ACLs (Access Control List) ntawm cov khoom siv network tuaj yeem siv tau ob qho tib si hauv kho vajtse thiab software, lossis feem ntau hais lus, kho vajtse thiab software-based ACLs. Thiab yog tias txhua yam yuav tsum paub meej nrog software-based ACLs - cov no yog cov cai uas tau muab khaws cia thiab ua tiav hauv RAM (piv txwv li ntawm Kev Tswj Dav Hlau), nrog rau tag nrho cov kev txwv tom qab, ces peb yuav nkag siab yuav ua li cas kho vajtse-raws li ACLs tau siv thiab ua haujlwm peb. tsab xov xwm. Ua piv txwv, peb yuav siv cov keyboards los ntawm ExtremeSwitching series los ntawm Extreme Networks.
Txij li thaum peb txaus siab rau kho vajtse-raws li ACLs, kev siv sab hauv ntawm Cov Ntaub Ntawv Dav Hlau, lossis cov chipsets tiag tiag (ASICs) siv, yog qhov tseem ceeb rau peb. Tag Nrho Cov Hluav Taws Xob Hluav Taws Xob Hloov Kab yog tsim los ntawm Broadcom ASICs, thiab yog li feem ntau ntawm cov ntaub ntawv hauv qab no kuj tseem yuav muaj tseeb rau lwm cov keyboards ntawm kev ua lag luam uas tau siv rau tib ASICs.
Raws li tuaj yeem pom los ntawm daim duab saum toj no, "ContentAware Cav" yog lub luag haujlwm ncaj qha rau kev ua haujlwm ntawm ACLs hauv chipset, cais rau "ingress" thiab "egress". Architecturally, lawv yog tib yam, tsuas yog "egress" yog tsawg scalable thiab tsis ua hauj lwm. Lub cev, ob qho tib si "ContentAware Engines" yog TCAM lub cim xeeb ntxiv nrog rau cov logic, thiab txhua tus neeg siv lossis txoj cai ACL yog daim npog yooj yim sau rau lub cim xeeb no. Tias yog vim li cas lub chipset txheej txheem tsheb khiav los ntawm pob ntawv thiab tsis muaj kev ua haujlwm degradation.
Lub cev, tib yam Ingress / Egress TCAM, nyob rau hauv lem, muab faib logically rau hauv ob peb ntu (nyob ntawm seb tus nqi ntawm lub cim xeeb nws tus kheej thiab lub platform), lub thiaj li hu ua "ACL slices". Piv txwv li, tib yam tshwm sim nrog lub cev tib HDD ntawm koj lub khoos phis tawj thaum koj tsim ntau qhov kev xav tau ntawm nws - C:>, D:>. Txhua ACL-slice, nyob rau hauv lem, muaj lub cim xeeb hlwb nyob rau hauv daim ntawv ntawm "txoj hlua" qhov twg "txoj cai" (txoj cai / me ntsis qhov ncauj qhov ntswg) sau.
Kev faib ntawm TCAM rau hauv ACL-slices muaj qee qhov laj thawj tom qab nws. Hauv txhua tus ACL-slices, tsuas yog "cov cai" uas sib haum nrog ib leeg tuaj yeem sau tau. Yog tias ib qho ntawm "txoj cai" tsis sib haum nrog yav dhau los, ces nws yuav raug sau rau tom ntej ACL-slice, txawm tias muaj pes tsawg kab dawb rau "txoj cai" raug tso rau hauv ib qho dhau los.
Qhov kev sib raug zoo lossis kev tsis sib haum xeeb ntawm ACL cov cai tuaj qhov twg? Qhov tseeb yog tias ib qho TCAM "kab", qhov twg "txoj cai" tau sau, muaj qhov ntev ntawm 232 cov khoom thiab muab faib ua ntau thaj chaw - Tsau, Field1, Field2, Field3. 232 me ntsis lossis 29 byte TCAM nco yog txaus los sau lub ntsej muag me ntsis ntawm ib qho MAC lossis IP chaw nyob, tab sis tsawg dua li tag nrho Ethernet pob ntawv header. Nyob rau hauv txhua tus neeg ACL-slice, ASIC ua qhov kev tshawb nrhiav ywj pheej raws li lub ntsej muag me ntsis hauv F1-F3. Feem ntau, qhov kev tshawb nrhiav no tuaj yeem ua tau siv thawj 128 bytes ntawm Ethernet header. Qhov tseeb, qhov tseeb yog vim qhov kev tshawb nrhiav tuaj yeem ua tau ntau dua 128 bytes, tab sis tsuas yog 29 bytes tuaj yeem sau tau, rau kev saib kom raug qhov kev sib txawv yuav tsum tau teeb tsa txheeb ze rau qhov pib ntawm pob ntawv. Qhov offset rau txhua ACL-slice yog teem thaum thawj txoj cai sau rau nws, thiab yog hais tias, thaum sau ib tug tom ntej txoj cai, qhov yuav tsum tau rau lwm offset yog nrhiav tau, ces xws li ib tug txoj cai yog suav tias yog incompatible nrog thawj thiab sau rau lub tom ntej no ACL-slice.
Cov lus hauv qab no qhia qhov kev txiav txim ntawm kev sib raug zoo ntawm cov xwm txheej tau teev tseg hauv ACL. Txhua kab ntawm ib tus neeg muaj cov khoom tsim me ntsis-qhov ncauj qhov ntswg uas sib haum nrog ib leeg thiab tsis sib haum nrog lwm cov kab.
Txhua pob ntawv ua tiav los ntawm ASIC sau ib qho kev sib piv hauv txhua ACL-slice. Kev kuaj xyuas yog ua kom txog thaum thawj qhov sib tw hauv ACL-slice, tab sis ntau qhov sib tw tau tso cai rau tib pob ntawv sib txawv ACL-slices. Txhua tus "txoj cai" muaj qhov sib thooj uas yuav tsum tau ua yog tias qhov xwm txheej (ntsis-pob ntseg) sib phim. Yog tias qhov kev sib tw tshwm sim hauv ob peb ACL-slices ib zaug, tom qab ntawd hauv "Action Conflict Resolution" thaiv, raws li qhov tseem ceeb ntawm ACL-slice, txiav txim siab seb yuav ua li cas. Yog tias ACL muaj ob qho "kev nqis tes ua" (tso cai / tsis lees paub) thiab "kev hloov pauv" (suav / QoS / log / ...), tom qab ntawd yog tias muaj ntau qhov sib tw tsuas yog qhov tseem ceeb dua "kev nqis tes ua" yuav raug tua, thaum "kev nqis tes ua -modifier" yuav ua tiav tag nrho. Cov piv txwv hauv qab no qhia tau hais tias ob lub txee yuav raug nce ntxiv thiab qhov tseem ceeb dua "tsis lees paub" yuav raug tua.
nrog cov ncauj lus kom ntxaws ntxiv txog kev ua haujlwm ntawm ACL hauv pej xeem sau npe ntawm lub vev xaib . Txhua yam lus nug uas tshwm sim lossis nyob twj ywm tuaj yeem nug rau peb cov neeg ua haujlwm hauv chaw ua haujlwm - .
Tau qhov twg los: www.hab.com