke hana ʻia ka huli ʻana ma luna o 128 bytes, akā hiki ke kākau ʻia he 29 bytes, no ka nānā pono ʻana pono e hoʻonohonoho ʻia kahi offset e pili ana i ka hoʻomaka o ka ʻeke. Hoʻonoho ʻia ka offset no kēlā me kēia ACL-slice i ka wā i kākau ʻia ai ka lula mua iā ia, a inā, i ka wā e kākau ai i kahi lula ma hope, ʻike ʻia ka pono no ka offset ʻē aʻe, a laila ua manaʻo ʻia kēlā ʻano kānāwai i kūpono ʻole me ka mua a ua kākau ʻia i ka ACL-slice aʻe.
Hōʻike ka papa ma lalo i ke ʻano o ka hoʻohālikelike o nā kūlana i kuhikuhi ʻia ma ka ACL. Loaʻa i kēlā me kēia laina pākahi nā bit-masks i hoʻohālikelike ʻia me nā laina ʻē aʻe.
ʻO kēlā me kēia ʻeke pākahi i hoʻoponopono ʻia e ka ASIC e holo i kahi nānā like i kēlā me kēia ACL-slice. Hana ʻia ka māka a hiki i ka pāʻani mua ma ka ACL-slice, akā ua ʻae ʻia nā pāʻani he nui no ka ʻeke hoʻokahi i nā ʻāpana ACL like ʻole. Loaʻa i kēlā me kēia "rule" kahi hana e pono ai ke hana inā pili ke kūlana (bit-mask). Inā loaʻa kahi pāʻani i kekahi mau ACL-slice i ka manawa hoʻokahi, a laila ma ka poloka "Action Conflict Resolution", e pili ana i ka mea nui o ka ACL-slice, hoʻoholo ʻia kahi hana e hana ai. Inā loaʻa i ka ACL nā "hana" (ʻae / hōʻole) a me "action-modifier" (helu/QoS/log/…), a laila inā he nui nā pāʻani, e hoʻokō ʻia ka "hana" kiʻekiʻe, aʻo ka "hana. -modifier" e pau. Hōʻike ka laʻana ma lalo nei e hoʻonui ʻia nā helu ʻelua a e hoʻokō ʻia ka "hōʻole" kiʻekiʻe.
me ka ʻike kikoʻī hou aku e pili ana i ka hana ʻana o ACL ma ka lehulehu ma ka pūnaewele . Hiki ke nīnau mau ʻia nā nīnau e kū aʻe i ko mākou keʻena limahana - .
Source: www.habr.com