Ma ACLs (Access Control List) pazida zamtaneti zitha kukhazikitsidwa mu hardware ndi mapulogalamu, kapena kuyankhula kwambiri, hardware ndi mapulogalamu a ACLs. Ndipo ngati zonse ziyenera kukhala zomveka bwino ndi ma ACL opangidwa ndi mapulogalamu - awa ndi malamulo omwe amasungidwa ndi kukonzedwa mu RAM (ie pa Control Plane), ndi zoletsa zonse zomwe zikutsatira, ndiye kuti tidzamvetsetsa momwe ma ACL opangidwa ndi hardware amagwiritsidwira ntchito ndikugwira ntchito yathu. nkhani. Mwachitsanzo, tidzagwiritsa ntchito masiwichi kuchokera ku ExtremeSwitching mndandanda kuchokera ku Extreme Networks.
Popeza tili ndi chidwi ndi ma ACL opangidwa ndi hardware, kukhazikitsidwa kwamkati kwa Data Plane, kapena chipsets zenizeni (ASICs) zomwe zimagwiritsidwa ntchito, ndizofunikira kwambiri kwa ife. Mizere yonse yosinthira ya Extreme Networks imamangidwa pa Broadcom ASICs, chifukwa chake zambiri zomwe zili pansipa zidzakhalanso zowona pazosintha zina pamsika zomwe zimakhazikitsidwa pa ma ASIC omwewo.
Monga tikuwonera pachithunzi pamwambapa, "ContentAware Engine" ndiyomwe imayang'anira magwiridwe antchito a ACL mu chipset, padera pa "ingress" ndi "egress". Zomangamanga, ndizofanana, "egress" yokha ndiyosakhazikika komanso yocheperako. Mwakuthupi, onse "ContentAware Engines" ndi kukumbukira kwa TCAM kuphatikiza malingaliro, ndipo wogwiritsa ntchito aliyense kapena dongosolo la ACL ndi chigoba chosavuta cholembedwa kukumbukira uku. Ichi ndichifukwa chake chipset imayendetsa paketi yamagalimoto ndi paketi popanda kuwonongeka kwa magwiridwe antchito.
Mwathupi, TCAM yofanana ya Ingress / Egress, nayonso, imagawidwa momveka m'magawo angapo (malingana ndi kuchuluka kwa kukumbukira komweko ndi nsanja), zomwe zimatchedwa "magawo a ACL". Mwachitsanzo, zomwezo zimachitika ndi thupi lomwelo la HDD pa laputopu yanu mukapanga ma drive angapo omveka pamenepo - C:>, D:>. Chigawo chilichonse cha ACL, chimakhalanso ndi ma cell a kukumbukira ngati "zingwe" pomwe "malamulo" (malamulo / bit masks) amalembedwa.
Kugawidwa kwa TCAM mu ACL-magawo kuli ndi malingaliro ena kumbuyo kwake. Mu aliyense wa ACL-magawo, okha "malamulo" kuti n'zogwirizana ndi mzake akhoza kulembedwa. Ngati aliyense wa "malamulo" sagwirizana ndi yapitayo, ndiye izo zidzalembedwa lotsatira ACL-kagawo, mosasamala kanthu mizere ufulu angati "malamulo" otsala mu yapita.
Nanga kugwilizana kapena kusagwirizana kwa malamulo a ACL kumachokera kuti? Mfundo ndi yakuti "mzere" wa TCAM, kumene "malamulo" amalembedwa, ali ndi kutalika kwa 232 bits ndipo amagawidwa m'madera angapo - Fixed, Field1, Field2, Field3. Memory ya 232 bit kapena 29 byte TCAM ndiyokwanira kujambula chigoba cha adilesi inayake ya MAC kapena IP, koma yocheperako kuposa mutu wonse wa paketi ya Ethernet. Pagawo lililonse la ACL, ASIC imayang'ana payokha malinga ndi kagawo kakang'ono ka F1-F3. Mwambiri, kuyang'ana uku kumatha kuchitidwa pogwiritsa ntchito ma byte 128 oyamba amutu wa Ethernet. Kwenikweni, chifukwa chakuti kufufuzako kungathe kuchitidwa pa ma byte 128, koma ma byte 29 okha ndi omwe angalembedwe, kuti muyang'ane molondola muyenera kuyika poyambira paketi. The offset kwa aliyense ACL-kagawo zimayikidwa pamene lamulo loyamba kulembedwa kwa izo, ndipo ngati, polemba wotsatira lamulo, kufunika kwa kuchotsera wina wapezeka, ndiye lamulo lotero amaonedwa kuti n'zosagwirizana ndi woyamba ndipo linalembedwa kwa lotsatira ACL-gawo.
Gome ili m'munsiyi likuwonetsa dongosolo la kuyanjana kwa zomwe zafotokozedwa mu ACL. Mzere uliwonse uli ndi masks opangidwa omwe amagwirizana wina ndi mzake komanso osagwirizana ndi mizere ina.
Paketi iliyonse yomwe imakonzedwa ndi ASIC imayendetsa kuyang'ana kofananira pagawo lililonse la ACL. The cheke ikuchitika mpaka machesi woyamba mu ACL-kagawo, koma machesi angapo amaloledwa paketi yomweyo osiyana ACL-magawo. "Lamulo" la munthu aliyense limakhala ndi chochita chomwe chiyenera kuchitidwa ngati chikhalidwe (bit-mask) chikufanana. Ngati machesi amapezeka angapo ACL-magawo kamodzi, ndiye mu "Action Conflict Kuthetsa" chipika, zochokera patsogolo pa ACL-kagawo, chigamulo wapanga kanthu kuchita. Ngati ACL ili ndi zonse "zochita" (chilolezo / kukana) ndi "zosintha zochita" (kuwerengera / QoS / chipika / ...), ndiye kuti ngati pali machesi angapo "zochita" zomwe ndizofunikira kwambiri zidzachitidwa, pamene "kuchita" -modifier" zonse zidzamalizidwa. Chitsanzo chomwe chili pansipa chikuwonetsa kuti zowerengera zonse ziwiri zidzachulukitsidwa ndipo "kukana" kwapamwamba kudzachitidwa.
ndi zambiri mwatsatanetsatane za ntchito ACL mu ankalamulira anthu pa webusaiti . Mafunso aliwonse omwe angabwere kapena kutsalira amatha kufunsidwa nthawi zonse kwa ogwira ntchito kuofesi yathu - .
Source: www.habr.com